Meissa Schwaller
asked on
Group Policy Issues after retiring old DNS Servers
We have 4 domain controllers & we recently retired 2 of our dns servers & added 2 new ones. All 4 DCs have the correct DNS settings & are showing no AD or Sysvol Replication errors. If I create a new PC I get the correct updated GPOs but after a few days the machine reverts to old GPO settings from 6 months ago. When I check out the GPOs on the DCs the AD & Sysvol versions match but when a PC is having issues they dont match when I run gpresults on that PC. Any ideas on how to fix & why this is happening. Our DCs are WIndows 2008 R2 & 2008. Our PCs are WIndows 7. - Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine OCVM02, is a Directory Server.
Home Server = OCVM02
* Connecting to directory service on server OCVM02.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v,LDAP_SCO PE_SUBTREE ,(objectCa tegory=ntD SSiteSetti ngs),..... ..
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v,LDAP_SCO PE_SUBTREE ,(objectCl ass=ntDSDs a),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCFS10,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCVM17,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCFS0,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 4 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\OC VM02
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCVM02 passed test Connectivity
Testing server: Default-First-Site-Name\OC FS10
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCFS10 passed test Connectivity
Testing server: Default-First-Site-Name\OC VM17
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCVM17 passed test Connectivity
Testing server: Default-First-Site-Name\OC FS0
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCFS0 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\OC VM02
Starting test: Advertising
The DC OCVM02 is advertising itself as a DC and having a DS.
The DC OCVM02 is advertising as an LDAP server
The DC OCVM02 is advertising as having a writeable directory
The DC OCVM02 is advertising as a Key Distribution Center
The DC OCVM02 is advertising as a time server
The DS OCVM02 is advertising as a GC.
......................... OCVM02 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... OCVM02 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCVM02 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCVM02 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCVM02 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
......................... OCVM02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCVM02 on DC OCVM02.
* SPN found :LDAP/OCVM02.ocdom.gov/ocd om.gov
* SPN found :LDAP/OCVM02.ocdom.gov
* SPN found :LDAP/OCVM02
* SPN found :LDAP/OCVM02.ocdom.gov/OCD OM
* SPN found :LDAP/09e3728e-d9b1-4b35-9 19c-e797f6 f30b5c._ms dcs.ocdom. gov
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/09e3728e -d9b1-4b35 -919c-e797 f6f30b5c/o cdom.gov
* SPN found :HOST/OCVM02.ocdom.gov/ocd om.gov
* SPN found :HOST/OCVM02.ocdom.gov
* SPN found :HOST/OCVM02
* SPN found :HOST/OCVM02.ocdom.gov/OCD OM
* SPN found :GC/OCVM02.ocdom.gov/ocdom .gov
......................... OCVM02 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCVM02.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom, DC=gov
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCVM02 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCVM02\netlogon
Verified share \\OCVM02\sysvol
......................... OCVM02 passed test NetLogons
Starting test: ObjectsReplicated
OCVM02 is in domain DC=ocdom,DC=gov
Checking for CN=OCVM02,OU=Domain Controllers,DC=ocdom,DC=go v in domain DC=ocdom,DC=gov on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov in domain CN=Configuration,DC=ocdom, DC=gov on 4 servers
Object is up-to-date on all servers.
......................... OCVM02 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCVM02 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8302 to 8801
* rIDPreviousAllocationPool is 5802 to 6301
* rIDNextRID: 6159
......................... OCVM02 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCVM02 passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:10
Event String:
Driver HP ePrint required for printer HP ePrint is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:38
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:39
Event String:
Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to install the driver before you log in again.
......................... OCVM02 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCVM02,OU=Domain Controllers,DC=ocdom,DC=go v and backlink on
CN=OCVM02,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =ocdom,DC= gov
are correct.
The system object reference (serverReferenceBL)
CN=OCVM02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom ,DC=gov
and backlink on
CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
are correct.
......................... OCVM02 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC FS10
Starting test: Advertising
The DC OCFS10 is advertising itself as a DC and having a DS.
