• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4636
  • Last Modified:

E2k3 is not able to connect to W2k AD any longer (Events 5790, 5723, 10002, 46, 1053, 3210, 5721, 7023, 40960). Please help! 500 pts to the genius! :)

Hi guys!  I’m having a major problem here.  I have an Exchange 2003 server running Windows Server 2003, within a Windows 2000 domain.  Everything has been fine until my boss called me two days ago saying that email wasn’t working.  I investigated, and two days later, have not made any progress in fixing this issue.

The Exchange Server (ES1), is not able to connect to the Domain Controller (DC1).  

From the ES1, when I try to log on to the domain, I get the following message:
“Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found.  Please try again later.  If this message continues to appear, contact your system administrator for assistance.”

I am able to log on to the local computer.

From any computer on the network, when I try to access a share on ES1, I get the following message:
“\\es1\c$ is not accessible.  You might not have permission to use this network resource.  Contact the administrator of this server to find out if you have access permissions.  The trust relationship between this workstation and the primary domain failed.”


On DC1, the following events are reported:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5790
Date:            3/29/2006
Time:            1:19:36 AM
User:            N/A
Computer:      DC1
Description:
The description for Event ID ( 5790 ) in Source ( NETLOGON ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: ES1, Access is denied. .
Data:
0000: 22 00 00 c0               "..À    


Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5723
Date:            3/29/2006
Time:            1:17:26 AM
User:            N/A
Computer:      DC1
Description:
The session setup from the computer ES1 failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is ES1$.
Data:
0000: 8b 01 00 c0               ?..À    


Event Type:      Error
Event Source:      DCOM
Event Category:      None
Event ID:      10002
Date:            3/29/2006
Time:            1:17:25 AM
User:            HDCINC\DC2$
Computer:      DC1
Description:
Access denied attempting to launch a DCOM Server. The server is:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}
The user is DC2$/HDCINC, SID=S-1-5-21-861567501-1993962763-1343024091-2106.



On ES1, I have the following errors:

Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      46
Date:            3/29/2006
Time:            1:38:01 AM
User:            N/A
Computer:      ES1
Description:
The time service encountered an error and was forced to shut down.  The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            3/29/2006
Time:            1:37:49 AM
User:            NT AUTHORITY\SYSTEM
Computer:      ES1
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      3210
Date:            3/29/2006
Time:            1:37:45 AM
User:            N/A
Computer:      ES1
Description:
This computer could not authenticate with \\dc2.hdcinc.org, a Windows domain controller for domain HDCINC, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0               "..À    


Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5721
Date:            3/29/2006
Time:            1:40:50 AM
User:            N/A
Computer:      ES1
Description:
The session setup to the Windows NT or Windows 2000 Domain Controller \\dc1.hdcinc.org for the domain HDCINC failed because the Domain Controller did not have an account ES1$ needed to set up the session by this computer ES1.  

ADDITIONAL DATA
If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 8b 01 00 c0               ?..À    


Event Type:      Error
Event Source:      Service Control Manager
Event Category:      None
Event ID:      7023
Date:            3/29/2006
Time:            1:39:28 AM
User:            N/A
Computer:      ES1
Description:
The Windows Time service terminated with the following error:
An attempt was made to logon, but the network logon service was not started.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            3/29/2006
Time:            1:14:15 AM
User:            N/A
Computer:      ES1
Description:
The Security System detected an authentication error for the server ldap/hdcinc.org.  The failure code from authentication protocol Kerberos was "There are currently no logon servers available to service the logon request.
 (0xc000005e)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    


I have tried many things to resolve these issues including:
-using netdom resetpwd to reset the secure channel
-checked out nic settings on ES1, dns server points to DC1
-repeatedly tried removing ES1 from the domain, then readded (sometimes deleting the computer acct in AD, moving it to a new OU, etc.)
-and just a ton of other things.  Sorry, very tired now…


Until I am able to get this working, the company has no email as the exchange services will not start due to the authentication problem.  Please help…
0
redmanjb
Asked:
redmanjb
  • 13
  • 9
  • 4
  • +2
1 Solution
 
Jay_Jay70Commented:
Hi redmanjb,

you are going to need to run dcdiag and netdiag to start with to pinpoint these errors

what is your domain setup in a bit more detail to

Cheers!
0
 
redmanjbAuthor Commented:
Man you're fast!  I just posted this question! :)

OK.  Win2k domain, 2 sites (on 2 different subnets) connected over VPN.  AD integrated DNS (I changed remote site to secondary a little bit ago for troubleshooting).  ES1 is at central site with DC1.

******************************************************
I ran  " dcdiag /v /fix", and here is the output (I substituted our domain name with "mydomain", and "TampaSt" is the name of the 2nd site):

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine dc1, is a DC.
   * Connecting to directory service on server dc1.
   * Collecting site info.
   * Identifying all servers.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\DC1
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... DC1 passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\DC1
      Starting test: Replications
         * Replications Check
         ......................... DC1 passed test Replications
      Test omitted by user request: Topology
      Test omitted by user request: CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=mydomain,DC=org
         * Security Permissions Check for
           CN=Configuration,DC=mydomain,DC=org
         * Security Permissions Check for
           DC=mydomain,DC=org
         * Security Permissions Check for
           DC=seffner,DC=mydomain,DC=org
         ......................... DC1 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... DC1 passed test NetLogons
      Starting test: Advertising
         The DC DC1 is advertising itself as a DC and having a DS.
         The DC DC1 is advertising as an LDAP server
         The DC DC1 is advertising as having a writeable directory
         The DC DC1 is advertising as a Key Distribution Center
         The DC DC1 is advertising as a time server
         The DS DC1 is advertising as a GC.
         ......................... DC1 passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
         Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
         Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
         Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
         ......................... DC1 passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 3105 to 1073741823
         * dc1.mydomain.org is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2105 to 2604
         * rIDNextRID: 2111
         * rIDPreviousAllocationPool is 2105 to 2604
         ......................... DC1 passed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/dc1.mydomain.org/mydomain.org
         * SPN found :LDAP/dc1.mydomain.org
         * SPN found :LDAP/DC1
         * SPN found :LDAP/dc1.mydomain.org/MYDOMAIN
         * SPN found :LDAP/84bcff25-373a-4271-a035-17e4525bd1bc._msdcs.mydomain.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/84bcff25-373a-4271-a035-17e4525bd1bc/mydomain.org
         * SPN found :HOST/dc1.mydomain.org/mydomain.org
         * SPN found :HOST/dc1.mydomain.org
         * SPN found :HOST/DC1
         * SPN found :HOST/dc1.mydomain.org/MYDOMAIN
         * SPN found :GC/dc1.mydomain.org/mydomain.org
         ......................... DC1 passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: RPCLOCATOR
         * Checking Service: w32time
         * Checking Service: TrkWks
         * Checking Service: TrkSvr
         * Checking Service: NETLOGON
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         ......................... DC1 passed test Services
      Test omitted by user request: OutboundSecureChannels
      Starting test: ObjectsReplicated
         DC1 is in domain DC=mydomain,DC=org
         Checking for CN=DC1,OU=Domain Controllers,DC=mydomain,DC=org in domain DC=mydomain,DC=org on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org in domain CN=Configuration,DC=mydomain,DC=org on 1 servers
            Object is up-to-date on all servers.
         ......................... DC1 passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service Event log test
         The SYSVOL has been shared, and the AD is no longer
         prevented from starting by the File Replication Service.
         ......................... DC1 passed test frssysvol
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... DC1 passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0xC0001B77
            Time Generated: 03/29/2006   01:20:40
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002712
            Time Generated: 03/29/2006   02:01:29
            Event String: Access denied attempting to launch a DCOM Server.
The server is:
{D99E6E74-FC88-11D0-B498-00A0C90312F3}
The user is DC2$/MYDOMAIN,
SID=S-1-5-21-861567501-1993962763-1343024091-2106.
 
