RPC Server Unavailable (Error 1722)
Hi!
When running "dcdiag" on 2 of our 3 Domain controllers we get the attached errors. When running "dcdiag" on the server triggering the errors (DOMAIN-DC2) everything is ok.
DOMAIN-DC1 and DOMAIN-DC2 are both Windows 2012 R2 Standard Domain Controllers. I have no antivirus software installed that could be causing the problem.
Any help greatly appreciated!
When running "dcdiag" on 2 of our 3 Domain controllers we get the attached errors. When running "dcdiag" on the server triggering the errors (DOMAIN-DC2) everything is ok.
DOMAIN-DC1 and DOMAIN-DC2 are both Windows 2012 R2 Standard Domain Controllers. I have no antivirus software installed that could be causing the problem.
Any help greatly appreciated!
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = DOMAIN-DC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\DOMAIN-DC1
Starting test: Connectivity
......................... DOMAIN-DC1 passed test Connectivity
Doing primary tests
Testing server: DOMAIN\DOMAIN-DC1
Starting test: Advertising
......................... DOMAIN-DC1 passed test Advertising
Starting test: FrsEvent
......................... DOMAIN-DC1 passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
......................... DOMAIN-DC1 failed test DFSREvent
Starting test: SysVolCheck
......................... DOMAIN-DC1 passed test SysVolCheck
Starting test: KccEvent
......................... DOMAIN-DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DOMAIN-DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DOMAIN-DC1 passed test MachineAccount
Starting test: NCSecDesc
......................... DOMAIN-DC1 passed test NCSecDesc
Starting test: NetLogons
......................... DOMAIN-DC1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DOMAIN-DC1 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,DOMAIN-DC1] A recent replication attempt failed:
From DOMAIN-DC2 to DOMAIN-DC1
Naming Context: DC=ForestDnsZones,DC=DOMAIN,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2014-02-07 13:56:39.
The last success occurred at 2014-02-05 13:40:14.
62 failures have occurred since the last success.
[DOMAIN-DC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,DOMAIN-DC1] A recent replication attempt failed:
From DOMAIN-DC2 to DOMAIN-DC1
Naming Context: DC=DomainDnsZones,DC=DOMAIN,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2014-02-07 13:56:39.
The last success occurred at 2014-02-05 13:40:20.
101 failures have occurred since the last success.
[Replications Check,DOMAIN-DC1] A recent replication attempt failed:
From DOMAIN-DC2 to DOMAIN-DC1
Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2014-02-07 13:57:21.
The last success occurred at 2014-02-05 12:54:41.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DOMAIN-DC1] A recent replication attempt failed:
From DOMAIN-DC2 to DOMAIN-DC1
Naming Context: CN=Configuration,DC=DOMAIN,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2014-02-07 13:57:00.
The last success occurred at 2014-02-05 12:54:41.
52 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,DOMAIN-DC1] A recent replication attempt failed:
From DOMAIN-DC2 to DOMAIN-DC1
Naming Context: DC=DOMAIN,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2014-02-07 14:14:26.
The last success occurred at 2014-02-05 13:37:02.
1262 failures have occurred since the last success.
The source remains down. Please check the machine.
......................... DOMAIN-DC1 failed test Replications
Starting test: RidManager
......................... DOMAIN-DC1 passed test RidManager
Starting test: Services
......................... DOMAIN-DC1 passed test Services
Starting test: SystemLog
......................... DOMAIN-DC1 passed test SystemLog
Starting test: VerifyReferences
......................... DOMAIN-DC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.LOCAL
Starting test: LocatorCheck
......................... DOMAIN.LOCAL passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.LOCAL passed test IntersiteASKER
Thank you for Your reply.
All the 3 Domain Controllers are on the same subnet (IP 192.168.20.3, 192.168.20.20, 192.168.20.30). DOMAIN-DC2 seems to be the server with issues.
Below are the results of all the commands when ran from DOMAIN-DC1:
1) net share
2)repadmin /showreps
3)netdom query fsmo
All the 3 Domain Controllers are on the same subnet (IP 192.168.20.3, 192.168.20.20, 192.168.20.30). DOMAIN-DC2 seems to be the server with issues.
Below are the results of all the commands when ran from DOMAIN-DC1:
1) net share
DOMAIN-DC1:
Share name Resource Remark
-------------------------------------------------------------------------------
ADMIN$ C:\Windows Remote Admin
C$ C:\ Default share
D$ D:\ Default share
IPC$ Remote IPC
GPO-Deploy D:\GPO-Deploy
Home D:\Home
NETLOGON C:\Windows\SYSVOL_DFSR\sysvol\DOMAIN.local\SCRIPTS
Logon server share
Public D:\Public
Restricted D:\Restricted
Scan D:\Scan
SYSVOL C:\Windows\SYSVOL_DFSR\sysvol Logon server share
The command completed successfully.2)repadmin /showreps
DOMAIN\DOMAIN-DC1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 9df5026d-8b8b-4a91-9678-8178ea03ccb9
DSA invocationID: 6a5c5269-c30f-41b7-9a69-e17b8d27d9fe
==== INBOUND NEIGHBORS ======================================
DC=DOMAIN,DC=local
DOMAIN\DOMAIN-DC3 via RPC
DSA object GUID: 4f3bee48-909e-43d5-83dd-7a5f0540bf17
Last attempt @ 2014-02-07 16:28:04 was successful.
