Solved

Problems with DNS after running DCDIAG

Posted on 2006-06-13
17
709 Views
Last Modified: 2012-05-05
Hi Everyone,

I am having difficulty with the replication between my two Domain Controllers in my domain.  Here is the setup:
Charybdis:  the "master" domain controller
Sycilla:  another domain controller
Odyssey:  the name of the domain

I figured that it is a DNS issue, so I ran the DCDIAG.EXE tool, and here are the results:

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator>dcdiag
Domain Controller Diagnosis
Performing initial setup:
   Done gathering initial info.
Doing initial required tests
   Testing server: Default-First-Site-Name\CHARYBDIS
      Starting test: Connectivity
         ......................... CHARYBDIS passed test Connectivity
Doing primary tests
   Testing server: Default-First-Site-Name\CHARYBDIS
      Starting test: Replications
         [Replications Check,CHARYBDIS] A recent replication attempt failed:
            From SCYLLA to CHARYBDIS
            Naming Context: CN=Schema,CN=Configuration,DC=odyssey,DC=org
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2006-06-13 17:50:41.
            The last success occurred at 2006-06-13 16:53:45.
            2 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         [SCYLLA] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,CHARYBDIS] A recent replication attempt failed:
            From SCYLLA to CHARYBDIS
            Naming Context: CN=Configuration,DC=odyssey,DC=org
            The replication generated an error (1908):
            Could not find the domain controller for this domain.
            The failure occurred at 2006-06-13 17:50:41.
            The last success occurred at 2006-06-13 17:24:42.
            1 failures have occurred since the last success.
            Kerberos Error.
            A KDC was not found to authenticate the call.
            Check that sufficient domain controllers are available.
         ......................... CHARYBDIS passed test Replications
      Starting test: NCSecDesc
         ......................... CHARYBDIS passed test NCSecDesc
      Starting test: NetLogons
         ......................... CHARYBDIS passed test NetLogons
      Starting test: Advertising
         ......................... CHARYBDIS passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... CHARYBDIS passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... CHARYBDIS passed test RidManager
      Starting test: MachineAccount
         ......................... CHARYBDIS passed test MachineAccount
      Starting test: Services
         ......................... CHARYBDIS passed test Services
      Starting test: ObjectsReplicated
         ......................... CHARYBDIS passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... CHARYBDIS passed test frssysvol
      Starting test: frsevent
         ......................... CHARYBDIS passed test frsevent
      Starting test: kccevent
         ......................... CHARYBDIS passed test kccevent
      Starting test: systemlog
         ......................... CHARYBDIS passed test systemlog
      Starting test: VerifyReferences
         ......................... CHARYBDIS passed test VerifyReferences
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   Running partition tests on : odyssey
      Starting test: CrossRefValidation
         ......................... odyssey passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... odyssey passed test CheckSDRefDom
   Running enterprise tests on : odyssey.org
      Starting test: Intersite
         ......................... odyssey.org passed test Intersite
      Starting test: FsmoCheck
         ......................... odyssey.org passed test FsmoCheck

Please help...thanks!


Randy
0
Comment
Question by:rgutwein
  • 5
  • 5
  • 4
  • +1
17 Comments
 
LVL 48

Assisted Solution

by:Jay_Jay70
Jay_Jay70 earned 50 total points
Comment Utility
how have you got DNS setup?

can you post an ipconfig of both machines

also, can you post any entries in your event viewer
0
 
LVL 5

Author Comment

by:rgutwein
Comment Utility
Hello, thank you so much for the quick response!

Here is the IPCONFIG info:

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.ODYSSEY>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : scylla

Primary Dns Suffix . . . . . . . : odyssey.org

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : odyssey.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapt

er (Generic)

Physical Address. . . . . . . . . : 00-03-FF-4A-4B-C9

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.109

C:\Documents and Settings\Administrator.ODYSSEY>

Microsoft Windows [Version 5.2.3790]

(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : Charybdis

Primary Dns Suffix . . . . . . . : odyssey.org

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : odyssey.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet Adapt

er (Generic)

Physical Address. . . . . . . . . : 00-03-FF-4C-4B-C9

DHCP Enabled. . . . . . . . . . . : No

IP Address. . . . . . . . . . . . : 192.168.1.109

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.109

167.206.245.20


Here is the info from the Event Log (sorry, its a little long):

6/13/2006 5:48:56 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type ""net share"" to check for the SYSVOL share."
6/13/2006 5:48:11 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:49:37 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type ""net share"" to check for the SYSVOL share."
6/13/2006 4:49:34 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:34:52 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type ""net share"" to check for the SYSVOL share."
6/13/2006 4:34:47 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 4:29:23 PM NtFrs Warning None 13509 N/A SCYLLA The File Replication Service has enabled replication from CHARYBDIS to SCYLLA for c:\windows\sysvol\domain after repeated retries.
6/13/2006 4:02:37 PM NtFrs Warning None 13508 N/A SCYLLA "The File Replication Service is having trouble enabling replication from CHARYBDIS to SCYLLA for c:\windows\sysvol\domain using the DNS name Charybdis.odyssey.org. FRS will keep retrying.
 Following are some of the reasons you would see this warning.
 
 [1] FRS can not correctly resolve the DNS name Charybdis.odyssey.org from this computer.
 [2] FRS is not running on Charybdis.odyssey.org.
 [3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
 
 This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established."
6/13/2006 3:56:15 PM NtFrs Information None 13516 N/A SCYLLA "The File Replication Service is no longer preventing the computer SCYLLA from becoming a domain controller. The system volume has been successfully initialized and the Netlogon service has been notified that the system volume is now ready to be shared as SYSVOL.
 
