Solved

Computer account problems in Active Directory

Posted on 2004-08-02
18
577 Views
Last Modified: 2008-01-09
We have a medium sized network with the following configuration:

Three DCs - 2 are Win2K, one is Win2K3
120 computers - members of the domain
300 users using roaming profiles

The problems began when we had done no major upgrades or changes and seem to be getting worse.  The problems include:

1.  Users began getting roaming profile error messages when they logged in.  This is sporatic and unpredictable.
2.  Computers added to the domain show up on one DC but not others.
3.  We get Kerberos errors that say the client received a KRB_AP_ERR_MODIFIED error that indicates that the password used to encrypt the kerberos service ticket is different than that on the target server.
4.  The Netlogon service is reporting errors event ID 1097 and 1030 errors when group policy updates occur.
5.  From the Win2K3 server, which holds all of the domain server roles, I've received event IDs 1388 in NTDS Replication.  This error indicates that another domain controller attempted to replicate into this one and object which is not present in the local Active Directory database.  The attribute set included in the update request is not sufficient to create the object.
6.  When I tried to demote one of the Win2K DCs, I was unable to do so because it couldn't connect to the role master.  I shut the system down (it is a media distribution server that isn't needed at the current time), which helped somewhat, but the problems persist.
7.  On some of the workstations, the user can only connect to the server using the IP address.  Using the system name give an error that the system cannot be located.
8.  I get a FRS Replication Service error ID 13508 indicating the the remaining Win2K machine is having trouble enabling replication to the Win2K3 DC.
9.  I am unable to install a certificate on the Win2K3 certificate server using the certificate request wizard.  The error indicates that the wizard cannot be started because there are no trusted CAs available (there is one), I don't have permissions to request certificates from the CA (I do), and/or the available CAs issue certificates for which I don't have permissions (I'm using the domain Administrator account to do this on the CA for the domain which is running on the Win2K3 server system).  If I try to import the certificate, I get a successful import message, but the certificate doesn't appear in the certificate list and there is no error generated.

There are many other odd things that have happened in the 6 - 8 months since this began happening.  I am installing a new server to replace one of the Win2K DCs, which will run Server 2003.  I am also planning on upgrading the media distribution server to Server 2003.

Here are the issues I need resolved:

1.  I need to demote the media DC so I can remove it from AD.  I don't want to upgrade the existing system.
2.  I need a solution to the problem of inter-DC communication for AD updates.
3.  I need an answer to the certificate problem.
4.  Hopefully someone can explain what's going on in this network.

I have users that have problems logging in every day and projects that Tech Support are working on keep coming up against these errors.

Thanks in advance!
0
Comment
Question by:dkoppy
  • 7
  • 6
  • 3
  • +1
18 Comments
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
Ouch... How long are you having those 13508's already?

Please run repadmin /showreps on ALL domain controllers and check when they replicated successfully for the last time. If that was longer than 2 months ago, your replication was longer than tombstone lifetime, and you may lose all DCs, apart from one...

Check that first and tell us, because what you need to do next depends on that!
0
 
LVL 15

Expert Comment

by:vico1
Comment Utility
I would like to know when the problem started?
Is it after You istalled the DC 2k3, or the problem was there before.
" Users began getting roaming profile error messages when they logged in.  This is sporatic and unpredictable."
Can you find out if those users are login to the 2k3 when these errors occur.

to find out, after the user logon

type set from a command prompt and see what's the value for LOGONSERVER.

What service pack are running on the 2k servers?

Vico1
0
 

Author Comment

by:dkoppy
Comment Utility
I'm going to give the systems numbers so that I can refer to them easily:

S1 is the Win2K server that has been up all along.  It is running SP3.  It is also our only mail server running Exchange 2000 SP3.
S2 is the Win2K server that we use for media distribution.  It is running SP4.  This server has been shut down.
S3 is the Win2K3 server that holds all FSMO roles.  This is the server that is the most critical.
All systems have had all critical updates installed.