The DC OCFS10 is advertising as an LDAP server
The DC OCFS10 is advertising as having a writeable directory
The DC OCFS10 is advertising as a Key Distribution Center
The DC OCFS10 is advertising as a time server
......................... OCFS10 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 01:10:23
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCFS10 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCFS10 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCFS10 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCFS10 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCFS10 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
......................... OCFS10 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCFS10 on DC OCFS10.
* SPN found :LDAP/OCFS10.ocdom.gov/ocd om.gov
* SPN found :LDAP/OCFS10.ocdom.gov
* SPN found :LDAP/OCFS10
* SPN found :LDAP/OCFS10.ocdom.gov/OCD OM
* SPN found :LDAP/a1bc33f4-fcde-4361-a a8c-15733b 1b6452._ms dcs.ocdom. gov
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/a1bc33f4 -fcde-4361 -aa8c-1573 3b1b6452/o cdom.gov
* SPN found :HOST/OCFS10.ocdom.gov/ocd om.gov
* SPN found :HOST/OCFS10.ocdom.gov
* SPN found :HOST/OCFS10
* SPN found :HOST/OCFS10.ocdom.gov/OCD OM
* SPN found :GC/OCFS10.ocdom.gov/ocdom .gov
......................... OCFS10 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCFS10.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom, DC=gov
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCFS10 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCFS10\netlogon
Verified share \\OCFS10\sysvol
......................... OCFS10 passed test NetLogons
Starting test: ObjectsReplicated
OCFS10 is in domain DC=ocdom,DC=gov
Checking for CN=OCFS10,OU=Domain Controllers,DC=ocdom,DC=go v in domain DC=ocdom,DC=gov on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCFS10,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov in domain CN=Configuration,DC=ocdom, DC=gov on 4 servers
Object is up-to-date on all servers.
......................... OCFS10 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCFS10 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6302 to 6801
* rIDPreviousAllocationPool is 6302 to 6801
* rIDNextRID: 6545
......................... OCFS10 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCFS10 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCFS10 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCFS10,OU=Domain Controllers,DC=ocdom,DC=go v and backlink on
CN=OCFS10,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =ocdom,DC= gov
are correct.
The system object reference (serverReferenceBL)
CN=OCFS10,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom ,DC=gov
and backlink on
CN=NTDS Settings,CN=OCFS10,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
are correct.
......................... OCFS10 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC VM17
Starting test: Advertising
The DC OCVM17 is advertising itself as a DC and having a DS.
The DC OCVM17 is advertising as an LDAP server
The DC OCVM17 is advertising as having a writeable directory
The DC OCVM17 is advertising as a Key Distribution Center
The DC OCVM17 is advertising as a time server
The DS OCVM17 is advertising as a GC.
......................... OCVM17 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 04:01:13
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCVM17 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCVM17 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCVM17 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCVM17 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCVM17 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
......................... OCVM17 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCVM17 on DC OCVM17.
* SPN found :LDAP/OCVM17.ocdom.gov/ocd om.gov
* SPN found :LDAP/OCVM17.ocdom.gov
* SPN found :LDAP/OCVM17
* SPN found :LDAP/OCVM17.ocdom.gov/OCD OM
* SPN found :LDAP/12b21ca9-c4a6-4eb7-8 061-42bb92 e43bf0._ms dcs.ocdom. gov
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/12b21ca9 -c4a6-4eb7 -8061-42bb 92e43bf0/o cdom.gov
* SPN found :HOST/OCVM17.ocdom.gov/ocd om.gov
* SPN found :HOST/OCVM17.ocdom.gov
* SPN found :HOST/OCVM17
* SPN found :HOST/OCVM17.ocdom.gov/OCD OM
* SPN found :GC/OCVM17.ocdom.gov/ocdom .gov
......................... OCVM17 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCVM17.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom, DC=gov
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCVM17 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCVM17\netlogon
Verified share \\OCVM17\sysvol
......................... OCVM17 passed test NetLogons
Starting test: ObjectsReplicated
OCVM17 is in domain DC=ocdom,DC=gov
Checking for CN=OCVM17,OU=Domain Controllers,DC=ocdom,DC=go v in domain DC=ocdom,DC=gov on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCVM17,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov in domain CN=Configuration,DC=ocdom, DC=gov on 4 servers
Object is up-to-date on all servers.