         ......................... DC1 failed test systemlog
   
   Running enterprise tests on : mydomain.org
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site TampaSt, this site is outside the scope provided by the
         command line arguments provided.
         ......................... mydomain.org passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\dc1.mydomain.org
         Locator Flags: 0xe00001fd
         PDC Name: \\dc1.mydomain.org
         Locator Flags: 0xe00001fd
         Time Server Name: \\dc1.mydomain.org
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\dc1.mydomain.org
         Locator Flags: 0xe00001fd
         KDC Name: \\dc1.mydomain.org
         Locator Flags: 0xe00001fd
         ......................... mydomain.org passed test FsmoCheck

******************************************************

I ran " netdiag /v /fix", here is the output:

 Computer Name: DC1
    DNS Host Name: dc1.mydomain.org
    DNS Domain Name: mydomain.org
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 6 Model 8 Stepping 6, GenuineIntel
    Hotfixes :
        Installed?      Name
           Yes          KB329115
           Yes          KB820888
           Yes          KB822343
           Yes          KB822831
           Yes          KB823182
           Yes          KB823559
           Yes          KB824105
           Yes          KB824141
           Yes          KB824146
           Yes          KB824151
           Yes          KB825119
           Yes          KB826232
           Yes          KB828028
           Yes          KB828035
           Yes          KB828741
           Yes          KB828749
           Yes          KB832353
           Yes          KB832359
           Yes          KB834707-IE6SP1-20040929.091901
           Yes          KB835732
           Yes          KB837001
           Yes          KB839645
           Yes          KB840315
           Yes          KB840987
           Yes          KB841356
           Yes          KB841533
           Yes          KB841872
           Yes          KB841873
           Yes          KB842526
           Yes          KB842773
           Yes          KB867282-IE6SP1-20050127.163319
           Yes          KB871250
           Yes          KB873333
           Yes          KB873339
           Yes          KB883935
           Yes          KB883939-IE6SP1-20050428.125228
           Yes          KB885250
           Yes          KB885834
           Yes          KB885835
           Yes          KB885836
           Yes          KB887797-OE6SP1-20041112.131144
           Yes          KB888113
           Yes          KB889293-IE6SP1-20041111.235619
           Yes          KB890046
           Yes          KB890047
           Yes          KB890175
           Yes          KB890859
           Yes          KB890923-IE6SP1-20050225.103456
           Yes          KB891711
           Yes          KB891781
           Yes          KB893066
           Yes          KB893086
           Yes          KB893756
           Yes          KB893803
           Yes          KB893803v2
           Yes          KB894320
           Yes          KB896358
           Yes          KB896422
           Yes          KB896423
           Yes          KB896424
           Yes          KB896688-IE6SP1-20051004.130236
           Yes          KB896727-IE6SP1-20050719.165959
           Yes          KB897715-OE6SP1-20050503.210336
           Yes          KB899587
           Yes          KB899588
           Yes          KB899589
           Yes          KB899591
           Yes          KB900725
           Yes          KB901017
           Yes          KB901214
           Yes          KB902400
           Yes          KB904706
           Yes          KB905414
           Yes          KB905495-IE6SP1-20050805.184113
           Yes          KB905749
           Yes          KB905915-IE6SP1-20051122.175908
           Yes          KB908519
           Yes          KB908523
           Yes          KB912919
           Yes          Q147222
           Yes          Q828026
           No           ServicePackUninstall
           Yes          Update Rollup 1


Netcard queries test . . . . . . . : Passed

    Information of Netcard drivers:

    ---------------------------------------------------------------------------
    Description: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter
    Device: \DEVICE\{87457B90-F820-4129-9397-87073EECE81F}

    Media State:                     Connected

    Device State:                    Connected
    Connect Time:                    01:11:05
    Media Speed:                     10 Mbps

    Packets Sent:                    76428
    Bytes Sent (Optional):           0

    Packets Received:                97784
    Directed Pkts Recd (Optional):   93168
    Bytes Received (Optional):       0
    Directed Bytes Recd (Optional):  0

    ---------------------------------------------------------------------------
    [PASS] - At least one netcard is in the 'Connected' state.



Per interface results:

    Adapter : Local Area Connection
        Adapter ID . . . . . . . . : {87457B90-F820-4129-9397-87073EECE81F}

        Netcard queries test . . . : Passed

        Adapter type . . . . . . . : Ethernet
        Host Name. . . . . . . . . : dc1
        Description. . . . . . . . : Fast Ethernet Adapter
        Physical Address . . . . . : 00-A0-24-BF-71-1E
        Dhcp Enabled . . . . . . . : No
        DHCP ClassID . . . . . . . :
        Autoconfiguration Enabled. : Yes
        IP Address . . . . . . . . : 192.168.0.223
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.1
        Dns Servers. . . . . . . . : 192.168.1.2
                                     192.168.0.223

        IpConfig results . . . . . : Passed

        AutoConfiguration results. . . . . . : Passed
            AutoConfiguration is not in use.

        Default gateway test . . . : Passed
            Pinging gateway 192.168.0.1 - reachable
            At least one gateway reachable for this adapter.

        NetBT name test. . . . . . : Passed
            NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}
            DC1            <00>  UNIQUE      REGISTERED
            MYDOMAIN         <00>  GROUP       REGISTERED
            MYDOMAIN         <1C>  GROUP       REGISTERED
            DC1            <20>  UNIQUE      REGISTERED
            MYDOMAIN         <1B>  UNIQUE      REGISTERED
            MYDOMAIN         <1E>  GROUP       REGISTERED
            DC1            <03>  UNIQUE      REGISTERED
            MYDOMAIN         <1D>  UNIQUE      REGISTERED
            ..__MSBROWSE__.<01>  GROUP       REGISTERED
            INet~Services  <1C>  GROUP       REGISTERED
            IS~DC1.........<00>  UNIQUE      REGISTERED
            DC1            <01>  UNIQUE      REGISTERED

            NetBios Resolution : Enabled

            Netbios Remote Cache Table
            Name           Type              HostAddress         Life [sec]
            ---------------------------------------------------------------
            MOM            <20>  UNIQUE      192.168.0.222         432


        WINS service test. . . . . : Skipped
            There is no primary WINS server defined for this adapter.
            There is no secondary WINS server defined for this adapter.
            There are no WINS servers configured for this interface.
        IPX test : IPX is not installed on this machine.


Global results:


IP General configuration
    LMHOSTS Enabled. . . . . . . . : Yes
    DNS for WINS resolution. . . . : Enabled
    Node Type. . . . . . . . . . . : Broadcast
    NBT Scope ID . . . . . . . . . :
    Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled . . . . . . : No
    DNS resolution for NETBIOS . . : No



Domain membership test . . . . . . : Passed
    Machine is a . . . . . . . . . : Primary Domain Controller Emulator
    Netbios Domain name. . . . . . : MYDOMAIN
    Dns domain name. . . . . . . . : mydomain.org
    Dns forest name. . . . . . . . : mydomain.org
    Domain Guid. . . . . . . . . . : {44D18637-84B9-482B-B50D-69AA495BE797}
    Domain Sid . . . . . . . . . . : S-1-5-21-861567501-1993962763-1343024091
    Logon User . . . . . . . . . . : Administrator
    Logon Domain . . . . . . . . . : MYDOMAIN


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed
    PASS - you have at least one non-autoconfigured IP address


IP loopback ping test. . . . . . . : Passed
    PASS - pinging IP loopback address was successful.
    Your IP stack is most probably OK.


Default gateway test . . . . . . . : Passed
    PASS - you have at least one reachable gateway.


NetBT name test. . . . . . . . . . : Passed
   No NetBT scope defined

   PASS - The NetBT is properly configured.
     There is at least one interface where the <00> 'WorkStation Service',
     <03> 'Messenger Service', <20> 'WINS' names are defined and they are
     not in conflict.


Winsock test . . . . . . . . . . . : Passed
    The number of protocols which have been reported : 12
        Description: MSAFD Tcpip [TCP/IP]
            Provider Version   :2
            Max message size  : Stream Oriented
        Description: MSAFD Tcpip [UDP/IP]
            Provider Version   :2
        Description: RSVP UDP Service Provider
            Provider Version   :4
        Description: RSVP TCP Service Provider
            Provider Version   :4
            Max message size  : Stream Oriented
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51D5EE11-E79E-4279-9E67-95A7D5F41E1B}] SEQPACKET 3
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{51D5EE11-E79E-4279-9E67-95A7D5F41E1B}] DATAGRAM 3
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}] SEQPACKET 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}] DATAGRAM 0
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F234E5A4-A59E-4352-9B47-87F8E19F2320}] SEQPACKET 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F234E5A4-A59E-4352-9B47-87F8E19F2320}] DATAGRAM 1
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{37A98297-D5C7-45F9-A8D6-11D299746571}] SEQPACKET 2
            Provider Version   :2
        Description: MSAFD NetBIOS [\Device\NetBT_Tcpip_{37A98297-D5C7-45F9-A8D6-11D299746571}] DATAGRAM 2
            Provider Version   :2

    Max UDP size : 65507 bytes


DNS test . . . . . . . . . . . . . : Passed
      Interface {87457B90-F820-4129-9397-87073EECE81F}
        DNS Domain:
        DNS Servers: 192.168.1.2 192.168.0.223
        IP Address: 192.168.0.223
        Expected registration with PDN (primary DNS domain name):
          Hostname: dc1.mydomain.org.
          Authoritative zone: mydomain.org.
          Primary DNS server: dc1.mydomain.org 192.168.0.223
          Authoritative NS:192.168.0.223 192.168.1.2
      Verify DNS registration:
        Name: dc1.mydomain.org
        Expected IP: 192.168.0.223
          Server 192.168.0.223: NO_ERROR
          Server 192.168.1.2: NO_ERROR
    The DNS registration for dc1.mydomain.org is correct on all DNS servers
Check the DNS registration for DCs entries on DNS server '192.168.1.2'
The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = mydomain.org.
DNS DATA =
            A  192.168.0.223

The record on DNS server 192.168.1.2 is:
DNS NAME = mydomain.org
DNS DATA =
            A  192.168.0.223
            A  192.168.1.2
+------------------------------------------------------+

