Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1809
  • Last Modified:

Unable to access the active directory

I started getting errors that nothing could access the active directory. I tried opening Domain security policy and it says that configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. I tried adding a computer to the domain, and it says "Logon Failure: target name is incorrect". I can use the Active directory gui, but have to get access back to the active directory.

Any help is apreciated.

Dcdiag:



Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine bigbox, is a DC.
   * Connecting to directory service on server bigbox.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\BIGBOX
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... BIGBOX passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\BIGBOX
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         * Replication Site Latency Check
         ......................... BIGBOX passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BIGBOX passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... BIGBOX passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC BIGBOX.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Domain,Version 2)
         ......................... BIGBOX passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\BIGBOX\netlogon
         Verified share \\BIGBOX\sysvol
         ......................... BIGBOX passed test NetLogons
      Starting test: Advertising
         The DC BIGBOX is advertising itself as a DC and having a DS.
         The DC BIGBOX is advertising as an LDAP server
         The DC BIGBOX is advertising as having a writeable directory
         The DC BIGBOX is advertising as a Key Distribution Center
         The DC BIGBOX is advertising as a time server
         The DS BIGBOX is advertising as a GC.
         ......................... BIGBOX passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Domain Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role PDC Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Rid Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         ......................... BIGBOX passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 1610 to 1073741823
         * bigbox.office.gastonia.waterstone.nc is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1110 to 1609
         * rIDPreviousAllocationPool is 1110 to 1609
         * rIDNextRID: 1153
         ......................... BIGBOX passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC BIGBOX on DC BIGBOX.
         The account BIGBOX is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of BIGBOX is: 0x81000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc
         * SPN found :LDAP/BIGBOX
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ace3522f-ef35-454f-90eb-e4d34746f1e3/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc
         * SPN found :HOST/BIGBOX
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :GC/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         ......................... BIGBOX failed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BIGBOX passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... BIGBOX passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         BIGBOX is in domain DC=office,DC=gastonia,DC=waterstone,DC=nc
         Checking for CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc in domain DC=office,DC=gastonia,DC=waterstone,DC=nc on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc in domain CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc on 1 servers
            Object is up-to-date on all servers.
         ......................... BIGBOX passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... BIGBOX passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... BIGBOX passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... BIGBOX passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/26/2006   17:05:45
            Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/bigbox.office.gastonia.waterstone.nc.  The

target name used was

LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc.

 This indicates that the password used to encrypt

the kerberos service ticket is different than

that on the target server. Commonly, this is due

to identically named  machine accounts in the

target realm (OFFICE.GASTONIA.WATERSTONE.NC), and

the client realm.   Please contact your system

administrator.
         ......................... BIGBOX failed test systemlog
      Starting test: VerifyReplicas
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... BIGBOX failed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=BIGBOX,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         The system object reference (serverReferenceBL)

         CN=BIGBOX,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         ......................... BIGBOX passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         Can't determine the age of the cross-ref

         CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc,

         so following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=OFFICE,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         ......................... BIGBOX failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BIGBOX for domain office.gastonia.waterstone.nc in site Default-First-Site-Name
         Checking machine account for DC BIGBOX on DC BIGBOX.
         The account BIGBOX is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of BIGBOX is: 0x81000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc
         * SPN found :LDAP/BIGBOX
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ace3522f-ef35-454f-90eb-e4d34746f1e3/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc
         * SPN found :HOST/BIGBOX
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :GC/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         Unable to verify the machine account (CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc) for BIGBOX on BIGBOX.
         [BIGBOX] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... BIGBOX passed test CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... ForestDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... ForestDnsZones failed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... DomainDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... DomainDnsZones failed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
            For the partition

            (CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             we encountered the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... Schema failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
            For the partition

            (CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... Configuration failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
            For the partition (DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=OFFICE,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... office failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.gastonia.waterstone.nc
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... office.gastonia.waterstone.nc passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         PDC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         Time Server Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         KDC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         ......................... office.gastonia.waterstone.nc passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: bigbox.office.gastonia.waterstone.nc
            Domain: office.gastonia.waterstone.nc