......................... OCVM17 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCVM17 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8802 to 9301
* rIDPreviousAllocationPool is 8802 to 9301
* rIDNextRID: 8809
......................... OCVM17 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCVM17 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCVM17 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCVM17,OU=Domain Controllers,DC=ocdom,DC=go v and backlink on
CN=OCVM17,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =ocdom,DC= gov
are correct.
The system object reference (serverReferenceBL)
CN=OCVM17,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom ,DC=gov
and backlink on
CN=NTDS Settings,CN=OCVM17,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
are correct.
......................... OCVM17 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC FS0
Starting test: Advertising
The DC OCFS0 is advertising itself as a DC and having a DS.
The DC OCFS0 is advertising as an LDAP server
The DC OCFS0 is advertising as having a writeable directory
The DC OCFS0 is advertising as a Key Distribution Center
The DC OCFS0 is advertising as a time server
The DS OCFS0 is advertising as a GC.
......................... OCFS0 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 04:19:22
Event String:
The File Replication Service is having trouble enabling replication from OCVM02.ocdom.gov to OCFS0 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 06:01:19
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCFS0 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCFS0 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCFS0 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCFS0 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCFS0 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
......................... OCFS0 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCFS0 on DC OCFS0.
* SPN found :LDAP/OCFS0.ocdom.gov/ocdo m.gov
* SPN found :LDAP/OCFS0.ocdom.gov
* SPN found :LDAP/OCFS0
* SPN found :LDAP/OCFS0.ocdom.gov/OCDO M
* SPN found :LDAP/44415704-7651-410c-a e74-4b5a46 e9dd9b._ms dcs.ocdom. gov
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/44415704 -7651-410c -ae74-4b5a 46e9dd9b/o cdom.gov
* SPN found :HOST/OCFS0.ocdom.gov/ocdo m.gov
* SPN found :HOST/OCFS0.ocdom.gov
* SPN found :HOST/OCFS0
* SPN found :HOST/OCFS0.ocdom.gov/OCDO M
* SPN found :GC/OCFS0.ocdom.gov/ocdom. gov
......................... OCFS0 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCFS0.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom ,DC=gov
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom, DC=gov
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCFS0 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCFS0\netlogon
Verified share \\OCFS0\sysvol
......................... OCFS0 passed test NetLogons
Starting test: ObjectsReplicated
OCFS0 is in domain DC=ocdom,DC=gov
Checking for CN=OCFS0,OU=Domain Controllers,DC=ocdom,DC=go v in domain DC=ocdom,DC=gov on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCFS0,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v in domain CN=Configuration,DC=ocdom, DC=gov on 4 servers
Object is up-to-date on all servers.
......................... OCFS0 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom ,DC=gov
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom, DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCFS0 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9302 to 9801
* rIDPreviousAllocationPool is 9302 to 9801
* rIDNextRID: 9303
......................... OCFS0 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on OCFS0, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... OCFS0 failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCFS0 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCFS0,OU=Domain Controllers,DC=ocdom,DC=go v and backlink on
CN=OCFS0,CN=Servers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= ocdom,DC=g ov
are correct.
The system object reference (serverReferenceBL)
CN=OCFS0,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom ,DC=gov
and backlink on
CN=NTDS Settings,CN=OCFS0,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=o cdom,DC=go v
are correct.
......................... OCFS0 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ocdom
Starting test: CheckSDRefDom
......................... ocdom passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ocdom passed test CrossRefValidation
Running enterprise tests on : ocdom.gov
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
PDC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
Time Server Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
KDC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
......................... ocdom.gov passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ocdom.gov passed test Intersite
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OC VM02
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 09e3728e-d9b1-4b35-919c-e7 97f6f30b5c
DSA invocationID: 93c6a9d0-be85-409a-9bea-ad 278137d439
==== INBOUND NEIGHBORS ========================== ========== ==
DC=ocdom,DC=gov
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-27 09:18:09 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-27 09:18:27 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-27 09:18:48 was successful.