S2 can be decommissioned at any time.  S1 is being replaced with a new Win2K3 system running Exchange Server 2003.  I will be migrating mailboxes.

Results of the repadmin commands are:
   S1
      S2 last success 7/14/04, current attempt failed result 5: Access is denied
      S3 last success 4/23/04, current attempt failed result 5: Access is denied
   S2
      S1 last success 8/4/04, attempt successful
      S3 last success 3/2/04, current attempt failed result 5: Access is denied
   S3
      S2 last success 8/4/04, attempt successful
      S3 last success 8/4/04, attempt successful

The problems have been occurring since the April-May, 2004 time frame.  S3 was installed in September, 2003.

We have only had one instance of the roaming profile not loading.  The LOGONSERVER value was S3.  I've tried five other workstations - all were successful at loading the network profile and all have LOGONSERVER value of S3.

In an attempt to tie this problem down, I have disabled DHCP and DNS, which is AD integrated, on all servers except S3.
0
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
I am afraid that there is something seriously wrong with S1. Luckily it  has copied a successful replica off S2, so we don't have the tombstone problem yet...

S1 is the one that is sick in this domain. I would suggest to keep S2 on too, as that one seems to be more or less healthy, judging on only the repadmins.

The bad news is offcourse that S1 is the exchange server, so dcpromoing it down is tricky.

Which server is the DNS server? If you have more than one, and S3 is one of them, please make sure everything is pointing to S3 as primary DNS for the time being.

Then make sure S1 is registering correctly in DNS, and check in the 'subfolders' of the forward lookup zone if the SRV records for S1 are correct. If S1 has multiple NICs, make sure that only the one in the same network as S3 is registering in DNS.

Restart the Net logon service after you have made any of these changes!

If all seems to be OK, please post a verbose netdiag of S1, so we can have a look.
0
 
LVL 15

Expert Comment

by:vico1
Comment Utility
It sound that the problem started with S1

Most importantly Win 2000 is up to service pack 6 I think most of your problems are coming from that.
Your Win 2003 will always have trouble communicating with a 2000 SP3
Before you go to any further Diags.
I would make a full Backup of the servers and ugrade the service pack. That alone might solve your problem.

Do you have a valid reason not to upgrade to SP6?

vico1
0
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
Errrr... Windows 2000 SP6???

SP5 has not even been released. It is a good idea to upgrade to SP4 though.
0
 

Author Comment

by:dkoppy
Comment Utility
DNS is only running on S3.  All other systems and DHCP are using S3 as the primary server.  There are SRV records for all three DCs in DNS and S1's IP address is correct.

I've run netdiag but it's 102K.  If you tell me which sections you want to look at, I can post them.

I haven't upgraded S2 to SP4 because I don't want to mess with it at this point in the game - we're migrating Exchange to a new server and will be demoting S1 and doing a clean install of Server 2003.

0
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
Please put in the first part, with all the tests. The last part with the listings will be less useful.

Is this new Exchange server also going to be a Domain Controller? Or is it (will it be) a member server? Probably it is a good idea to do this Exchange migration first, and then just get rid of S1...
0
Complete Microsoft Windows PC® & Mac Backup

Backup and recovery solutions to protect all your PCs & Mac– on-premises or in remote locations. Acronis backs up entire PC or Mac with patented reliable disk imaging technology and you will be able to restore workstations to a new, dissimilar hardware in minutes.

 
LVL 15

Expert Comment

by:vico1
Comment Utility
You know that I meant SP4 I apologize for the confusion I was Applying SP6 for a client On NT4.

"I haven't upgraded S2 to SP4 because I don't want to mess with it at this point in the game."

I understand. However why don't you try to reapply SP3 on S1?
0
 

Author Comment

by:dkoppy
Comment Utility
I'm not planning on making the new Exchange Server a DC, and S1 will be removed.  S2 and S3 will remain the only DCs for now.  I was actually planning to do the migration first.  We're a school and classes won't start until the last week of August.  I'm hoping that all of this will be resolved one way or the other by then as I'll be too busy to mess with it.