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 1.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:11:43:F1:42:38
                     IP address is static
                     IP address: 192.168.1.1
                     DNS servers:
                        192.168.1.1 (<name unavailable>) [Valid]
                  Adapter [00000010] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:11:43:F1:42:39
                     IP address is static
                     IP address: 216.64.110.42
                     DNS servers:
                        192.168.1.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     66.255.85.8 (<name unavailable>) [Valid]
                     66.255.85.9 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure office.gastonia.waterstone.nc.
                  Test record _dcdiag_test_record added successfully in zone office.gastonia.waterstone.nc.
                  Test record _dcdiag_test_record deleted successfully in zone office.gastonia.waterstone.nc.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000009] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 192.168.1.1:
                     bigbox.office.gastonia.waterstone.nc

                     Matching CNAME record found at DNS server 192.168.1.1:
                     ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc

                     Matching DC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.dc._msdcs.office.gastonia.waterstone.nc

                     Matching GC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.gc._msdcs.office.gastonia.waterstone.nc

                     Matching PDC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.pdc._msdcs.office.gastonia.waterstone.nc

                  Network Adapter [00000010] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 192.168.1.1:
                     bigbox.office.gastonia.waterstone.nc

                     Matching CNAME record found at DNS server 192.168.1.1:
                     ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc

                     Matching DC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.dc._msdcs.office.gastonia.waterstone.nc

                     Matching GC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.gc._msdcs.office.gastonia.waterstone.nc

                     Matching PDC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.pdc._msdcs.office.gastonia.waterstone.nc

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 66.255.85.8 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
            DNS server: 66.255.85.9 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.gastonia.waterstone.nc
               bigbox                       PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... office.gastonia.waterstone.nc passed test DNS


0
icedcool
Asked:
icedcool
  • 4
  • 4
  • 2
2 Solutions
 
icedcoolAuthor Commented:
The dns server also can't access the active directory according to the errors generated. The dns server is pointing to the dc,and nslookup is registering everything fine. I tried reseting a machine through the active directory gui and now I cant log onto the users that were associated with the domain on the comp.
0
 
MazaraatCommented:
open ADU&C, verify that your server bigbox (is it a DC?) is listed in the group "Domain Controllers"
0
 
icedcoolAuthor Commented:
It is. I think its because the machine test failed.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
VahikCommented:
0
 
MazaraatCommented:
run these on your DC (bigbox)

dcdiag /v /fix

dcdiag /v /test:RegisterInDNS /DNSdomain:yourdomain.com

any errors?
0
 
icedcoolAuthor Commented:
To fix it I did this:


Open ADSIEdit.msc and find this entry: userAccountControl

This is an attribute on the server object.  It should be under: Domain>DC=.....>OU=Domain Controllers

>right click the CN=BIGBOX and select Properties.
>scroll down to the userAccountControl
>the value should be 0x82000 (532480)
>correct it if it's wrong
>reboot.

Turns out the MachineAccount was set too 0x81000 which should be 0x82000.
0
 
VahikCommented:
Icedcool u should have given me an F....dcdiag not only told us what the problem was it also gave us the fix...
        Checking machine account for DC BIGBOX on DC BIGBOX.
         The account BIGBOX is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of BIGBOX is: 0x81000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT
well glad u fixed ur own problem....take care and good luck
0
 
VahikCommented:
icedcool i see from ur other posts that u still have problem...i will leave it to the
other experts....but i saw in ur post something about FIREWALL on the machine...
if this is a DC and firewall is turned on(windows firewall)then u better turn it off...
0
 
icedcoolAuthor Commented:
The firewall allows free traffic internally, and its not MS firewall.
0
 
VahikCommented:
this was the reason i mentioned firewalls...read it(there are some other articles mentioned) ...it may help u..
http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21622159.html
and i will look around..
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

  • 4
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now