CN=Configuration,DC=ocdom, DC=gov
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-27 09:07:11 was successful.
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-27 09:07:11 was successful.
DC=DomainDnsZones,DC=ocdom ,DC=gov
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-27 09:10:31 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-27 09:10:34 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-27 09:10:37 was successful.
DC=ForestDnsZones,DC=ocdom ,DC=gov
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-27 09:07:11 was successful.
Thank you
Performing initial setup:
Trying to find home server...
* Verifying that the local machine OCVM02, is a Directory Server.
Home Server = OCVM02
* Connecting to directory service on server OCVM02.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=OCVM02,CN=Serv
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCFS10,CN=Serv
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCVM17,CN=Serv
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=OCFS0,CN=Serve
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 4 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\OC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCVM02 passed test Connectivity
Testing server: Default-First-Site-Name\OC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCFS10 passed test Connectivity
Testing server: Default-First-Site-Name\OC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCVM17 passed test Connectivity
Testing server: Default-First-Site-Name\OC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... OCFS0 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\OC
Starting test: Advertising
The DC OCVM02 is advertising itself as a DC and having a DS.
The DC OCVM02 is advertising as an LDAP server
The DC OCVM02 is advertising as having a writeable directory
The DC OCVM02 is advertising as a Key Distribution Center
The DC OCVM02 is advertising as a time server
The DS OCVM02 is advertising as a GC.
......................... OCVM02 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... OCVM02 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCVM02 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCVM02 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCVM02 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
......................... OCVM02 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCVM02 on DC OCVM02.
* SPN found :LDAP/OCVM02.ocdom.gov/ocd
* SPN found :LDAP/OCVM02.ocdom.gov
* SPN found :LDAP/OCVM02
* SPN found :LDAP/OCVM02.ocdom.gov/OCD
* SPN found :LDAP/09e3728e-d9b1-4b35-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/OCVM02.ocdom.gov/ocd
* SPN found :HOST/OCVM02.ocdom.gov
* SPN found :HOST/OCVM02
* SPN found :HOST/OCVM02.ocdom.gov/OCD
* SPN found :GC/OCVM02.ocdom.gov/ocdom
......................... OCVM02 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCVM02.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom,
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCVM02 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCVM02\netlogon
Verified share \\OCVM02\sysvol
......................... OCVM02 passed test NetLogons
Starting test: ObjectsReplicated
OCVM02 is in domain DC=ocdom,DC=gov
Checking for CN=OCVM02,OU=Domain Controllers,DC=ocdom,DC=go
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCVM02,CN=Serv
Object is up-to-date on all servers.
......................... OCVM02 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom,
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCVM02 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8302 to 8801
* rIDPreviousAllocationPool is 5802 to 6301
* rIDNextRID: 6159
......................... OCVM02 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCVM02 passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:10
Event String:
Driver HP ePrint required for printer HP ePrint is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:38
Event String:
Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you log in again.
An Error Event occurred. EventID: 0x00000457
Time Generated: 08/27/2014 09:18:39
Event String:
Driver PDF Complete Converter required for printer PDF Complete is unknown. Contact the administrator to install the driver before you log in again.
......................... OCVM02 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCVM02,OU=Domain Controllers,DC=ocdom,DC=go
CN=OCVM02,CN=Servers,CN=De
are correct.
The system object reference (serverReferenceBL)
CN=OCVM02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom
and backlink on
CN=NTDS Settings,CN=OCVM02,CN=Serv
are correct.
......................... OCVM02 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC
Starting test: Advertising
The DC OCFS10 is advertising itself as a DC and having a DS.