I haven't reapplied SP3 to S1 because I simply don't want to mess with that system until I figure out what's going on or until we remove it from the domain altogether.

Here's the dump of the netdiag log.  I've cut out a lot of repetitious information and the listings of network bindings, etc.

Netdiag Log:

    Computer Name: S3  
    DNS Host Name: S3   .school.org
    DNS Domain Name: school.org
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB818529
           Yes          KB819696
           Yes          KB822925
           Yes          KB823182
           Yes          KB823353
           Yes          KB823559
           Yes          KB823980
           Yes          KB824105
           Yes          KB824141
           Yes          KB824145
           Yes          KB824146
           Yes          KB825119
           Yes          KB828028
           Yes          KB828035
           Yes          KB828741
           Yes          KB828750
           Yes          KB832894
           Yes          KB835732
           Yes          KB837001
           Yes          KB837009
           Yes          KB839643
           Yes          KB839645
           Yes          KB840315
           Yes          KB840374
           Yes          KB867801
           Yes          Q147222
           Yes          Q819639
           Yes          Q828026


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: Intel(R) PRO/100 S Server Adapter
    Device: \DEVICE\{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    3 days, 00:52:21
    Media Speed:                     100 Mbps

    Packets Sent:                    24797
    Bytes Sent (Optional):           0

    Packets Received:                4804053
    Directed Pkts Recd (Optional):   4277720
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    Description: Intel(R) PRO/1000 XT Network Connection
    Device: \DEVICE\{387EE90B-9060-4B08-9B40-C4B344FB35E2}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    3 days, 00:52:21
    Media Speed:                     100 Mbps

    Packets Sent:                    12203234
    Bytes Sent (Optional):           0

    Packets Received:                9161588
    Directed Pkts Recd (Optional):   8700648
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Local Area Connection 2
        Adapter ID . . . . . . . . : {1950FCD5-2CCA-4AEF-BC16-13D0711B7743}

        Netcard queries test . . . : Passed

        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : S3  
        Description. . . . . . . . : Intel(R) PRO/100 S Server Adapter
        Physical Address . . . . . : 00-02-B3-D6-15-DF
        Dhcp Enabled . . . . . . . : No
        DHCP ClassID . . . . . . . :
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 10.0.0.5
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . :
        Dns Servers. . . . . . . . : 10.0.0.4
                                     10.0.0.3

        IpConfig results . . . . . : Passed

        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use.

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}
            S3             <00>  UNIQUE      REGISTERED
            school         <00>  GROUP       REGISTERED
            school         <1C>  GROUP       REGISTERED
            S3             <20>  UNIQUE      REGISTERED
            school         <1B>  UNIQUE      REGISTERED
            school         <1E>  GROUP       REGISTERED
            school         <1D>  UNIQUE      REGISTERED
            ..__MSBROWSE__.<01>  GROUP       REGISTERED
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

            NetBios Resolution : Enabled

            Netbios Remote Cache Table
            Name           Type              HostAddress         Life [sec]
            ---------------------------------------------------------------
            PEP01          <20>  UNIQUE      10.0.3.7              235
            ADM01          <20>  UNIQUE      10.0.3.29             2
            S1             <20>  UNIQUE      10.0.0.2              245
            NET01          <20>  UNIQUE      10.0.3.21             235


        WINS service test. . . . . : Skipped
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
            There are no WINS servers configured for this interface.
        IPX test : IPX is not installed on this machine.

    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {387EE90B-9060-4B08-9B40-C4B344FB35E2}

        Netcard queries test . . . : Passed

        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : S3  
        Description. . . . . . . . : Intel(R) PRO/1000 XT Network Connection
        Physical Address . . . . . : 00-0B-DB-91-74-9E
        Dhcp Enabled . . . . . . . : No
        DHCP ClassID . . . . . . . :
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 10.0.0.4
        Subnet Mask. . . . . . . . : 255.255.0.0
        Default Gateway. . . . . . : 10.0.0.1
        Dns Servers. . . . . . . . : 10.0.0.4
                                     10.0.0.3

        IpConfig results . . . . . : Passed

        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use.