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.mydomain.org.
DNS DATA =
            SRV 0 100 389 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _ldap._tcp.mydomain.org
DNS DATA =
            SRV 0 100 389 dc2.mydomain.org
            SRV 0 100 389 dc1.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.org.
DNS DATA =
            SRV 0 100 3268 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _ldap._tcp.gc._msdcs.mydomain.org
DNS DATA =
            SRV 0 100 3268 dc2.mydomain.org
            SRV 0 100 3268 dc1.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.44d18637-84b9-482b-b50d-69aa495be797.domains._msdcs.mydomain.org.
DNS DATA =
            SRV 0 100 389 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _ldap._tcp.44d18637-84b9-482b-b50d-69aa495be797.domains._msdcs.mydomain.org
DNS DATA =
            SRV 0 100 389 dc1.mydomain.org
            SRV 0 100 389 dc2.mydomain.org
+------------------------------------------------------+

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = gc._msdcs.mydomain.org.
DNS DATA =
            A  192.168.0.223

The record on DNS server 192.168.1.2 is:
DNS NAME = gc._msdcs.mydomain.org
DNS DATA =
            A  192.168.0.223
            A  192.168.1.2
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.org.
DNS DATA =
            SRV 0 100 389 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _ldap._tcp.dc._msdcs.mydomain.org
DNS DATA =
            SRV 0 100 389 dc1.mydomain.org
            SRV 0 100 389 dc2.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _gc._tcp.mydomain.org.
DNS DATA =
            SRV 0 100 3268 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _gc._tcp.mydomain.org
DNS DATA =
            SRV 0 100 3268 dc2.mydomain.org
            SRV 0 100 3268 dc1.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.org.
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _kerberos._tcp.dc._msdcs.mydomain.org
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org
            SRV 0 100 88 dc2.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._tcp.mydomain.org.
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _kerberos._tcp.mydomain.org
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org
            SRV 0 100 88 dc2.mydomain.org
+------------------------------------------------------+

The Record is correct on DNS server '192.168.1.2'.

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kerberos._udp.mydomain.org.
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _kerberos._udp.mydomain.org
DNS DATA =
            SRV 0 100 88 dc1.mydomain.org
            SRV 0 100 88 dc2.mydomain.org
+------------------------------------------------------+

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._tcp.mydomain.org.
DNS DATA =
            SRV 0 100 464 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _kpasswd._tcp.mydomain.org
DNS DATA =
            SRV 0 100 464 dc1.mydomain.org
            SRV 0 100 464 dc2.mydomain.org
+------------------------------------------------------+

The Record is different on DNS server '192.168.1.2'.
DNS server has more than one entries for this name, usually this means there are multiple DCs for this domain.
Your DC entry is one of them on DNS server '192.168.1.2', no need to re-register.

+------------------------------------------------------+
The record on your DC is:
DNS NAME = _kpasswd._udp.mydomain.org.
DNS DATA =
            SRV 0 100 464 dc1.mydomain.org.

The record on DNS server 192.168.1.2 is:
DNS NAME = _kpasswd._udp.mydomain.org
DNS DATA =
            SRV 0 100 464 dc1.mydomain.org
            SRV 0 100 464 dc2.mydomain.org
+------------------------------------------------------+

    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of transports currently bound to the Redir
        NetbiosSmb
        NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}
    The redir is bound to 1 NetBt transport.

    List of transports currently bound to the browser
        NetBT_Tcpip_{87457B90-F820-4129-9397-87073EECE81F}
    The browser is bound to 1 NetBt transport.
    Mailslot test for MYDOMAIN* passed.


DC discovery test. . . . . . . . . : Passed

    Find DC in domain 'MYDOMAIN':
    Found this DC in domain 'MYDOMAIN':
        DC. . . . . . . . . . . : \\dc1.mydomain.org
        Address . . . . . . . . : \\192.168.0.223
        Domain Guid . . . . . . : {44D18637-84B9-482B-B50D-69AA495BE797}
        Domain Name . . . . . . : mydomain.org
        Forest Name . . . . . . : mydomain.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

    Find PDC emulator in domain 'MYDOMAIN':
    Found this PDC emulator in domain 'MYDOMAIN':
        DC. . . . . . . . . . . : \\dc1.mydomain.org
        Address . . . . . . . . : \\192.168.0.223
        Domain Guid . . . . . . : {44D18637-84B9-482B-B50D-69AA495BE797}
        Domain Name . . . . . . : mydomain.org
        Forest Name . . . . . . : mydomain.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8

    Find Windows 2000 DC in domain 'MYDOMAIN':
    Found this Windows 2000 DC in domain 'MYDOMAIN':
        DC. . . . . . . . . . . : \\dc1.mydomain.org
        Address . . . . . . . . : \\192.168.0.223
        Domain Guid . . . . . . : {44D18637-84B9-482B-B50D-69AA495BE797}
        Domain Name . . . . . . : mydomain.org
        Forest Name . . . . . . : mydomain.org
        DC Site Name. . . . . . : Default-First-Site-Name
        Our Site Name . . . . . : Default-First-Site-Name
        Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8


DC list test . . . . . . . . . . . : Passed
    List of DCs in Domain 'MYDOMAIN':
        dc1.mydomain.org
        dc2.mydomain.org


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed
    Cached Tickets:
    Server: krbtgt/MYDOMAIN.ORG
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: krbtgt/MYDOMAIN.ORG
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: DC2$
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: DC1$
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: MGMT$
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: MOM$
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47
    Server: ldap/dc1.mydomain.org/mydomain.org
        End Time: 3/29/2006 11:20:47
        Renew Time: 4/5/2006 1:20:47


LDAP test. . . . . . . . . . . . . : Passed

    Do un-authenticated LDAP call to 'dc1.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072621.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 104 CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 16 DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 7 1202180
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 14 dc1.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc1$@MYDOMAIN.ORG
        Attr: serverName
            Val: 87 CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Do NTLM authenticated LDAP call to 'dc1.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072622.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 104 CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 16 DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 7 1202180
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 14 dc1.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc1$@MYDOMAIN.ORG
        Attr: serverName
            Val: 87 CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Do Negotiate authenticated LDAP call to 'dc1.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072622.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 104 CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 16 DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 16 MaxActiveQueries
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
        Attr: highestCommittedUSN
            Val: 7 1202180
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
        Attr: dnsHostName
            Val: 14 dc1.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc1$@MYDOMAIN.ORG
        Attr: serverName
            Val: 87 CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE

    Registered Service Principal Names:
        V2i Protector Agent 2.0/dc1.mydomain.org
        MSSQLSvc/dc1.mydomain.org:1433
        SMTPSVC/DC1
        SMTPSVC/dc1.mydomain.org
        NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dc1.mydomain.org
        GC/dc1.mydomain.org/mydomain.org
        HOST/dc1.mydomain.org/MYDOMAIN
        HOST/DC1
        HOST/dc1.mydomain.org
        HOST/dc1.mydomain.org/mydomain.org
        E3514235-4B06-11D1-AB04-00C04FC2DCD2/84bcff25-373a-4271-a035-17e4525bd1bc/mydomain.org
        LDAP/84bcff25-373a-4271-a035-17e4525bd1bc._msdcs.mydomain.org
        LDAP/dc1.mydomain.org/MYDOMAIN
        LDAP/DC1
        LDAP/dc1.mydomain.org
        LDAP/dc1.mydomain.org/mydomain.org
        DNS/dc1.mydomain.org