The DC OCFS10 is advertising as an LDAP server
The DC OCFS10 is advertising as having a writeable directory
The DC OCFS10 is advertising as a Key Distribution Center
The DC OCFS10 is advertising as a time server
......................... OCFS10 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 01:10:23
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCFS10 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCFS10 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCFS10 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCFS10 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCFS10 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
......................... OCFS10 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCFS10 on DC OCFS10.
* SPN found :LDAP/OCFS10.ocdom.gov/ocd
* SPN found :LDAP/OCFS10.ocdom.gov
* SPN found :LDAP/OCFS10
* SPN found :LDAP/OCFS10.ocdom.gov/OCD
* SPN found :LDAP/a1bc33f4-fcde-4361-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/OCFS10.ocdom.gov/ocd
* SPN found :HOST/OCFS10.ocdom.gov
* SPN found :HOST/OCFS10
* SPN found :HOST/OCFS10.ocdom.gov/OCD
* SPN found :GC/OCFS10.ocdom.gov/ocdom
......................... OCFS10 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCFS10.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom,
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCFS10 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCFS10\netlogon
Verified share \\OCFS10\sysvol
......................... OCFS10 passed test NetLogons
Starting test: ObjectsReplicated
OCFS10 is in domain DC=ocdom,DC=gov
Checking for CN=OCFS10,OU=Domain Controllers,DC=ocdom,DC=go
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCFS10,CN=Serv
Object is up-to-date on all servers.
......................... OCFS10 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom,
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCFS10 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6302 to 6801
* rIDPreviousAllocationPool is 6302 to 6801
* rIDNextRID: 6545
......................... OCFS10 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCFS10 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCFS10 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCFS10,OU=Domain Controllers,DC=ocdom,DC=go
CN=OCFS10,CN=Servers,CN=De
are correct.
The system object reference (serverReferenceBL)
CN=OCFS10,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom
and backlink on
CN=NTDS Settings,CN=OCFS10,CN=Serv
are correct.
......................... OCFS10 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC
Starting test: Advertising
The DC OCVM17 is advertising itself as a DC and having a DS.
The DC OCVM17 is advertising as an LDAP server
The DC OCVM17 is advertising as having a writeable directory
The DC OCVM17 is advertising as a Key Distribution Center
The DC OCVM17 is advertising as a time server
The DS OCVM17 is advertising as a GC.
......................... OCVM17 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 04:01:13
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCVM17 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCVM17 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCVM17 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCVM17 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCVM17 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
......................... OCVM17 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCVM17 on DC OCVM17.
* SPN found :LDAP/OCVM17.ocdom.gov/ocd
* SPN found :LDAP/OCVM17.ocdom.gov
* SPN found :LDAP/OCVM17
* SPN found :LDAP/OCVM17.ocdom.gov/OCD
* SPN found :LDAP/12b21ca9-c4a6-4eb7-8
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/OCVM17.ocdom.gov/ocd
* SPN found :HOST/OCVM17.ocdom.gov
* SPN found :HOST/OCVM17
* SPN found :HOST/OCVM17.ocdom.gov/OCD
* SPN found :GC/OCVM17.ocdom.gov/ocdom
......................... OCVM17 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCVM17.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom,
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCVM17 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCVM17\netlogon
Verified share \\OCVM17\sysvol
......................... OCVM17 passed test NetLogons
Starting test: ObjectsReplicated
OCVM17 is in domain DC=ocdom,DC=gov
Checking for CN=OCVM17,OU=Domain Controllers,DC=ocdom,DC=go
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCVM17,CN=Serv
Object is up-to-date on all servers.
......................... OCVM17 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom,
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCVM17 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8802 to 9301
* rIDPreviousAllocationPool is 8802 to 9301
* rIDNextRID: 8809
......................... OCVM17 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... OCVM17 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCVM17 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCVM17,OU=Domain Controllers,DC=ocdom,DC=go
CN=OCVM17,CN=Servers,CN=De
are correct.
The system object reference (serverReferenceBL)
CN=OCVM17,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom
and backlink on
CN=NTDS Settings,CN=OCVM17,CN=Serv
are correct.