        Default gateway test . . . : Passed
            Pinging gateway 10.0.0.1 - reachable
            At least one gateway reachable for this adapter.

        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}
            S3             <00>  UNIQUE      REGISTERED
            school         <00>  GROUP       REGISTERED
            school         <1C>  GROUP       REGISTERED
            S3             <20>  UNIQUE      REGISTERED
            school         <1B>  UNIQUE      REGISTERED
            school         <1E>  GROUP       REGISTERED
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

            NetBios Resolution : Enabled

            Netbios Remote Cache Table
            Name           Type              HostAddress         Life [sec]
            ---------------------------------------------------------------
            PEP01          <20>  UNIQUE      10.0.3.7              235
            10.0.3.59      <20>  UNIQUE      10.0.3.59             265
            ADM01          <20>  UNIQUE      10.0.3.29             2
            S1             <20>  UNIQUE      10.0.0.2              245
            school-WEB     <20>  UNIQUE      216.29.182.115        347
            NET01          <20>  UNIQUE      10.0.3.21             235


        WINS service test. . . . . : Skipped
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
            There are no WINS servers configured for this interface.
        IPX test : IPX is not installed on this machine.


Global results:


IP General configuration
    LMHOSTS Enabled. . . . . . . . : Yes
    DNS for WINS resolution. . . . : Enabled
    Node Type. . . . . . . . . . . : Broadcast
    NBT Scope ID . . . . . . . . . :
    Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled . . . . . . : No
    DNS resolution for NETBIOS . . : No



Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : school
    Dns domain name. . . . . . . . : school.org
    Dns forest name. . . . . . . . : school.org
    Domain Guid. . . . . . . . . . : {43AC89DB-514E-46B9-8F39-FD09B3BB3423}
    Domain Sid . . . . . . . . . . : S-1-5-21-1482476501-1425521274-682003330
    Logon User . . . . . . . . . . : Administrator
    Logon Domain . . . . . . . . . : school


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}
        NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed
    PASS - you have at least one non-autoconfigured IP address


IP loopback ping test. . . . . . . : Passed
    PASS - pinging IP loopback address was successful.
    Your IP stack is most probably OK.


Default gateway test . . . . . . . : Passed
    PASS - you have at least one reachable gateway.


NetBT name test. . . . . . . . . . : Passed
   No NetBT scope defined
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed
    The number of protocols which have been reported : 12
        Description: MSAFD Tcpip [TCP/IP]
            Provider Version   :2
            Max message size  : Stream Oriented
        Description: MSAFD Tcpip [UDP/IP]
            Provider Version   :2
        Description: RSVP UDP Service Provider
            Provider Version   :6
        Description: RSVP TCP Service Provider
            Provider Version   :6
            Max message size  : Stream Oriented
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}] SEQPACKET 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}] DATAGRAM 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}] SEQPACKET 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}] DATAGRAM 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{571F5D74-2CC6-48F2-AE1D-297E22F74AA7}] SEQPACKET 2
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{571F5D74-2CC6-48F2-AE1D-297E22F74AA7}] DATAGRAM 2
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{847E867C-78EA-46B8-A9D4-7053DFC44863}] SEQPACKET 3
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{847E867C-78EA-46B8-A9D4-7053DFC44863}] DATAGRAM 3
            Provider Version   :2