    Do un-authenticated LDAP call to 'dc2.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072626.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 88 CN=NTDS Settings,CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 16 DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 5 36935
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 14 dc2.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc2$@MYDOMAIN.ORG
        Attr: serverName
            Val: 71 CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Do NTLM authenticated LDAP call to 'dc2.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072626.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 88 CN=NTDS Settings,CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 16 DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 5 36935
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 14 dc2.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc2$@MYDOMAIN.ORG
        Attr: serverName
            Val: 71 CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Do Negotiate authenticated LDAP call to 'dc2.mydomain.org'.
        Found 1 entries:
        Attr: currentTime
            Val: 17 20060329072629.0Z
        Attr: subschemaSubentry
            Val: 56 CN=Aggregate,CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: dsServiceName
            Val: 88 CN=NTDS Settings,CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: namingContexts
            Val: 16 DC=mydomain,DC=org
            Val: 33 CN=Configuration,DC=mydomain,DC=org
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: defaultNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: schemaNamingContext
            Val: 43 CN=Schema,CN=Configuration,DC=mydomain,DC=org
        Attr: configurationNamingContext
            Val: 33 CN=Configuration,DC=mydomain,DC=org
        Attr: rootDomainNamingContext
            Val: 16 DC=mydomain,DC=org
        Attr: supportedControl
            Val: 22 1.2.840.113556.1.4.319
            Val: 22 1.2.840.113556.1.4.801
            Val: 22 1.2.840.113556.1.4.473
            Val: 22 1.2.840.113556.1.4.528
            Val: 22 1.2.840.113556.1.4.417
            Val: 22 1.2.840.113556.1.4.619
            Val: 22 1.2.840.113556.1.4.841
            Val: 22 1.2.840.113556.1.4.529
            Val: 22 1.2.840.113556.1.4.805
            Val: 22 1.2.840.113556.1.4.521
            Val: 22 1.2.840.113556.1.4.970
            Val: 23 1.2.840.113556.1.4.1338
            Val: 22 1.2.840.113556.1.4.474
            Val: 23 1.2.840.113556.1.4.1339
            Val: 23 1.2.840.113556.1.4.1340
            Val: 23 1.2.840.113556.1.4.1413
            Val: 23 2.16.840.1.113730.3.4.9
            Val: 24 2.16.840.1.113730.3.4.10
            Val: 23 1.2.840.113556.1.4.1504
            Val: 23 1.2.840.113556.1.4.1852
            Val: 22 1.2.840.113556.1.4.802
        Attr: supportedLDAPVersion
            Val: 1 3
            Val: 1 2
        Attr: supportedLDAPPolicies
            Val: 14 MaxPoolThreads
            Val: 15 MaxDatagramRecv
            Val: 16 MaxReceiveBuffer
            Val: 15 InitRecvTimeout
            Val: 14 MaxConnections
            Val: 15 MaxConnIdleTime
            Val: 11 MaxPageSize
            Val: 16 MaxQueryDuration
            Val: 16 MaxTempTableSize
            Val: 16 MaxResultSetSize
            Val: 22 MaxNotificationPerConn
            Val: 11 MaxValRange
        Attr: highestCommittedUSN
            Val: 5 36935
        Attr: supportedSASLMechanisms
            Val: 6 GSSAPI
            Val: 10 GSS-SPNEGO
            Val: 8 EXTERNAL
            Val: 10 DIGEST-MD5
        Attr: dnsHostName
            Val: 14 dc2.mydomain.org
        Attr: ldapServiceName
            Val: 26 mydomain.org:dc2$@MYDOMAIN.ORG
        Attr: serverName
            Val: 71 CN=DC2,CN=Servers,CN=TampaSt,CN=Sites,CN=Configuration,DC=mydomain,DC=org
        Attr: supportedCapabilities
            Val: 22 1.2.840.113556.1.4.800
            Val: 23 1.2.840.113556.1.4.1670
            Val: 23 1.2.840.113556.1.4.1791
        Attr: isSynchronized
            Val: 4 TRUE
        Attr: isGlobalCatalogReady
            Val: 4 TRUE
        Attr: domainFunctionality
            Val: 1 0
        Attr: forestFunctionality
            Val: 1 0
        Attr: domainControllerFunctionality
            Val: 1 2

    Registered Service Principal Names:
        V2i Protector Agent 2.0/dc1.mydomain.org
        MSSQLSvc/dc1.mydomain.org:1433
        SMTPSVC/DC1
        SMTPSVC/dc1.mydomain.org
        NtFrs-88f5d2bd-b646-11d2-a6d3-00c04fc9b232/dc1.mydomain.org
        GC/dc1.mydomain.org/mydomain.org
        HOST/dc1.mydomain.org/MYDOMAIN
        HOST/DC1
        HOST/dc1.mydomain.org
        HOST/dc1.mydomain.org/mydomain.org
        E3514235-4B06-11D1-AB04-00C04FC2DCD2/84bcff25-373a-4271-a035-17e4525bd1bc/mydomain.org
        LDAP/84bcff25-373a-4271-a035-17e4525bd1bc._msdcs.mydomain.org
        LDAP/dc1.mydomain.org/MYDOMAIN
        LDAP/DC1
        LDAP/dc1.mydomain.org
        LDAP/dc1.mydomain.org/mydomain.org
        DNS/dc1.mydomain.org


Routing table test . . . . . . . . : Passed
Active Routes :
Network Destination        Netmask           Gateway         Interface  Metric
         0.0.0.0           0.0.0.0       192.168.0.1     192.168.0.223       1
       127.0.0.0         255.0.0.0         127.0.0.1         127.0.0.1       1
       127.0.0.1   255.255.255.255         127.0.0.1         127.0.0.1       1
     192.168.0.0     255.255.255.0     192.168.0.223     192.168.0.223       1
   192.168.0.223   255.255.255.255         127.0.0.1         127.0.0.1       1
       224.0.0.0         240.0.0.0     192.168.0.223     192.168.0.223       1
 255.255.255.255   255.255.255.255     192.168.0.223     192.168.0.223       1
No persistent route entries.


Netstat information test . . . . . : Passed


    Interface Statistics

                                    Received             Sent
    Unicast Packets                 14113878         13873106
    Non-unicast packets                 4859              311
    Discards                               0                0
    Errors                                 0                0
    Unknown protocols                     77           457224

    Interface index         =  1
    Description             =  Internal loopback interface for 127.0.0 network
    Type                    =  24
    MTU                     =  32768
    Speed                   =  10000000
    Physical Address        =  00-00-00-00-00-00
    Administrative Status   =  1
    Operational Status      =  1
    Last Changed            =  0
    Output Queue Length     =  0


    Interface index         =  16777219
    Description             =  Fast Ethernet Adapter
    Type                    =  6
    MTU                     =  1500
    Speed                   =  10000000
    Physical Address        =  00-A0-24-BF-71-1E
    Administrative Status   =  1
    Operational Status      =  1
    Last Changed            =  3203364180
    Output Queue Length     =  90