DOMAIN\DOMAIN-DC2 via RPC
DSA object GUID: 3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e
Last attempt @ 2014-02-07 16:29:07 failed, result 1722 (0x6ba):
The RPC server is unavailable.
1330 consecutive failure(s).
Last success @ 2014-02-05 13:37:02.
CN=Configuration,DC=DOMAIN,DC=local
DOMAIN\DOMAIN-DC3 via RPC
DSA object GUID: 4f3bee48-909e-43d5-83dd-7a5f0540bf17
Last attempt @ 2014-02-07 15:48:31 was successful.
DOMAIN\DOMAIN-DC2 via RPC
DSA object GUID: 3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e
Last attempt @ 2014-02-07 15:51:56 failed, result 1722 (0x6ba):
The RPC server is unavailable.
56 consecutive failure(s).
Last success @ 2014-02-05 12:54:41.
CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
DOMAIN\DOMAIN-DC3 via RPC
DSA object GUID: 4f3bee48-909e-43d5-83dd-7a5f0540bf17
Last attempt @ 2014-02-07 15:48:31 was successful.
DOMAIN\DOMAIN-DC2 via RPC
DSA object GUID: 3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e
Last attempt @ 2014-02-07 15:48:52 failed, result 1722 (0x6ba):
The RPC server is unavailable.
52 consecutive failure(s).
Last success @ 2014-02-05 12:54:41.
DC=DomainDnsZones,DC=DOMAIN,DC=local
DOMAIN\DOMAIN-DC2 via RPC
DSA object GUID: 3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e
Last attempt @ 2014-02-07 15:52:17 failed, result 1722 (0x6ba):
The RPC server is unavailable.
108 consecutive failure(s).
Last success @ 2014-02-05 13:40:20.
DOMAIN\DOMAIN-DC3 via RPC
DSA object GUID: 4f3bee48-909e-43d5-83dd-7a5f0540bf17
Last attempt @ 2014-02-07 16:21:22 was successful.
DC=ForestDnsZones,DC=DOMAIN,DC=local
DOMAIN\DOMAIN-DC2 via RPC
DSA object GUID: 3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e
Last attempt @ 2014-02-07 15:48:10 failed, result 1256 (0x4e8):
The remote system is not available. For information about network troubleshooting, see Windows Help.
67 consecutive failure(s).
Last success @ 2014-02-05 13:40:14.
DOMAIN\DOMAIN-DC3 via RPC
DSA object GUID: 4f3bee48-909e-43d5-83dd-7a5f0540bf17
Last attempt @ 2014-02-07 15:48:52 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.3)netdom query fsmo
Schema master DOMAIN-DC1.DOMAIN.local
Domain naming master DOMAIN-DC1.DOMAIN.local
PDC DOMAIN-DC1.DOMAIN.local
RID pool manager DOMAIN-DC1.DOMAIN.local
Infrastructure master DOMAIN-DC1.DOMAIN.local
The command completed successfully.ASKER
This is the result of DCDIAG /TEST:DNS /V /E /F:log.txt
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DOMAIN-DC1, is a Directory Server.
Home Server = DOMAIN-DC1
* Connecting to directory service on server DOMAIN-DC1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=DOMAIN,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC3,CN=Servers,CN=DOMAIN,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC1,CN=Servers,CN=DOMAIN,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DOMAIN-DC2,CN=Servers,CN=DOMAIN,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\DOMAIN-DC3
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DOMAIN-DC3 passed test Connectivity
Testing server: DOMAIN\DOMAIN-DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... DOMAIN-DC1 passed test Connectivity
Testing server: DOMAIN\DOMAIN-DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
[DOMAIN-DC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
RPC Extended Error Info not available. Use group policy on the local machine at "Computer
Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
......................... DOMAIN-DC2 failed test Connectivity
Doing primary tests
Testing server: DOMAIN\DOMAIN-DC3
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: DOMAIN\DOMAIN-DC1
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: DOMAIN\DOMAIN-DC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
Starting test: DNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DOMAIN-DC1 failed test DNS
See DNS test in enterprise tests section for results
......................... DOMAIN-DC2 passed test DNS
See DNS test in enterprise tests section for results
......................... DOMAIN-DC3 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DOMAIN
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: DOMAIN-DC1.DOMAIN.local
Domain: DOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS Microsoft Windows Server 2012 R2 Standard (Service Pack level: 0.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Microsoft Hyper-V Network Adapter:
MAC address is 00:15:5D:14:51:0E
IP Address is static
IP address: 192.168.20.3, fe80::4fd:9a70:57ee:928b
DNS servers:
192.168.20.3 (DOMAIN-DC1) [Valid]
192.168.20.20 (DOMAIN-DC2) [Valid]
127.0.0.1 (DOMAIN-DC1) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
[Error details: 5 (Type: Win32 - Description: Access is denied.)]