    Max UDP size : 65507 bytes


DNS test . . . . . . . . . . . . . : Passed
      Interface {1950FCD5-2CCA-4AEF-BC16-13D0711B7743}
        DNS Domain:
        DNS Servers: 10.0.0.4 10.0.0.3
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: S3   .school.org.
          Authoritative zone: school.org.
          Primary DNS server: S3   .school.org 10.0.0.4
          Authoritative NS:10.0.0.2 10.0.0.5 10.0.0.4 216.29.182.115 10.0.0.3
      Interface {387EE90B-9060-4B08-9B40-C4B344FB35E2}
        DNS Domain:
        DNS Servers: 10.0.0.4 10.0.0.3
        IP Address:         Expected registration with PDN (primary DNS domain name):
          Hostname: S3   .school.org.
          Authoritative zone: school.org.
          Primary DNS server: S3   .school.org 10.0.0.4
          Authoritative NS:10.0.0.5 10.0.0.4 216.29.182.115 10.0.0.3 10.0.0.2
Check the DNS registration for DCs entries on DNS server '10.0.0.4'
The Record is different on DNS server '10.0.0.4'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.4', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = school.org.
DNS DATA =
            A  10.0.0.4

The record on DNS server 10.0.0.4 is:
DNS NAME = school.org
DNS DATA =
            A  10.0.0.4
            A  10.0.0.5
            A  10.0.0.3
            A  10.0.0.2
+------------------------------------------------------+

The Record is different on DNS server '10.0.0.4'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '10.0.0.4', no need to re-register.

+------------------------------------------------------+

**** All other DNS entries read same as above  ****


    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.4' and other DCs also have some of the names registered.
Check the DNS registration for DCs entries on DNS server '10.0.0.3'
Query for DC DNS entry school.org. on DNS server 10.0.0.3 failed.
DNS Error code: ERROR_TIMEOUT (Dns server may be down.)
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 10.0.0.3, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
    List of transports currently bound to the Redir
        NetbiosSmb
        NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}
        NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}
    The redir is bound to 2 NetBt transports.

    List of transports currently bound to the browser
        NetBT_Tcpip_{1950FCD5-2CCA-4AEF-BC16-13D0711B7743}
        NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}
    The browser is bound to 2 NetBt transports.
    Mailslot test for school* passed.


DC discovery test. . . . . . . . . : Passed

    Find DC in domain 'school':
    Found this DC in domain 'school':
        DC. . . . . . . . . . . : \\S3   .school.org
        Address . . . . . . . . : \\10.0.0.5
        Domain Guid . . . . . . : {43AC89DB-514E-46B9-8F39-FD09B3BB3423}
        Domain Name . . . . . . : school.org
        Forest Name . . . . . . : school.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

    Find PDC emulator in domain 'school':
    Found this PDC emulator in domain 'school':
        DC. . . . . . . . . . . : \\S3   .school.org
        Address . . . . . . . . : \\10.0.0.5
        Domain Guid . . . . . . : {43AC89DB-514E-46B9-8F39-FD09B3BB3423}
        Domain Name . . . . . . : school.org
        Forest Name . . . . . . : school.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

    Find Windows 2000 DC in domain 'school':
    Found this Windows 2000 DC in domain 'school':
        DC. . . . . . . . . . . : \\S3   .school.org
        Address . . . . . . . . : \\10.0.0.5
        Domain Guid . . . . . . : {43AC89DB-514E-46B9-8F39-FD09B3BB3423}
        Domain Name . . . . . . : school.org
        Forest Name . . . . . . : school.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV GTIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8


DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [ERROR_NO_BROWSER_SERVERS_FOUND]
    List of DCs in Domain 'school':
        S3   .school.org
        S1   .school.org
        S2   .school.org  (this DC is down)
            [WARNING] Cannot ping 'S2   .school.org' (it may be down).



Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed
    Cached Tickets:
    Server: krbtgt/school.ORG
        End Time: 8/5/2004 13:11:35
        Renew Time: 8/5/2004 13:07:00
    Server: krbtgt/school.ORG
        End Time: 8/5/2004 22:07:00
        Renew Time: 8/5/2004 13:07:00
    Server: cifs/S1   .school.org
        End Time: 8/5/2004 13:13:53
        Renew Time: 8/5/2004 13:07:00
    Server: cifs/S1  
        End Time: 8/5/2004 13:11:35
        Renew Time: 8/5/2004 13:07:00
    Server: cifs/PEP01
        End Time: 8/5/2004 13:07:28
        Renew Time: 8/5/2004 13:07:00
    Server: cifs/NET01
        End Time: 8/5/2004 13:07:28
        Renew Time: 8/5/2004 13:07:00
    Server: ldap/S3   .school.org/school.org
        End Time: 8/5/2004 13:07:01
        Renew Time: 8/5/2004 13:07:00
    Server: host/S3   .school.org
        End Time: 8/5/2004 13:07:00
        Renew Time: 8/5/2004 13:07:00


LDAP test. . . . . . . . . . . . . : Passed

    Do un-authenticated LDAP call to 'S3   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805161411.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 16 DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 34 DC=DomainDnsZones,DC=school,DC=org
            Val: 34 DC=ForestDnsZones,DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 8 25923399
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 16 S3   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S3   $@school.ORG
        Attr: serverName
            Val: 89 CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Do NTLM authenticated LDAP call to 'S3   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805161411.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 16 DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 34 DC=DomainDnsZones,DC=school,DC=org
            Val: 34 DC=ForestDnsZones,DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 8 25923399
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 16 S3   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S3   $@school.ORG
        Attr: serverName
            Val: 89 CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Do Negotiate authenticated LDAP call to 'S3   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805161411.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 16 DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 34 DC=DomainDnsZones,DC=school,DC=org
            Val: 34 DC=ForestDnsZones,DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 8 25923399
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 16 S3   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S3   $@school.ORG
        Attr: serverName
            Val: 89 CN=S3   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Registered Service Principal Names:
        MSSQLSvc/S3   .school.org:4968
        SMTPSVC/S3  
        SMTPSVC/S3   .school.org
        MSOLAPSvc/S3  
        MSOLAPSvc/S3   .school.org
        MSSQLSvc/S3   .school.org:1829
        exchangeAB/S3  
        exchangeAB/S3   .school.org
        ldap/S3   .school.org/ForestDnsZones.school.org
        ldap/S3   .school.org/DomainDnsZones.school.org
        DNS/S3   .school.org
        GC/S3   .school.org/school.org
        HOST/S3   .school.org/school.org
        HOST/S3   .school.org/school
        ldap/61a9fd3d-cc56-4e90-9cda-1c0d246e0b98._msdcs.school.org
        ldap/S3   .school.org/school
        ldap/S3  
        ldap/S3   .school.org
        ldap/S3   .school.org/school.org
        E3514235-4B06-11D1-AB04-00C04FC2DCD2/61a9fd3d-cc56-4e90-9cda-1c0d246e0b98/school.org
        NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/S3   .school.org
        HOST/S3  
        HOST/S3   .school.org