    Active Connections

  Proto Local Address         Foreign Address                           State
    TCP   dc1:daytime           dc1.mydomain.org:26676                      LISTENING
    TCP   dc1:ftp               dc1.mydomain.org:26657                      LISTENING
    TCP   dc1:smtp              dc1.mydomain.org:26693                      LISTENING
    TCP   dc1:domain            dc1.mydomain.org:18572                      LISTENING
    TCP   dc1:http              dc1.mydomain.org:35025                      LISTENING
    TCP   dc1:kerberos          dc1.mydomain.org:10312                      LISTENING
    TCP   dc1:nntp              dc1.mydomain.org:10408                      LISTENING
    TCP   dc1:epmap             dc1.mydomain.org:2190                       LISTENING
    TCP   dc1:ldap              dc1.mydomain.org:18437                      LISTENING
    TCP   dc1:https             dc1.mydomain.org:35010                      LISTENING
    TCP   dc1:microsoft-ds      dc1.mydomain.org:59440                      LISTENING
    TCP   dc1:kpasswd           dc1.mydomain.org:59643                      LISTENING
    TCP   dc1:563               dc1.mydomain.org:2059                       LISTENING
    TCP   dc1:593               dc1.mydomain.org:34869                      LISTENING
    TCP   dc1:ldaps             dc1.mydomain.org:43181                      LISTENING
    TCP   dc1:1026              dc1.mydomain.org:26777                      LISTENING
    TCP   dc1:1029              dc1.mydomain.org:34949                      LISTENING
    TCP   dc1:1033              dc1.mydomain.org:51373                      LISTENING
    TCP   dc1:1034              dc1.mydomain.org:2126                       LISTENING
    TCP   dc1:1081              dc1.mydomain.org:51378                      LISTENING
    TCP   dc1:1086              dc1.mydomain.org:2155                       LISTENING
    TCP   dc1:1087              dc1.mydomain.org:18491                      LISTENING
    TCP   dc1:1092              dc1.mydomain.org:51316                      LISTENING
    TCP   dc1:1094              dc1.mydomain.org:43114                      LISTENING
    TCP   dc1:1103              dc1.mydomain.org:2208                       LISTENING
    TCP   dc1:1104              dc1.mydomain.org:18462                      LISTENING
    TCP   dc1:1111              dc1.mydomain.org:18606                      LISTENING
    TCP   dc1:1154              dc1.mydomain.org:26660                      LISTENING
    TCP   dc1:1157              dc1.mydomain.org:2268                       LISTENING
    TCP   dc1:1158              dc1.mydomain.org:43222                      LISTENING
    TCP   dc1:1159              dc1.mydomain.org:2112                       LISTENING
    TCP   dc1:1162              dc1.mydomain.org:51241                      LISTENING
    TCP   dc1:1176              dc1.mydomain.org:18638                      LISTENING
    TCP   dc1:1177              dc1.mydomain.org:59476                      LISTENING
    TCP   dc1:1178              dc1.mydomain.org:18478                      LISTENING
    TCP   dc1:1218              dc1.mydomain.org:26762                      LISTENING
    TCP   dc1:1378              dc1.mydomain.org:34836                      LISTENING
    TCP   dc1:1471              dc1.mydomain.org:18681                      LISTENING
    TCP   dc1:pptp              dc1.mydomain.org:59561                      LISTENING
    TCP   dc1:1861              dc1.mydomain.org:51453                      LISTENING
    TCP   dc1:1935              dc1.mydomain.org:43101                      LISTENING
    TCP   dc1:2434              dc1.mydomain.org:59410                      LISTENING
    TCP   dc1:2458              dc1.mydomain.org:34827                      LISTENING
    TCP   dc1:2462              dc1.mydomain.org:59507                      LISTENING
    TCP   dc1:2567              dc1.mydomain.org:26825                      LISTENING
    TCP   dc1:2603              dc1.mydomain.org:18586                      LISTENING
    TCP   dc1:2659              dc1.mydomain.org:51445                      LISTENING
    TCP   dc1:2664              dc1.mydomain.org:43229                      LISTENING
    TCP   dc1:2672              dc1.mydomain.org:26772                      LISTENING
    TCP   dc1:2676              dc1.mydomain.org:18478                      LISTENING
    TCP   dc1:3268              dc1.mydomain.org:2140                       LISTENING
    TCP   dc1:3269              dc1.mydomain.org:59409                      LISTENING
    TCP   dc1:3389              dc1.mydomain.org:2117                       LISTENING
    TCP   dc1:4750              dc1.mydomain.org:2135                       LISTENING
    TCP   dc1:4751              dc1.mydomain.org:59572                      LISTENING
    TCP   dc1:4752              dc1.mydomain.org:34914                      LISTENING
    TCP   dc1:5003              dc1.mydomain.org:35052                      LISTENING
    TCP   dc1:5900              dc1.mydomain.org:18558                      LISTENING
    TCP   dc1:6200              dc1.mydomain.org:10313                      LISTENING
    TCP   dc1:7023              dc1.mydomain.org:18508                      LISTENING
    TCP   dc1:10000             dc1.mydomain.org:43130                      LISTENING
    TCP   dc1:31619             dc1.mydomain.org:18494                      LISTENING
    TCP   dc1:37100             dc1.mydomain.org:10299                      LISTENING
    TCP   dc1:37450             dc1.mydomain.org:35033                      LISTENING
    TCP   dc1:ldap              dc1.mydomain.org:1033                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:1154                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:1157                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:1159                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:2458                       ESTABLISHED
    TCP   dc1:microsoft-ds      dc1.mydomain.org:2603                       ESTABLISHED
    TCP   dc1:1033              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:1111              dc1.mydomain.org:1176                       ESTABLISHED
    TCP   dc1:1154              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:1157              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:1159              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:1176              dc1.mydomain.org:1111                       ESTABLISHED
    TCP   dc1:1177              dc1.mydomain.org:1935                       ESTABLISHED
    TCP   dc1:1935              dc1.mydomain.org:1177                       ESTABLISHED
    TCP   dc1:2458              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:2603              dc1.mydomain.org:microsoft-ds               ESTABLISHED
    TCP   dc1:epmap             joanna.mydomain.org:1452                    ESTABLISHED
    TCP   dc1:netbios-ssn       dc1.mydomain.org:18446                      LISTENING
    TCP   dc1:netbios-ssn       joanna.mydomain.org:1462                    ESTABLISHED
    TCP   dc1:ldap              es1.mydomain.org:11595                      TIME_WAIT
    TCP   dc1:ldap              dc1.mydomain.org:1092                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:2434                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:2462                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:2662                       TIME_WAIT
    TCP   dc1:ldap              dc1.mydomain.org:2663                       TIME_WAIT
    TCP   dc1:ldap              dc1.mydomain.org:2664                       ESTABLISHED
    TCP   dc1:ldap              dc1.mydomain.org:2667                       TIME_WAIT
    TCP   dc1:ldap              fw1.mydomain.org:32466                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32496                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32498                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32499                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32500                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32516                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:32563                      ESTABLISHED
    TCP   dc1:ldap              fw1.mydomain.org:33038                      ESTABLISHED
    TCP   dc1:1026              dc1.mydomain.org:1094                       ESTABLISHED
    TCP   dc1:1026              dc1.mydomain.org:1471                       ESTABLISHED
    TCP   dc1:1092              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:1094              dc1.mydomain.org:1026                       ESTABLISHED
    TCP   dc1:1104              dc1.mydomain.org:ldap                       CLOSE_WAIT
    TCP   dc1:1378              dc1.mydomain.org:ldap                       CLOSE_WAIT
    TCP   dc1:1471              dc1.mydomain.org:1026                       ESTABLISHED
    TCP   dc1:1861              dc1.mydomain.org:ldap                       CLOSE_WAIT
    TCP   dc1:2434              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:2462              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:2567              mom.mydomain.org:microsoft-ds               ESTABLISHED
    TCP   dc1:2657              dc1.mydomain.org:epmap                      TIME_WAIT
    TCP   dc1:2658              dc1.mydomain.org:1026                       TIME_WAIT
    TCP   dc1:2659              dc2.mydomain.org:microsoft-ds               ESTABLISHED
    TCP   dc1:2661              fw1.mydomain.org:netbios-ssn                TIME_WAIT
    TCP   dc1:2664              dc1.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:2668              dc1.mydomain.org:epmap                      TIME_WAIT
    TCP   dc1:2669              dc1.mydomain.org:1026                       TIME_WAIT
    TCP   dc1:2670              dc2.mydomain.org:ldap                       TIME_WAIT
    TCP   dc1:2671              dc2.mydomain.org:ldap                       TIME_WAIT
    TCP   dc1:2672              dc2.mydomain.org:ldap                       ESTABLISHED
    TCP   dc1:2676              dc2.mydomain.org:ldap                       FIN_WAIT_1
    TCP   dc1:2677              dc1.mydomain.org:epmap                      TIME_WAIT
    TCP   dc1:2678              dc1.mydomain.org:1026                       TIME_WAIT
    TCP   dc1:3268              fw1.mydomain.org:32495                      ESTABLISHED
    TCP   dc1:3268              fw1.mydomain.org:32505                      ESTABLISHED
    TCP   dc1:3268              fw1.mydomain.org:32506                      ESTABLISHED
    TCP   dc1:3268              fw1.mydomain.org:32919                      ESTABLISHED
    TCP   dc1:5900              mgmt.mydomain.org:4207                      ESTABLISHED
    UDP  dc1:bootpc            *:*                                    
    UDP  dc1:epmap             *:*                                    
    UDP  dc1:snmp              *:*                                    
    UDP  dc1:microsoft-ds      *:*                                    
    UDP  dc1:1028              *:*                                    
    UDP  dc1:1031              *:*                                    
    UDP  dc1:1032              *:*                                    
    UDP  dc1:1035              *:*                                    
    UDP  dc1:1039              *:*                                    
    UDP  dc1:1050              *:*                                    
    UDP  dc1:1059              *:*                                    
    UDP  dc1:1061              *:*                                    
    UDP  dc1:1074              *:*                                    
    UDP  dc1:1091              *:*                                    
    UDP  dc1:1096              *:*                                    
    UDP  dc1:1153              *:*                                    
    UDP  dc1:1163              *:*                                    
    UDP  dc1:1377              *:*                                    
    UDP  dc1:1481              *:*                                    
    UDP  dc1:1645              *:*                                    
    UDP  dc1:1646              *:*                                    
    UDP  dc1:l2tp              *:*                                    
    UDP  dc1:radius            *:*                                    
    UDP  dc1:radacct           *:*                                    
    UDP  dc1:1860              *:*                                    
    UDP  dc1:2650              *:*                                    
    UDP  dc1:3456              *:*                                    
    UDP  dc1:domain            *:*                                    
    UDP  dc1:1030              *:*                                    
    UDP  dc1:1221              *:*                                    
    UDP  dc1:1222              *:*                                    
    UDP  dc1:domain            *:*                                    
    UDP  dc1:bootps            *:*                                    
    UDP  dc1:bootpc            *:*                                    
    UDP  dc1:kerberos          *:*                                    
    UDP  dc1:ntp               *:*                                    
    UDP  dc1:netbios-ns        *:*                                    
    UDP  dc1:netbios-dgm       *:*                                    
    UDP  dc1:389               *:*                                    
    UDP  dc1:kpasswd           *:*                                    
    UDP  dc1:isakmp            *:*                                    
    UDP  dc1:2535              *:*                                    


    IP  Statistics

    Packets Received              =   117,674
    Received Header Errors        =   0
    Received Address Errors       =   26
    Datagrams Forwarded           =   0
    Unknown Protocols Received    =   0
    Received Packets Discarded    =   0
    Received Packets Delivered    =   117,253
    Output Requests               =   115,042
    Routing Discards              =   0
    Discarded Output Packets      =   0
    Output Packet No Route        =   0
    Reassembly  Required          =   2
    Reassembly Successful         =   1
    Reassembly Failures           =   0
    Datagrams successfully fragmented  =   1
    Datagrams failing fragmentation    =   0
    Fragments Created                  =   2
    Forwarding                        =    1
    Default TTL                       =    128
    Reassembly  timeout               =    60


    TCP Statistics

    Active Opens               =    1,100
    Passive Opens              =    5,721
    Failed Connection Attempts =    842
    Reset Connections          =    514
    Current Connections        =    49
    Received Segments          =    97,865
    Segment Sent               =    97,150
    Segment Retransmitted      =    1,670
    Retransmission Timeout Algorithm  =   vanj
    Minimum Retransmission Timeout  = 300
    Maximum Retransmission Timeout  = 30,000
    Maximum Number of Connections   = -1


    UDP Statistics

    Datagrams Received    =   18,299
    No Ports              =   369
    Receive Errors        =   0
    Datagrams Sent        =   15,088


