We have a root domain and 6 child domains setup. After some digging we found that 3 of the child domain controllers are missing some registry keys. The keys are located in <!-- /* Font Definitions */ @font-face {font-family:"Cambria Math"; panose-1:2 4 5 3 5 4 6 3 2 4; mso-font-charset:0; mso-generic-font-family:roman; mso-font-pitch:variable; mso-font-signature:-1610611985 1107304683 0 0 159 0;} @font-face {font-family:Calibri; panose-1:2 15 5 2 2 2 4 3 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:-1610611985 1073750139 0 0 159 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-unhide:no; mso-style-qformat:yes; mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-fareast-font-family:Calibri; mso-fareast-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman";} .MsoChpDefault {mso-style-type:export-only; mso-default-props:yes; font-size:10.0pt; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt;} @page WordSection1 {size:8.5in 11.0in; margin:1.0in 1.0in 1.0in 1.0in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.WordSection1 {page:WordSection1;} --> HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS. All of our DCs have Diagnostics, Parameters, and RID Values but 3 of them are missing Performance and Security. Basically this issue has caused some problems with our Monitoring software that we are using and its throwing up unnecessary errors because it cant communicate with WMI due to these missing registry keys. Anything we can do to solve this problem is greatly appreciated. Thanks in advance for your help.

Hello, before playing around in the registry of domain controllers make sure the domain and the DCS are healthy with the support tools: dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt netdiag /v >c:\netdiag.txt [from each DC, netdiag may work but isn't supported with Windows server 2008 and higher] repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then one DC exists) dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) If errors are listed and as the output will become large, DON'T post them into the thread, please use Windows Sky Drive. Also the dcdiag scans the complete forest, so better run it on COB.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Hi, I tried a number of different things including enabling/disabling the libraries with exctrlst to try to back into a solution, but it appears that the keys need to be imported from another DC. I will post some of the stuff that I tried below. exctrlst was used to find that the counters are served by ntdsperf.dll and have two associated services, NTDS and DirectoryServices. Disabling the counters only had an effect on these keys, [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NTDS\Performance] "Disable Performance Counters"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\DirectoryServices\Performance] "Disable Performance Counters"=dword:00000001 I then tried various steps to verify, salvage, and rebuild the MOF for NTDS, but none of these recreated the necessary keys. Anyway, I did some research and found this blog, http://blogs.technet.com/b/brad_rutkowski/archive/2009/03/19/ntds-performance-counters-missing.aspx It appears that you can export the key from another working controller and import it. You then probably have to do a lodctr /R to get it to reappear. It also appears that ntdsctrs.inf and ntds.inf are responsible for registering the counters if you do not use the /R argument for lodctr. I found that there is another related key that might also be missing, HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DirectoryServices\Performance exctrlst: http://www.microsoft.com/downloads/details.aspx?familyid=7ff99683-b7ec-4da6-92ab-793193604ba4&displaylang=en NTDS and DirectoryServices performance counters: http://technet.microsoft.com/en-us/library/cc754463%28WS.10%29.aspx#BKMK_Perf -- Mike Burr

Ran the diagnostics on all the domain controllers. Here are the results. https://cid-0dcf6fdfc6619c2d.skydrive.live.com/redir.aspx?resid=DCF6FDFC6619C2D!105&Bpub=SDX.Docs&Bsrc=GetSharingLink&authkey=4Kjf6hAE36k%24 I noticed a few errors that said the RPC is unavailable as well as a few others. Thanks

Hello, RPC errors can belong to firewall configuration settings, check with: http://technet.microsoft.com/en-us/library/dd772723(WS.10).aspx New encryption levels exists "The requested etypes were 18. The accounts available etypes were 23 -133 -128 3 1": http://support.microsoft.com/kb/977321 Please check the connectivity to the other machines of it's child domain and also the services running on it. How is DNS configured for the other xxx.creeknation.net domains? If you run the dcdiag commands with /e on the separate domains are there also errors listed? Your FORWARDERS sometime use domain DNS servers, make sure you don't run into a loop that way for name resolution.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

Could the RPC errors have to do with a windows firewall? Also i looked through the log files i uploaded and was unable to locate the error about encryption. Do you remember which file this was located in? Thanks

Could the RPC errors have to do with a windows firewall? Also i looked through the log files i uploaded and was unable to locate the error about encryption. Do you remember which file this was located in? Thanks Hello, RPC can belong to firewall problems, yes. Also check: http://support.microsoft.com/kb/929851/en-us In the dcdiag file the encryption error is lcoated.Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

We have turned off all firewalls and are still looking into the encryption issue. I also went ahead and tried the export import of the key we were missing. I exported a working key from another DC and imported it and ran the lodctr /r and then lodctr/q:NTDS and it shows the following C:\Windows\System32>lodctr /q:NTDS Performance Counter ID Queries [PERFLIB]: Base Index: 0x00000737 (1847) Last Counter Text ID: 0x00001A76 (6774) Last Help Text ID: 0x00001A77 (6775) Still doesnt say that they are enabled. Would this require a reboot? Thanks

Did some checking and we have 3 servers that are working correctly for performance monitoring with no issues and they are showing the same result as the ones that do not work. When we run the lodctr /q:NTDS it never says that anything is enabled. Any ideas on this? Thanks

Did some checking and we have 3 servers that are working correctly for performance monitoring with no issues and they are showing the same result as the ones that do not work. When we run the lodctr /q:NTDS it never says that anything is enabled. Any ideas on this? Thanks Here's an example where it says enabled. C:\Windows\system32>lodctr /q:NTDS Performance Counter ID Queries [PERFLIB]: Base Index: 0×00000737 (1847) Last Counter Text ID: 0×00001794 (6036) Last Help Text ID: 0×00001795 (6037) [NTDS] Performance Counters (Enabled) DLL Name: %systemroot%\system32\ntdsperf.dll Open Procedure: OpenNtdsPerformanceData Collect Procedure: CollectNtdsPerformanceData Close Procedure: CloseNtdsPerformanceData First Counter ID: 0×000009DE (2526) Last Counter ID: 0×000009DE (2526) First Help ID: 0×000009DF (2527) Last Help ID: 0×000009DF (2527)================================================== Gabe Rosas - Systems Engineer, Monitoring Services CCNA, MCTS, ITILv3 CCNP SWITCH Passed! CCNP ROUTE in progress 70-646 In progress

We were finally able to get this resolved through contacting MS Support. Thanks