    Do un-authenticated LDAP call to 'S1   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805162258.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 16 DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 8 10858765
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 16 S1   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S1   $@school.ORG
        Attr: serverName
            Val: 89 CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Do NTLM authenticated LDAP call to 'S1   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805162258.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 16 DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 8 10858765
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 16 S1   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S1   $@school.ORG
        Attr: serverName
            Val: 89 CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Do Negotiate authenticated LDAP call to 'S1   .school.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20040805162258.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: dsServiceName
            Val: 106 CN=NTDS Settings,CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
            Val: 33 CN=Configuration,DC=school,DC=org
            Val: 16 DC=school,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=school,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=school,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=school,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=school,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 8 10858765
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 16 S1   .school.org
        Attr: ldapServiceName
            Val: 28 school.org:S1   $@school.ORG
        Attr: serverName
            Val: 89 CN=S1   ,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=school,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Registered Service Principal Names:
        MSSQLSvc/S3   .school.org:4968
        SMTPSVC/S3   .school.org
        SMTPSVC/S3  
        MSOLAPSvc/S3   .school.org
        MSOLAPSvc/S3  
        MSSQLSvc/S3   .school.org:1829
        exchangeAB/S3   .school.org
        exchangeAB/S3  
        DNS/S3   .school.org
        ldap/S3   .school.org/DomainDnsZones.school.org
        ldap/S3   .school.org/ForestDnsZones.school.org
        ldap/61a9fd3d-cc56-4e90-9cda-1c0d246e0b98._msdcs.school.org
        HOST/S3   .school.org/school
        HOST/S3   .school.org/school.org
        GC/S3   .school.org/school.org
        ldap/S3   .school.org/school.org
        ldap/S3   .school.org
        ldap/S3  
        ldap/S3   .school.org/school
        E3514235-4B06-11D1-AB04-00C04FC2DCD2/61a9fd3d-cc56-4e90-9cda-1c0d246e0b98/school.org
        NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/S3   .school.org
        HOST/S3  
        HOST/S3   .school.org
    Since 'S2   .school.org' is down, it cannot be tested.
    [WARNING] Failed to query SPN registration on DC 'S2   .school.org'.
0
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
Ok, I see that S3 has two network cards, both in the same network. That is usually not a good idea. You have to disable one of them to make things easier for the Active Directory.

Please right-mouseclick My Network Places and go to properties. Click the Advanced tab and then select Advanced Settings. Then check which of the two network cards is on top. I would STRONGLY suggest to leave that card alone.

Then go to the properties of the OTHER network card, go to the TCP/IP settings and Advanced. On the DNS tab remove the tick in front of Register this connection in DNS. On the WINS tab, set the NetBT setting to DISABLED. OK that and close the properties of that network card.

Then open a CMD prompt and enter these commands:
NBTSTAT -RR
IPCONFIG /FLUSHDNS
IPCONFIG /REGISTERDNS

Then stop and restart the Net Logon and DNS Server services.

Finally, remove ANY entries for the OTHER Network card from the DNS and WINS databases.

Let that 'cool down' for a couple of hours to give the servers some time to replicate. I would advise to have S2 on during that time, if possible.
0
 

Author Comment

by:dkoppy
Comment Utility
Have followed all steps and will leave systems to try to right themselves until Monday.  Thanks for the advise.  I'll post what happens.
0
 

Author Comment

by:dkoppy
Comment Utility
Okay.  I've run the repadmin /showreps again.  There is no change.  The results are the same as the ones I posted earlier.  The new mail server has arrived and I'm going to begin configuring it today.  I hope to have it up and running by tomorrow.  Any suggestions would be appreciated.  Thanks.
0
 
LVL 3

Expert Comment

by:MartijnMoree
Comment Utility
I'd say lets get those mailboxes away from that server (S1) first. It's better to have that done, so we can try a little bit more with S1.

Can you please do a netdiag /test:DNS and post that here?
0
 

Author Comment

by:dkoppy
Comment Utility
Well there's been a delay on getting S1 shut down due to somebody dropping the ball in ordering software for its replacement.  I still hope to have this done soon but we're going to have to sit tight for a few days.

Here's the netdiag /test:DNS data:

Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection 2

        Netcard queries test . . . : Passed

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{387EE90B-9060-4B08-9B40-C4B344FB35E2}
    1 NetBt transport currently configured.


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.4' and other DCs also have some of the names registered.


The command completed successfully
0
 

Author Comment

by:dkoppy
Comment Utility
I'm closing this question.  For the information of those of you who have helped with this, the only solution that ended up working was a complete removal of the system from the domain and a clean-up of Active Directory, which is outlined in the article "How to remove data in Active Directory after an unsuccessful domain controller demotion" - Q216498.

Thanks for all of your help with this.
0
 
LVL 1

Accepted Solution

by:
Computer101 earned 0 total points
Comment Utility
PAQed, with points refunded (500)

Computer101
E-E Admin
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Learn about cloud computing and its benefits for small business owners.
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now