    ICMP Statistics

                              Received           Sent
    Messages                       943            943
    Errors                           0              0
    Destination  Unreachable         7              7
    Time    Exceeded                 0              0
    Parameter Problems               0              0
    Source Quenchs                   0              0
    Redirects                        0              0
    Echos                          773            773
    Echo Replies                   163            163
    Timestamps                       0              0
    Timestamp Replies                0              0
    Address Masks                    0              0
    Address Mask Replies             0              0


Bindings test. . . . . . . . . . . : Passed
    Component Name : Network Monitor Driver
    Bind Name: NM
    Binding Paths:
        Owner of the binding path : Network Monitor Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Network Monitor Driver
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : Network Monitor Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Network Monitor Driver
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : Network Monitor Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiswanbh
            Upper Component: Network Monitor Driver
            Lower Component: WAN Miniport (Network Monitor)


    Component Name : NDIS Usermode I/O Protocol
    Bind Name: Ndisuio
    Binding Paths:
        Owner of the binding path : NDIS Usermode I/O Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: NDIS Usermode I/O Protocol
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : NDIS Usermode I/O Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: NDIS Usermode I/O Protocol
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter


    Component Name : Point to Point Tunneling Protocol
    Bind Name: mspptp
    Binding Paths:

    Component Name : Layer 2 Tunneling Protocol
    Bind Name: msl2tp
    Binding Paths:

    Component Name : Remote Access NDIS WAN Driver
    Bind Name: NdisWan
    Binding Paths:
        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiscowan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: Direct Parallel

        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiswan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: WAN Miniport (PPTP)

        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiscowan
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: WAN Miniport (L2TP)

        Owner of the binding path : Remote Access NDIS WAN Driver
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiswanasync
            Upper Component: Remote Access NDIS WAN Driver
            Lower Component: RAS Async Adapter


    Component Name : Message-oriented TCP/IP Protocol (SMB session)
    Bind Name: NetbiosSmb
    Binding Paths:

    Component Name : WINS Client(TCP/IP) Protocol
    Bind Name: NetBT
    Binding Paths:
        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : WINS Client(TCP/IP) Protocol
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : Internet Protocol (TCP/IP)
    Bind Name: Tcpip
    Binding Paths:
        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : Internet Protocol (TCP/IP)
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : Client for Microsoft Networks
    Bind Name: LanmanWorkstation
    Binding Paths:
        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios_smb
            Upper Component: Client for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : Client for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: Client for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : DHCP Server
    Bind Name: DHCPServer
    Binding Paths:

    Component Name : Wireless Configuration
    Bind Name: wzcsvc
    Binding Paths:

    Component Name : Network Load Balancing
    Bind Name: Wlbs
    Binding Paths:
        Owner of the binding path : Network Load Balancing
        Binding Enabled: No
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Network Load Balancing
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : Network Load Balancing
        Binding Enabled: No
    Interfaces of the binding path:
        -Interface Name: ndis5
            Upper Component: Network Load Balancing
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter


    Component Name : Steelhead
    Bind Name: RemoteAccess
    Binding Paths:

    Component Name : Dial-Up Server
    Bind Name: msrassrv
    Binding Paths:

    Component Name : Remote Access Connection Manager
    Bind Name: RasMan
    Binding Paths:

    Component Name : Dial-Up Client
    Bind Name: msrascli
    Binding Paths:

    Component Name : File and Printer Sharing for Microsoft Networks
    Bind Name: LanmanServer
    Binding Paths:
        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios_smb
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: Message-oriented TCP/IP Protocol (SMB session)

        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : File and Printer Sharing for Microsoft Networks
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: File and Printer Sharing for Microsoft Networks
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : NetBIOS Interface
    Bind Name: NetBIOS
    Binding Paths:
        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: VIA Rhine III Fast Ethernet Adapter

        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndis5
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter

        Owner of the binding path : NetBIOS Interface
        Binding Enabled: Yes
    Interfaces of the binding path:
        -Interface Name: netbios
            Upper Component: NetBIOS Interface
            Lower Component: WINS Client(TCP/IP) Protocol
        -Interface Name: tdi
            Upper Component: WINS Client(TCP/IP) Protocol
            Lower Component: Internet Protocol (TCP/IP)
        -Interface Name: ndiswanip
            Upper Component: Internet Protocol (TCP/IP)
            Lower Component: WAN Miniport (IP)


    Component Name : QoS RSVP
    Bind Name: RSVP
    Binding Paths:

    Component Name : Generic Packet Classifier
    Bind Name: Gpc
    Binding Paths:

    Component Name : VIA Rhine III Fast Ethernet Adapter
    Bind Name: {51D5EE11-E79E-4279-9E67-95A7D5F41E1B}
    Binding Paths:

    Component Name : 3Com Fast EtherLink 10/100Mb Bus-Master PCI Adapter
    Bind Name: {87457B90-F820-4129-9397-87073EECE81F}
    Binding Paths:

    Component Name : WAN Miniport (Network Monitor)
    Bind Name: NdisWanBh
    Binding Paths:

    Component Name : WAN Miniport (IP)
    Bind Name: NdisWanIp
    Binding Paths:

    Component Name : Direct Parallel
    Bind Name: {987F45E5-EC79-45BF-B18B-EA993B7EB051}
    Binding Paths:

    Component Name : WAN Miniport (PPTP)
    Bind Name: {25E42AD2-A472-4D3F-B78B-56B1D9BBC2D9}
    Binding Paths:

    Component Name : WAN Miniport (L2TP)
    Bind Name: {CF9BD6B6-9695-4282-9E73-CAB6EB196237}
    Binding Paths:

    Component Name : RAS Async Adapter
    Bind Name: {E6D3D539-195A-4AF0-9803-AE31F371EF47}
    Binding Paths:



WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

    Name . . . . . . . . . . . . . : Intel(R) 536EP Modem
        DeviceID . . . . . . . . . : 0
        Port . . . . . . . . . . . : COM3
        Negotiated Speed . . . . . : 0
        Compression. . . . . . . . : Off
        Error control. . . . . . . : Off
        Forced error control . . . : Off
        Cellular . . . . . . . . . : Off
        Flowcontrol hard . . . . . : Off
        Flowcontrol soft . . . . . : Off
        CCITT override . . . . . . : Off
        Speed adjust . . . . . . . : Off
        Tone dial. . . . . . . . . : Off
        Blind dial . . . . . . . . : Off
        V23 override . . . . . . . : Off

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.

    IPSec Statistics

     Oakley Main Modes             : 0
     Oakley Quick Modes            : 0
     Active Associations           : 0
     Soft Associations             : 0
     Authenticated Bytes Sent      : 0
     Authenticated Bytes Received  : 0
     Confidential Bytes Sent       : 0
     Confidential Bytes Received   : 0
     Offloaded Bytes Sent          : 0
     Offloaded Bytes Received      : 0
     ReKeys                        : 0

     Authentication Failures       : 0
     Negotiation Failures          : 0
     Packets not decrypted         : 0
     Packets not authenticated     : 0
     Invalid Cookies Rcvd          : 0
     Acquire fail                  : 0
     Receive fail                  : 0
     Send fail                     : 0
     GetSpiFail                    : 0
     KeyAddFail                    : 0
     KeyUpdateFail                 : 0

     Active Acquire                : 1
     Active Rcv                    : 0
     Active Send                   : 0
     Total Acquire                 : 0
     TotalGetSpi                   : 0
     TotalKeyAdd                   : 0
     TotalKeyUpdate                : 0
     Inactive Associations         : 0
     Dead Associations             : 0
     Pending Keys                  : 0
     Key Flushes                   : 0
     Key Additions                 : 0
     Key Deletes                   : 0

    Phase 1 offers count is 4
     OFFER #1:
     PFS : No, Encryption : 3DES, Hash : SHA1, Group : Medium (2)
     Quickmodes per MainMode : 0, Lifetime Seconds : 28800
     OFFER #2:
     PFS : No, Encryption : 3DES, Hash : MD5, Group : Medium (2)
     Quickmodes per MainMode : 0, Lifetime Seconds : 28800
     OFFER #3:
     PFS : No, Encryption : DES, Hash : SHA1, Group : Low (1)
     Quickmodes per MainMode : 0, Lifetime Seconds : 28800
     OFFER #4:
     PFS : No, Encryption : DES, Hash : MD5, Group : Low (1)
     Quickmodes per MainMode : 0, Lifetime Seconds : 28800

    Current Phase 1 SAs:
    No SAs.


    Current Phase 2 SAs:
    No SAs.




The command completed successfully

******************************************************

I will be leaving soon (it is 230am here), but will get back on tomorrow.  Thank you so much for your reply and your time! :-)
0
 
redmanjbAuthor Commented:
Also, for troubleshooting, I changed my DNS settings on my DC NICs a little.  On DC1, first DNS server listed is IP for DC2, then itself as 2nd.  On DC1, first DNS server is IP for DC1, then itself as 2nd.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
Jay_Jay70Commented:
no worries mate   ill check these logs and post back tomorrow for you

cheers
0
 
alimuCommented:
check also that your Exchange Server's time is within 5 minutes of your DC.  If not this will kill all kerberos traffic (and thereby your ability to talk to AD / other network resources).  (just giving you something to do while you wait for JJ :)  )
0
 
Tony MassaCommented:
All DCs should point to themselves first for DNS, then to another DC second.