......................... OCVM17 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Default-First-Site-Name\OC
Starting test: Advertising
The DC OCFS0 is advertising itself as a DC and having a DS.
The DC OCFS0 is advertising as an LDAP server
The DC OCFS0 is advertising as having a writeable directory
The DC OCFS0 is advertising as a Key Distribution Center
The DC OCFS0 is advertising as a time server
The DS OCFS0 is advertising as a GC.
......................... OCFS0 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 04:19:22
Event String:
The File Replication Service is having trouble enabling replication from OCVM02.ocdom.gov to OCFS0 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 08/27/2014 06:01:19
Event String:
The File Replication Service is having trouble enabling replication from OCVM02 to OCFS0 for c:\windows\sysvol\domain using the DNS name OCVM02.ocdom.gov. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name OCVM02.ocdom.gov from this computer.
[2] FRS is not running on OCVM02.ocdom.gov.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... OCFS0 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... OCFS0 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... OCFS0 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... OCFS0 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=OCVM02,CN=Serv
......................... OCFS0 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC OCFS0 on DC OCFS0.
* SPN found :LDAP/OCFS0.ocdom.gov/ocdo
* SPN found :LDAP/OCFS0.ocdom.gov
* SPN found :LDAP/OCFS0
* SPN found :LDAP/OCFS0.ocdom.gov/OCDO
* SPN found :LDAP/44415704-7651-410c-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/OCFS0.ocdom.gov/ocdo
* SPN found :HOST/OCFS0.ocdom.gov
* SPN found :HOST/OCFS0
* SPN found :HOST/OCFS0.ocdom.gov/OCDO
* SPN found :GC/OCFS0.ocdom.gov/ocdom.
......................... OCFS0 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC OCFS0.
* Security Permissions Check for
DC=ForestDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=ocdom
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ocdom,
(Configuration,Version 3)
* Security Permissions Check for
DC=ocdom,DC=gov
(Domain,Version 3)
......................... OCFS0 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\OCFS0\netlogon
Verified share \\OCFS0\sysvol
......................... OCFS0 passed test NetLogons
Starting test: ObjectsReplicated
OCFS0 is in domain DC=ocdom,DC=gov
Checking for CN=OCFS0,OU=Domain Controllers,DC=ocdom,DC=go
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=OCFS0,CN=Serve
Object is up-to-date on all servers.
......................... OCFS0 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ocdom
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ocdom,
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ocdom,DC=gov
Latency information for 10 entries in the vector were ignored.
10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... OCFS0 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 9802 to 1073741823
* OCVM02.ocdom.gov is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9302 to 9801
* rIDPreviousAllocationPool is 9302 to 9801
* rIDNextRID: 9303
......................... OCFS0 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on OCFS0, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... OCFS0 failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... OCFS0 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=OCFS0,OU=Domain Controllers,DC=ocdom,DC=go
CN=OCFS0,CN=Servers,CN=Def
are correct.
The system object reference (serverReferenceBL)
CN=OCFS0,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ocdom
and backlink on
CN=NTDS Settings,CN=OCFS0,CN=Serve
are correct.
......................... OCFS0 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ocdom
Starting test: CheckSDRefDom
......................... ocdom passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ocdom passed test CrossRefValidation
Running enterprise tests on : ocdom.gov
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
PDC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
Time Server Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
KDC Name: \\OCVM02.ocdom.gov
Locator Flags: 0xe00013fd
......................... ocdom.gov passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ocdom.gov passed test Intersite
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 09e3728e-d9b1-4b35-919c-e7
DSA invocationID: 93c6a9d0-be85-409a-9bea-ad
==== INBOUND NEIGHBORS ==========================
DC=ocdom,DC=gov
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-27 09:18:09 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-27 09:18:27 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-27 09:18:48 was successful.
CN=Configuration,DC=ocdom,
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-27 09:07:11 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-27 09:07:11 was successful.
DC=DomainDnsZones,DC=ocdom
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-27 09:10:31 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-27 09:10:34 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-27 09:10:37 was successful.