Type ""net share"" to check for the SYSVOL share."
6/13/2006 3:56:00 PM NtFrs Information None 13553 N/A SCYLLA "The File Replication Service successfully added this computer to the following replica set:
    ""DOMAIN SYSTEM VOLUME (SYSVOL SHARE)""
 
Information related to this event is shown below:
Computer DNS name is ""scylla.odyssey.org""
Replica set member name is ""SCYLLA""
Replica set root path is ""c:\windows\sysvol\domain""
Replica staging directory path is ""c:\windows\sysvol\staging\domain""
Replica working directory path is ""c:\windows\ntfrs\jet"""
6/13/2006 3:55:58 PM NtFrs Warning None 13565 N/A SCYLLA "File Replication Service is initializing the system volume with data from another domain controller. Computer SCYLLA cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
 
To check for the SYSVOL share, at the command prompt, type:
net share
 
When File Replication Service completes the initialization process, the SYSVOL share will appear.
 
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers."
6/13/2006 3:55:57 PM NtFrs Information None 13501 N/A SCYLLA The File Replication Service is starting.
6/13/2006 3:53:45 PM NtFrs Information None 13503 N/A SCYLLA The File Replication Service has stopped.
6/13/2006 3:53:41 PM NtFrs Information None 13502 N/A SCYLLA The File Replication Service is stopping.
6/13/2006 3:52:53 PM NtFrs Warning None 13512 N/A SCYLLA The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer SCYLLA. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.


Thanks for helping me out!


Randy
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
going to have to give me a little bit to check this out :) lots of info here and i have to run to a meeting in a lil while, i will be back though :)

Jay
0
 
LVL 5

Author Comment

by:rgutwein
Comment Utility
Ok, great...thank you!  Also, I wanted to let you know that these servers are running on Micosoft's Virtual Server 2005 on my Windows XP Pro machine.  Each Domain controller has its own VHD (i didnt just copy and paste it) so they have their own SID.  

Maybe the DNS issues are related to Microsoft's Virtual Server 2005, since it is not a "real" domain environment, and it is just emulated.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
hmmm an important point, i will get back to you asap you have my word
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Jay_Jay70 is far more knowledgeable with these issues than I, but the one thing I notice is it appears your own DNS server is 192.168.1.109 but you also have 167.206.245.20 listed which I believe is an ISP DNS server. The server and workstations should only point to your internal DNS servers. The ISP's DNS should be added as a forwarder in the DNS management console only.
0
 
LVL 5

Author Comment

by:rgutwein
Comment Utility
Thank you, RobWill, for pointing that out.  I thought that I erased all of those ISP DNS IPs, I guess I missed that one :)  

Thank you both for helping me out with this!  I am going to split to the points, so that you both get credit for helping me.  
0
 
LVL 8

Accepted Solution

by:
bilbus earned 300 total points
Comment Utility
It looks to me that both DCs only know them selves as the the only DC in domain

shouldnt you have 192.168.1.110 and 192.168.1.109 in each server?


This is what i would make it look like

Sycilla

IP Address. . . . . . . . . . . . : 192.168.1.110

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 192.168.1.109, 192.168.1.110


Charybdis

IP Address. . . . . . . . . . . . : 192.168.1.109

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . .: 192.168.1.110, 192.168.1.109


I always put every domain controler in my DC's dns list, with the local server as the last dns

Also goto DNS console, goto foward lookup zone, msdcs

you will see two Cnames. Make sure you can ping those both from each server

mine looks like
47205010-0e1f-4533-9719-16ff2c867cb3._msdcs.mydomain.com
e13f5bda-3d19-4c7f-84ec-c373d06e10f8._msdcs.mydomain.com

those are each of my domain controlers
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 150 total points
Comment Utility
rgutwein, after making your changes might be worth running
netdiag  /fix
ipconfig  /flushdns
and then try DCDiag again to see if there is an improvement in the results.
0
 
LVL 5

Author Comment

by:rgutwein
Comment Utility
Hi, thank you for the response, I added the two IPs like you said, and it is definetly replicating a lot faster.  I only have DNS setup on 1 out of the 2 Domain Controllers (Charybdis).  Is it best practice to have DNS set up on every Domain Controller?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
back! wow, busy Q :)

was going to start with dns but it seems to be mostly covered so far,

do you have complete name resolution cranking?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
Comment Utility
:) yup best to have each DC as DNS so that it replicates DNS accross, make your DNS zones AD integrated
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Thanks rgutwein . Glad to hear you have some improvement. Have all of the errors/failures been resolved ?
--Rob
0
 
LVL 5

Author Comment

by:rgutwein
Comment Utility
Great, thank you everyone so much.  I gave out points as fairly as I could.  I really appreciate all of your help!

Randy
0
 
LVL 8

Expert Comment

by:bilbus
Comment Utility
glad it worked good luck!
0
 
LVL 8

Expert Comment

by:bilbus
Comment Utility
you dont need dns on every DC, but its nice.

if you have dns on 2 DCs and one DC crashes (and your dhcp/static ip settings has both DCs in its dns settings) the clients will automaticly fall over to the other DC for dns name res. I install dns on all my DCs
0
 
LVL 8

Expert Comment

by:bilbus
Comment Utility
oh ya also make both server global catalog servers
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Preface Having the need * to contact many different companies with different infrastructures * do remote maintenance in their network required us to implement a more flexible routing solution. As RAS, PPTP, L2TP and VPN Client connections are no…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now