Do you get any of the following?  
From:  http://support.microsoft.com/?id=216393

For each Windows 2000 or Windows XP workstation or server that is a member of a domain, there is a discrete communication channel, known as the security channel, with a domain controller.

The security channel's password is stored along with the computer account on all domain controllers. For Windows 2000 or Windows XP, the default computer account password change period is every 30 days. If, for some reason, the computer account's password and the LSA secret are not synchronized, the Netlogon service logs one or both of the following errors messages:

The session setup from the computer EXCHANGESERVER failed to authenticate. The name of the account referenced in the security database is EXCHANGESERVER$. The following error occurred: Access is denied.

NETLOGON Event ID 3210:
Failed to authenticate with \\DOMAINCONTROLLER, a Windows NT domain controller for domain YOURDOMAIN.

If so, you should probably remove the exchange server from the domain and rejoin.
0
 
redmanjbAuthor Commented:
alimu:  yes, the logon script sets the time, they are exact

tmassa99:  Initially, DC1 did point to itself for DNS, but didn't point to DC2.  Same goes for DC2.  I changed the IPs to point to eachother because I read that it may help.  I just swapped them around, making DC1 point to itself first, then to DC2 second, and made DC2 point to itself first, then DC1 second.
**********************************************************
I just ran a " nltest /sc_verify:mydomain ", and got the following:
Flags: 80
Trusted DC Name  
Trusted DC Connection Status Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
Trust Verification Status = 1311 0x51f ERROR_NO_LOGON_SERVERS
The command completed successfully
**********************************************************
I tried the following many times last night, but just did it again from ES1 to DC1:  " netdom reset es1 /domain:mydomain ", and got the following:
The secure channel from ES1 to MYDOMAIN was not reset.

There are currently no logon servers available to service the logon request.

There are currently no logon servers available to service the logon request.

The command failed to complete successfully.
**********************************************************
  I tried the script to reset the password as shown in the above link, but it didn't do anything, so I assumed it did something

Also, I had tried many times to remove ES1 from the domain.  From ES1, I drop it into a workgroup, it asks me for username and password, I enter it, then reboot.  When it comes back up, I log into the local computer and check, and see that it still shows up as a member of the domain.  I've even deleted the computer account in AD while ES1 is rebooting, tried renaming ES1 while putting it into a workgroup, etc.
0
 
Tony MassaCommented:
You answer will be to get that server back onto the domain.

When you remove the computer from the domain, you can try to use a Domain Admin account, as well as re-adding the server to the domain.

What happens when you try adding the computer back into the domain anyway?  

Go to Network Connections
"Advanced" --> "Network Identification"
Click the "CHANGE" button.  
If the DNS name is listed, change it to the NETBIOS name, and vice-versa.  You will then be allowed to hit the OK button.

Let me know what happens, and check the event logs for any errors.

Hope this helps.

Tony

0
 
redmanjbAuthor Commented:
No, I select to put it into a workgroup, and it accepts.  In other words, I add it to the workgroup called "WORK", and it says "Welcome to the WORK workgoup" or whatever.  So it appears as if it is removed from the domain.  When I reboot the computer, I then go back into where I can add it back onto the domain, but it shows that it is STILL a part of the domain.  It appears as if it doesn't even get dropped into a workgroup at all, even after me using the Domain Admin account.  In fact, everything that I have tried to do was with using the Domain Admin account.
0
 
Tony MassaCommented:
Perhaps it can't...try to use the local admin password for removal if you haven't already.

Is the computer account now gone from the Domain?

Also, I wanted you to try to add it to the domain (even though it thinks it is) by changing the Domain listed there.  
It should display hdcinc.org in the DOMAIN box, just change it to the NETBIOS name (probably HDCINC) and try adding it with the domain account.
0
 
Jay_Jay70Commented:
have you demoted the server?? you cant just put a DC into a workgroup! have i missed something in all the last posts??
0
 
redmanjbAuthor Commented:
Jay Jay70:  ES1 is just a member server with Exchange, and it is not able to see DC1, the DC.

tmassa99:  No go.  I dropped ES1 into a workgroup again, rebooted, logged in, and it shows that it still is a member of "hdcinc.org"  I changed it to "hdcinc", and an error message popped up saying: "a domain controller for the domain hdcinc could not be contacted".  And the local admin account and domain admin account both have the same user name and password.

I don't know, but maybe I'm having a DNS issue?  I checked dnsreport.com, and it checked out fine.  Also, nothing was changed before this occurred, and it was working fine before.  Still the problem remains, ES1 cannot contact DC1, so neither Exchange nor BES will start.
0
 
Jay_Jay70Commented:
definitely DNS related

try flushing your DNS out again on the exchage box, also triple check your records on the DNS server and see that the record exists for the exchange server
0
 
Tony MassaCommented:
The problem isn't with DNS on your domain controllers...all of the tests look good.
The problem I can see is that your ES1 Exchange Server only has 1 connection to your DC, and there should be more.

Does ES1 have DC1 and DC2 as it's primary and secondary DNS?  Are any of the exchange services running?

Why does FW1 connect to your Global Catalog Service?  Is this your firewall??
TCP   dc1:3268              fw1.mydomain.org:32505                      ESTABLISHED

Tony


0
 
Tony MassaCommented:
Sorry...post the output of :

IPConfig /all  -and-  nbtstat -an             ...Thanks
0
 
redmanjbAuthor Commented:
Here's the info from ES1

Windows IP Configuration

   Host Name . . . . . . . . . . . . : es1
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : 3Com EtherLink XL 10/100 PCI TX NIC (3C905B-TX)
   Physical Address. . . . . . . . . : 00-50-04-14-01-68
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.221
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.223
   NetBIOS over Tcpip. . . . . . . . : Disabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Description . . . . . . . . . . . : Realtek RTL8139 Family PCI Fast Ethernet NIC
   Physical Address. . . . . . . . . : 00-40-2B-61-27-FA
******************************************************************
   
Local Area Connection 2:
Node IpAddress: [192.168.0.221] Scope Id: []

    No names in cache
   
Local Area Connection:
Node IpAddress: [0.0.0.0] Scope Id: []

    No names in cache

******************************************************************
Not sure, but the nbtstat looks a little odd...
0
 
Tony MassaCommented:
It is....you may want to try reinstalling/replacing your NIC.  You IP address isn't showing up or that

It should look something like this:
Local Area Connection:
Node IpAddress: [10.10.202.42] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    LXVAHQLO0029   <00>  UNIQUE      Registered
    LANDAM         <00>  GROUP       Registered
    LXVAHQLO0029   <20>  UNIQUE      Registered

0
 
redmanjbAuthor Commented:
Hmmmm...strange.  Now before, the on-board NIC was being used.  And after this issue first arose, that night, I added a NIC from an old computer for troubleshooting.  The "new" NIC is the one that's still being used.  I'm going to put another one in this evening (this job is my 2nd job, and its part-time), and try it out.  But it just seems unlikely that both the onboard NIC and the add-on NIC could be experiencing the same difficulties, unless there's a problem with the TCP/IP stack.  What do you think?
0
 
Tony MassaCommented:
I would remove and reinstall the adapter first, if that doesn't fix it, then try reinstalling TCP/IP

here's a link to repairing TCP/IP on 2003:
http://support.microsoft.com/default.aspx?scid=kb;en-us;325356
0
 
redmanjbAuthor Commented:
I am able to ping pretty much anything by IP address, but not by host name.  So is the nic faulty, or the stack?  Or is it just a dns issue?
0
 
redmanjbAuthor Commented:
Is there something I can do with these:
******************************************************************
(ran netdom help)
The syntax of this command is:
NETDOM HELP command
      -or-
NETDOM command /help

   Commands available are:

   NETDOM ADD               NETDOM QUERY          NETDOM TRUST
   NETDOM HELP              NETDOM REMOVE         NETDOM VERIFY
   NETDOM JOIN              NETDOM RENAME         NETDOM TIME
   NETDOM MOVE              NETDOM RESET          NETDOM RESETPWD

   NETDOM HELP SYNTAX explains how to read NET HELP syntax lines.
   NETDOM HELP command | MORE displays Help one screen at a time.

   Note that verbose output can be specified by including /VERBOSE with
   any of the above netdom commands.

The command completed successfully.
******************************************************************
(ran netdom trust help)
The syntax of this command is:

NETDOM TRUST trusting_domain_name /Domain:trusted_domain_name [/UserD:user]
           [/PasswordD:[password | *]] [UserO:user] [/PasswordO:[password | *]]
           [/Verify] [/RESEt] [/PasswordT:new_realm_trust_password]
           [/Add] [/REMove] [/Twoway] [/Kerberos] [/Transitive[:{yes | no}]]
           [/OneSide:{trusted | trusting}] [/Force] [/FilterSIDs[:{yes | no}]]

NETDOM TRUST Manages or verifies the trust relationship between domains

trusting_domain_name is the name of the trusting domain

/Domain         Specifies the name of the trusted domain.