DC: DOMAIN-DC3.DOMAIN.local
Domain: DOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS Microsoft Windows Server 2008 R2 Standard (Service Pack level: 1.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Microsoft Virtual Machine Bus Network Adapter:
MAC address is 00:15:5D:14:51:06
IP Address is static
IP address: 192.168.20.30
DNS servers:
192.168.20.3 (DOMAIN-DC1) [Valid]
192.168.20.20 (DOMAIN-DC2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
212.33.131.67 (<name unavailable>) [Valid]
212.33.135.184 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone DOMAIN.local
Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter [00000007] Microsoft Virtual Machine Bus Network Adapter:
Matching CNAME record found at DNS server 192.168.20.3:
4f3bee48-909e-43d5-83dd-7a5f0540bf17._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.3:
DOMAIN-DC3.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.ad86ac78-df33-44db-a8c7-61c312cd2627.domains._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._udp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.gc._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.3:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_gc._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.gc._msdcs.DOMAIN.local
Matching CNAME record found at DNS server 192.168.20.20:
4f3bee48-909e-43d5-83dd-7a5f0540bf17._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
DOMAIN-DC3.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.ad86ac78-df33-44db-a8c7-61c312cd2627.domains._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._udp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.gc._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_gc._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.gc._msdcs.DOMAIN.local
DC: DOMAIN-DC2.DOMAIN.local
Domain: DOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No DS RPC connectivity
The OS Microsoft Windows Server 2012 R2 Standard (Service Pack level: 0.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:0D:93:B9
IP Address is static
IP address: 192.168.20.20, fe80::39ab:5bbc:2439:b8c4
DNS servers:
192.168.20.3 (DOMAIN-DC1) [Valid]
192.168.20.20 (DOMAIN-DC2) [Valid]
127.0.0.1 (DOMAIN-DC2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
212.33.131.67 (<name unavailable>) [Valid]
212.33.135.184 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone DOMAIN.local
Warning: Failed to delete the test record dcdiag-test-record in zone DOMAIN.local
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter [00000010] Broadcom BCM5716C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.20.3:
3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.3:
DOMAIN-DC2.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.ad86ac78-df33-44db-a8c7-61c312cd2627.domains._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._udp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_kerberos._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.gc._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.3:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_gc._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.3:
_ldap._tcp.DOMAIN._sites.gc._msdcs.DOMAIN.local
Matching CNAME record found at DNS server 192.168.20.20:
3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
DOMAIN-DC2.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.ad86ac78-df33-44db-a8c7-61c312cd2627.domains._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._udp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.gc._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_gc._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.gc._msdcs.DOMAIN.local
Matching CNAME record found at DNS server 192.168.20.20:
3f3c9bfd-63c6-404b-a5cf-48631f2f9f9e._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
DOMAIN-DC2.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.ad86ac78-df33-44db-a8c7-61c312cd2627.domains._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._udp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.dc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_kerberos._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.gc._msdcs.DOMAIN.local
Matching A record found at DNS server 192.168.20.20:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_gc._tcp.DOMAIN._sites.DOMAIN.local
Matching SRV record found at DNS server 192.168.20.20:
_ldap._tcp.DOMAIN._sites.gc._msdcs.DOMAIN.local
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 192.168.20.20 (DOMAIN-DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.20.3 (DOMAIN-DC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 212.33.131.67 (<name unavailable>)
All tests passed on this DNS server
DNS server: 212.33.135.184 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: DOMAIN.local
DOMAIN-DC1 PASS WARN n/a n/a n/a n/a n/a
DOMAIN-DC3 PASS PASS PASS PASS WARN PASS n/a
DOMAIN-DC2 PASS FAIL PASS PASS WARN PASS n/a
......................... DOMAIN.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: IntersiteASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It turned out to be a missing firewall policy for the Active Directory RPC service on DC2.
Thanks for your help :)
Thanks for your help :)
1)net share
Look for Sysvol and Netlogon
2) repadmin /showreps
Look for errors between domain controllers
3)netdom query fsmo
Make sure all dc's know who the fsmo role holders are
4)Need to understand how the site(s) are laid out, whether subnets are defined, what the connection object is - etc, any addition information would be useful