DC=ForestDnsZones,DC=ocdom
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-27 08:52:11 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-27 09:07:11 was successful.
Thank you
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
When I run gpresult the correct GPO is applied but the new settings I added a few weeks ago are not even attempting to be be applied. Its applying OLD settings from the GPO from like 6 months ago. When I look at the GPO on the domain controller the AD & Sysvol versions are the same but they are not when I run gpresult on the PCs. I attached a screen shot.
GPO's are being applied to the Domain or directly to the OU's.
Yes I've tried creating a new GPO & block inheritance with no luck too.
C:\Users\administrator.OCD OM>repadmi n /showrepl
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OC VM02
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 09e3728e-d9b1-4b35-919c-e7 97f6f30b5c
DSA invocationID: 93c6a9d0-be85-409a-9bea-ad 278137d439
==== INBOUND NEIGHBORS ========================== ========== ==
DC=ocdom,DC=gov
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-28 09:15:22 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-28 09:15:35 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-28 09:15:40 was successful.
CN=Configuration,DC=ocdom, DC=gov
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-28 09:13:27 was successful.
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-28 09:13:51 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-28 09:13:57 was successful.
CN=Schema,CN=Configuration ,DC=ocdom, DC=gov
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-28 09:07:09 was successful.
DC=DomainDnsZones,DC=ocdom ,DC=gov
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-28 09:01:18 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-28 09:01:21 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-28 09:07:09 was successful.
DC=ForestDnsZones,DC=ocdom ,DC=gov
Default-First-Site-Name\OC VM17 via RPC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42 bb92e43bf0
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC FS0 via RPC
DSA object GUID: 44415704-7651-410c-ae74-4b 5a46e9dd9b
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC FS10 via RPC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15 733b1b6452
Last attempt @ 2014-08-28 09:07:09 was successful.
GPresults.PNG
GPO's are being applied to the Domain or directly to the OU's.
Yes I've tried creating a new GPO & block inheritance with no luck too.
C:\Users\administrator.OCD
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\OC
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 09e3728e-d9b1-4b35-919c-e7
DSA invocationID: 93c6a9d0-be85-409a-9bea-ad
==== INBOUND NEIGHBORS ==========================
DC=ocdom,DC=gov
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-28 09:15:22 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-28 09:15:35 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-28 09:15:40 was successful.
CN=Configuration,DC=ocdom,
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-28 09:13:27 was successful.
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-28 09:13:51 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-28 09:13:57 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-28 09:07:09 was successful.
DC=DomainDnsZones,DC=ocdom
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-28 09:01:18 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-28 09:01:21 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-28 09:07:09 was successful.
DC=ForestDnsZones,DC=ocdom
Default-First-Site-Name\OC
DSA object GUID: 12b21ca9-c4a6-4eb7-8061-42
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC
DSA object GUID: 44415704-7651-410c-ae74-4b
Last attempt @ 2014-08-28 08:52:09 was successful.
Default-First-Site-Name\OC
DSA object GUID: a1bc33f4-fcde-4361-aa8c-15
Last attempt @ 2014-08-28 09:07:09 was successful.
GPresults.PNG
ASKER
Thanks for your help but we ended finding the issues in the event viewer. It was a replication error.
ASKER
I've requested that this question be closed as follows:
Accepted answer: 0 points for ocontoco's comment #a40304108
for the following reason:
We ended up finding the issue on our own.
Accepted answer: 0 points for ocontoco's comment #a40304108
for the following reason:
We ended up finding the issue on our own.
I think I pointed out the possible source in my first post. The other expert helped you with the analysis of a very long log. Please, distribute the points accordingly.
I think I pointed out the possible source in my first post. The other expert helped you with the analysis of a very long log. Please, distribute the points accordingly.
I think I pointed out the possible source in my first post. The other expert helped you with the analysis of a very long log. Please, distribute the points accordingly.
dcdiag /v /e >c:\dcdiag.txt
repadmin /showrepl >c:\repadmin.txt