/UserD          User account used to make the connection with the domain
                specified by the /Domain argument

/PasswordD      Password of the user account specified by /UserD. A * means
                to prompt for the password

/UserO          User account for making the connection with the trusting
                domain

/PasswordO      Password of the user account specified By /UserO. A * means
                to prompt for the password

/Verify         Verifies that the the trust is operating properly

/RESEt          Resets the trust passwords between two domains. The domains can
                be named in any order. Reset is not valid on a trust to a
                Kerberos realm unless the /PASSWORDT parameter is included.

/PasswordT      New trust password, valid only with the /ADD or /RESET options
                and only if one of the domains specified is a non-Windows
                Kerberos realm. The trust password is set on the Windows domain
                only and thus credentials are not needed for the non-Windows
                domain.

/Add            Specifies that a trust should be created

/Remove         Specifies that a trust should be removed

/Twoway         Specifies that a trust relationship should be bidirectional

/OneSide        Denotes that the trust object should only be created on one
                domain. The 'trusted' keyword indicates that the trust object
                is created on the trusted domain (the one named with the /D
                parameter). The 'trusting' keyword indicates that the trust
                object is to be created on the trusting domain. Valid only with
                the /ADD option. The /PasswordT option is required.

/REAlm          Indicates that the trust is to be created to a non-Windows
                Kerberos realm. Valid only with the /ADD option. The
                /PasswordT option is required.

/TRANSitive     Valid only for a non-Windows Kerberos realm. Specifying "yes"
                sets it to a transitive trust. Specifying "no" sets it to a
                non-transitive trust. If neither is specified, then the current
                transitivity state will be displayed.

/Kerberos       Specifies that the Kerberos authentication protocol should be
                verified between a domain or workstation and a target domain;
                You must supply user accounts and passwords for both the object
                and target domain.

/Force          Valid with the /Remove option. Forces the removal of the trust
                (and cross-ref) objects on one domain even if the other domain
                is not found or does not contain matching trust objects. You
                must use the full DNS name to specify the domain.
                CAUTION: this option will completely remove a child domain.
/FilterSIDs     Valid only on an existing direct, outbound trust. Set or clear
                the SID filtering attribute. Default is "no". When "yes" is
                specified, then only SIDs from the directly trusted domain
                will be accepted for authorization data returned during
                authentication. SIDS from any other domains will be removed.
                Specifying /FilterSIDs without yes or no will display the
                current state.

NETDOM HELP command | MORE displays Help one screen at a time.
The command completed successfully.
******************************************************************
(ran netdom reset help)
The syntax of this command is:
NETDOM RESET machine /Domain:domain [/Server:server]
             [UserO:user] [/PasswordO:[password | *]]

NETDOM RESET Resets the secure connection between a workstation and a domain
controller

machine is the name of the computer to be have the secure connection reset

/Domain         Specifies the domain with which to establish the secure
                connection

/Server         Name of a specific domain controller that should be used to
                establish the secure connection.

/UserO          User account used to make the connection with the machine to
                be reset

/PasswordO      Password of the user account specified By /UserO.  A * means
                to prompt for the password


NETDOM HELP command | MORE displays Help one screen at a time.
The command completed successfully.
******************************************************************
(ran netdom resetpwd help)
The syntax of this command is:
NETDOM RESETPWD /Server:server UserD:user /PasswordD:[password | *]

NETDOM RESETPWD Resets the machine account password for the machine on which
this command is run. Currently there is no support for resetting machine
password of a remote machine.

/Server         Name of a specific domain controller that should be used
                for setting machine account password.

/UserD          User account used to make the connection with the domain
                controller specified by the /Server argument. This
                must be in <domain>\<user> format.

/PasswordD      Password of the user account specified with /UserD.  A * means
                to prompt for the password

NETDOM HELP command | MORE displays Help one screen at a time.
The command completed successfully.
******************************************************************
Maybe one of these commands are key?  I have tried these commands already, but maybe my syntax was wrong?
0
 
redmanjbAuthor Commented:
Well, we're getting somewhere, sort of.  I put in a new NIC card, and I was actually able to log onto the domain.  However, the event logs still show some errors (40960, 5719, 46, and 1053).  I ran an "nbtstat -an", and got the following:

Local Area Connection 3:
Node IpAddress: [192.168.0.221] Scope Id: []

                NetBIOS Local Name Table

       Name               Type         Status
    ---------------------------------------------
    ES1            <00>  UNIQUE      Registered
    HDCINC         <00>  GROUP       Registered
    ES1            <20>  UNIQUE      Registered
    HDCINC         <1E>  GROUP       Registered
******************************************************************
Here's the Event Log messages I have now:
Event Type:      Warning
Event Source:      LSASRV
Event Category:      SPNEGO (Negotiator)
Event ID:      40960
Date:            3/30/2006
Time:            8:14:33 PM
User:            N/A
Computer:      ES1
Description:
The Security System detected an authentication error for the server cifs/Mgmt.  The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
 (0xc000006d)".

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0               m..À    
******************************************************************
Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5719
Date:            3/30/2006
Time:            8:05:55 PM
User:            N/A
Computer:      ES1
Description:
This computer was not able to set up a secure session with a domain controller in domain HDCINC due to the following:
There are currently no logon servers available to service the logon request.  
This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.  

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 5e 00 00 c0               ^..À    
******************************************************************
Event Type:      Error
Event Source:      W32Time
Event Category:      None
Event ID:      46
Date:            3/30/2006
Time:            8:06:25 PM
User:            N/A
Computer:      ES1
Description:
The time service encountered an error and was forced to shut down.  The error was: 0x80070700: An attempt was made to logon, but the network logon service was not started.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
******************************************************************
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            3/30/2006
Time:            8:13:09 PM
User:            NT AUTHORITY\SYSTEM
Computer:      ES1
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
******************************************************************

0
 
Tony MassaCommented:
That's a little better...can you try to add the server into the WORKGROUP again?
Make sure DNS is DC1 (Primary) and DC2 (Secondary)
Then try to re-add it back to the domain....making progress...

Let me know the results.
0
 
redmanjbAuthor Commented:
The issue continues.  I spent a lot of time working on this issue Thursday night, and, after digging into DC1 a while, I saw that it had some serious problems.  It appeared that DNS on DC1 was totally broke.  In fact, under Windows/System32/Config, I only had a few files in there, no SAM file, no netlogon.dns, and not much of anything else.  So, I decided to take DC1 offline, grab DC2 from another site and bring it over, changed the IP address to match what DC1 was, and removed all of the Site info.  Now, I no longer have the previous events on the DC, except for those related to it still trying to communicate and replicate with DC1.  No big deal there, I'll clean that up later.  The only other event in the event log on DC2 is:

Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      13
Date:            3/31/2006
Time:            1:43:35 AM
User:            N/A
Computer:      DC2
Description:
Automatic certificate enrollment for local system failed to enroll for one Domain Controller certificate (0x800706ba).  The RPC server is unavailable.


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
******************************************************************

Unfortunately, ES1 is not online, and I'm not in the office right now, so I cannot connect remotely.  I will be at that site tonight to work on it some more.  However, Thursday night, after making the DC change, I still had the events on ES1, dealing with the secure channel, trust relationship, 40960 SPENEGO error, etc.  I do have a front-end Exchange server(FW1).  If the ES1 mail services will not start, is there any way to transfer the mailboxes to the front-end mail server?  I don't think so, but maybe you guys know a way that I am not aware of.

Also, after the DC swap, I tried again to put ES1 into a workgroup, but had the same issue as before, when it wouldn't actually remove itself from the domain, even after deleting the computer account on the DC.
0
 
Tony MassaCommented:
I'm not sure why it's not letting you configure a workgroup setting, but I would think it may have to do with Exchange running.  Are all of the Exchange services set to "Manual" startup.  Try making sure that all of the Exchange services are stopped, and then change to workgroup.  

Also make sure that your DCs are pointing to themselves first, then the other DC second.  (Just in case).  As for the autoenrollment error, "This error most often occurs when a domain controller is not available or is not accessible by the client. Common causes include network errors, network connectivity, and so on."  

Perhaps you should check the switch that these servers are connected to.  Sounds like a small office...is there just one switch?  Do they have a spare?
Just seems wierd to have these errors all over the place.
0
 
redmanjbAuthor Commented:
No, exchange is not running, in fact, none of the exchange services will even start as that server is not able to see the DC due to no secure channel existing between them, no trust relationship existing.  With the DC1 offline, I only have one DC, DC2, which is at the central site along with the exchange server.

It is a small office with one switch (the remote office is much smaller), but there are no other problems other than ES1 not able to authenticate with the DC.
0
 
redmanjbAuthor Commented:
Thanks for your help.  I've tried again and again to get it to work, but couldn't.  I had checked the windows\system32\config folder, and saw only a couple files existed.  I ran some diagnostics on the HDD and found some bad blocks.  The DC had been a little problematic (and was very old), so I talked the boss into buying a new server.  I rebuilt the domain from scratch and all is good now...

Moderators:  Please close question
0
 
CetusMODCommented:
PAQed with points refunded (500)

CetusMOD
Community Support Moderator
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

  • 13
  • 9
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now