Solved

DCDIAG Warning MachineAccount Test

Posted on 2007-03-24
2
4,843 Views
Last Modified: 2010-08-05
Hello all

How do I resolve the warning message for the MachineAccount test?

Chris

C:\Documents and Settings\Administrator2>dcdiag

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Manchester\SERVER02
      Starting test: Connectivity
         ......................... SERVER02 passed test Connectivity

Doing primary tests

   Testing server: Manchester\SERVER02
      Starting test: Replications
         ......................... SERVER02 passed test Replications
      Starting test: NCSecDesc
         ......................... SERVER02 passed test NCSecDesc
      Starting test: NetLogons
         ......................... SERVER02 passed test NetLogons
      Starting test: Advertising
         ......................... SERVER02 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... SERVER02 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... SERVER02 passed test RidManager
      Starting test: MachineAccount
         Warning:  Attribute userAccountControl of SERVER02 is: 0x82020 = ( UF_P
ASSWD_NOTREQD | UF_SERVER_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
         Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
         This may be affecting replication?
         ......................... SERVER02 passed test MachineAccount
      Starting test: Services
         ......................... SERVER02 passed test Services
      Starting test: ObjectsReplicated
         ......................... SERVER02 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... SERVER02 passed test frssysvol
      Starting test: frsevent
         ......................... SERVER02 passed test frsevent
      Starting test: kccevent
         ......................... SERVER02 passed test kccevent
      Starting test: systemlog
         ......................... SERVER02 passed test systemlog
      Starting test: VerifyReferences
         ......................... SERVER02 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : ctc
      Starting test: CrossRefValidation
         ......................... ctc passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ctc passed test CheckSDRefDom

   Running enterprise tests on : ctc.local
      Starting test: Intersite
         ......................... ctc.local passed test Intersite
      Starting test: FsmoCheck
         ......................... ctc.local passed test FsmoCheck

C:\Documents and Settings\Administrator2>
0
Comment
Question by:mail2clk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 38

Accepted Solution

by:
Shift-3 earned 500 total points
ID: 18786800
There is a potential fix for this problem here:
http://www.pcreview.co.uk/forums/thread-2378247.php

Be sure to have a good System State backup of the server before changing anything.
0
 
LVL 33

Expert Comment

by:Busbar
ID: 18787458
go to the domain controllers OU,
right click on the Domain controller
properties
delegation
make sure that this computer is trusted for delegation (kerberos only) is selected
restart the server
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question