[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Expert active directory admins only

Posted on 2006-04-26
7
Medium Priority
?
1,254 Views
Last Modified: 2008-01-09
I started getting errors that nothing could access the active directory. I tried opening Domain security policy and it says that configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. I tried adding a computer to the domain, and it says "Logon Failure: target name is incorrect". The dns server also can't access the active directory according to the errors generated. The dns server is pointing to the dc,and nslookup is registering everything fine. I tried reseting a machine through the active directory gui and now I cant log onto the users that were associated with the domain on the comp. I can use the Active directory gui, but have to get access back to the active directory. Bigbox (the server) is a DC also.

Any help is apreciated.

Dcdiag:



Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine bigbox, is a DC.
   * Connecting to directory service on server bigbox.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 1 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\BIGBOX
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... BIGBOX passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\BIGBOX
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         * Replication Site Latency Check
         ......................... BIGBOX passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BIGBOX passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=office,DC=gastonia,DC=waterstone,DC=nc.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... BIGBOX passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC BIGBOX.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=gastonia,DC=waterstone,DC=nc
            (Domain,Version 2)
         ......................... BIGBOX passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\BIGBOX\netlogon
         Verified share \\BIGBOX\sysvol
         ......................... BIGBOX passed test NetLogons
      Starting test: Advertising
         The DC BIGBOX is advertising itself as a DC and having a DS.
         The DC BIGBOX is advertising as an LDAP server
         The DC BIGBOX is advertising as having a writeable directory
         The DC BIGBOX is advertising as a Key Distribution Center
         The DC BIGBOX is advertising as a time server
         The DS BIGBOX is advertising as a GC.
         ......................... BIGBOX passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Domain Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role PDC Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Rid Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc
         ......................... BIGBOX passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 1610 to 1073741823
         * bigbox.office.gastonia.waterstone.nc is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1110 to 1609
         * rIDPreviousAllocationPool is 1110 to 1609
         * rIDNextRID: 1153
         ......................... BIGBOX passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC BIGBOX on DC BIGBOX.
         The account BIGBOX is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of BIGBOX is: 0x81000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc
         * SPN found :LDAP/BIGBOX
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ace3522f-ef35-454f-90eb-e4d34746f1e3/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc
         * SPN found :HOST/BIGBOX
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :GC/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         ......................... BIGBOX failed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BIGBOX passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... BIGBOX passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         BIGBOX is in domain DC=office,DC=gastonia,DC=waterstone,DC=nc
         Checking for CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc in domain DC=office,DC=gastonia,DC=waterstone,DC=nc on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc in domain CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc on 1 servers
            Object is up-to-date on all servers.
         ......................... BIGBOX passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... BIGBOX passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... BIGBOX passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... BIGBOX passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x40000004
            Time Generated: 04/26/2006   17:05:45
            Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/bigbox.office.gastonia.waterstone.nc.  The

target name used was

LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc.

 This indicates that the password used to encrypt

the kerberos service ticket is different than

that on the target server. Commonly, this is due

to identically named  machine accounts in the

target realm (OFFICE.GASTONIA.WATERSTONE.NC), and

the client realm.   Please contact your system

administrator.
         ......................... BIGBOX failed test systemlog
      Starting test: VerifyReplicas
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... BIGBOX failed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=BIGBOX,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         The system object reference (serverReferenceBL)

         CN=BIGBOX,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=gastonia,DC=waterstone,DC=nc

         and backlink on

         CN=NTDS Settings,CN=BIGBOX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         are correct.
         ......................... BIGBOX passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         Can't determine the age of the cross-ref

         CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition

         CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc,

         so following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         Can't determine the age of the cross-ref

         CN=OFFICE,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc

         for the partition DC=office,DC=gastonia,DC=waterstone,DC=nc, so

         following errors relating to this cross-ref/partition may disappear

         after replication  coalesces.  Please ensure that replication is

         working from the Domain Naming FSMO to this DC, and retry this test to

         see if errors continue.
         ......................... BIGBOX failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BIGBOX for domain office.gastonia.waterstone.nc in site Default-First-Site-Name
         Checking machine account for DC BIGBOX on DC BIGBOX.
         The account BIGBOX is not a DC account.  It cannot replicate.
         Warning:  Attribute userAccountControl of BIGBOX is: 0x81000 = ( UF_WORKSTATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         This may be affecting replication?
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc
         * SPN found :LDAP/BIGBOX
         * SPN found :LDAP/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :LDAP/ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ace3522f-ef35-454f-90eb-e4d34746f1e3/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc
         * SPN found :HOST/BIGBOX
         * SPN found :HOST/bigbox.office.gastonia.waterstone.nc/OFFICE
         * SPN found :GC/bigbox.office.gastonia.waterstone.nc/office.gastonia.waterstone.nc
         Unable to verify the machine account (CN=BIGBOX,OU=Domain Controllers,DC=office,DC=gastonia,DC=waterstone,DC=nc) for BIGBOX on BIGBOX.
         [BIGBOX] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... BIGBOX passed test CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... ForestDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition

            (DC=ForestDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=bb371fd5-2ed4-444f-8589-6eb176295979,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... ForestDnsZones failed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... DomainDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition

            (DC=DomainDnsZones,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=40e3ad6a-2636-4f76-b33f-04a3092463d2,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... DomainDnsZones failed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
            For the partition

            (CN=Schema,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             we encountered the following error retrieving the cross-ref's

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... Schema failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
            For the partition

            (CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... Configuration failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
            For the partition (DC=office,DC=gastonia,DC=waterstone,DC=nc) we

            encountered the following error retrieving the cross-ref's

            (CN=OFFICE,CN=Partitions,CN=Configuration,DC=office,DC=gastonia,DC=waterstone,DC=nc)

             information:
               LDAP Error 0x2095 (8341).
         ......................... office failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.gastonia.waterstone.nc
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... office.gastonia.waterstone.nc passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         PDC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         Time Server Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         KDC Name: \\bigbox.office.gastonia.waterstone.nc
         Locator Flags: 0xe00003fd
         ......................... office.gastonia.waterstone.nc passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: bigbox.office.gastonia.waterstone.nc
            Domain: office.gastonia.waterstone.nc

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 1.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000009] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:11:43:F1:42:38
                     IP address is static
                     IP address: 192.168.1.1
                     DNS servers:
                        192.168.1.1 (<name unavailable>) [Valid]
                  Adapter [00000010] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:11:43:F1:42:39
                     IP address is static
                     IP address: x.x.x.x
                     DNS servers:
                        192.168.1.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     66.255.85.8 (<name unavailable>) [Valid]
                     66.255.85.9 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure office.gastonia.waterstone.nc.
                  Test record _dcdiag_test_record added successfully in zone office.gastonia.waterstone.nc.
                  Test record _dcdiag_test_record deleted successfully in zone office.gastonia.waterstone.nc.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000009] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 192.168.1.1:
                     bigbox.office.gastonia.waterstone.nc

                     Matching CNAME record found at DNS server 192.168.1.1:
                     ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc

                     Matching DC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.dc._msdcs.office.gastonia.waterstone.nc

                     Matching GC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.gc._msdcs.office.gastonia.waterstone.nc

                     Matching PDC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.pdc._msdcs.office.gastonia.waterstone.nc

                  Network Adapter [00000010] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 192.168.1.1:
                     bigbox.office.gastonia.waterstone.nc

                     Matching CNAME record found at DNS server 192.168.1.1:
                     ace3522f-ef35-454f-90eb-e4d34746f1e3._msdcs.office.gastonia.waterstone.nc

                     Matching DC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.dc._msdcs.office.gastonia.waterstone.nc

                     Matching GC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.gc._msdcs.office.gastonia.waterstone.nc

                     Matching PDC SRV record found at DNS server 192.168.1.1:
                     _ldap._tcp.pdc._msdcs.office.gastonia.waterstone.nc

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 192.168.1.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 66.255.85.8 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
            DNS server: 66.255.85.9 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.gastonia.waterstone.nc
               bigbox                       PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... office.gastonia.waterstone.nc passed test DNS
0
Comment
Question by:icedcool
  • 4
  • 3
7 Comments
 
LVL 51

Expert Comment

by:Netman66
ID: 16549129
Where is this DC located in AD?  It should be in the Domain Controllers OU - is it?

It looks like some of the Directory information is bad or missing.

Is this the only DC?

Open ADSIEdit.msc and find this entry: userAccountControl

This is an attribute on the server object.  It should be under: Domain>DC=.....>OU=Domain Controllers

>right click the CN=BIGBOX and select Properties.
>scroll down to the userAccountControl
>the value should be 0x82000 (532480)
>correct it if it's wrong
>reboot.

Advise before you go into ADSIEdit.


0
 

Author Comment

by:icedcool
ID: 16549405
This is the only DC. This server runs the DNS the AD and it is in the Domain controller OU. Should I go ahead with the ADSIEdit?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16549612
Yes, let me know what the value is before you change it.

0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 

Author Comment

by:icedcool
ID: 16549632
The value is 528384. I'm changing it back to 532480.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 2000 total points
ID: 16549646
Let me know how you make out.  You may need to reboot for the changes to sort themselves out.

0
 

Author Comment

by:icedcool
ID: 16549691
It worked!
0
 
LVL 51

Expert Comment

by:Netman66
ID: 16549702
Brilliant!

You doubted me??? :o)

Glad to assist.
NM
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
Integration Management Part 2
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question