?
Solved

DCDIAG Errors on a new Windows 2000 DC

Posted on 2007-10-16
1
Medium Priority
?
952 Views
Last Modified: 2012-06-27
We were having problems with our old DC (RP01) and I just added another DC (PDC) to the network.

I am ready to bring the old one down, but I am having a few issues that seem to be DNS related but I don't really know.

If you run a DCDIAG from a non-dc Exchange box, I get this:
>>>

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\PDC
      Starting test: Replications
         ......................... PDC passed test Replications
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         [PDC] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... PDC failed test NetLogons
      Starting test: Advertising
         Fatal Error:DsGetDcName (PDC) call failed, error 1722
         The Locator could not find the server.
         ......................... PDC failed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: MachineAccount
         Could not open pipe with [PDC]:failed with 1203: No network provider accepted the given network path.
         Could not get NetBIOSDomainName
         Failed can not test for HOST SPN
         Failed can not test for HOST SPN
         * Missing SPN :(null)
         * Missing SPN :(null)
         ......................... PDC failed test MachineAccount
      Starting test: Services
         Could not open Remote ipc to [PDC]:failed with 1203: No network provider accepted the given network path.
         ......................... PDC failed test Services
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: frssysvol
         [PDC] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path..
         ......................... PDC failed test frssysvol
      Starting test: frsevent
         ......................... PDC failed test frsevent
      Starting test: kccevent
         Failed to enumerate event log records, error No network provider accepted the given network path.
         ......................... PDC failed test kccevent
      Starting test: systemlog
         Failed to enumerate event log records, error No network provider accepted the given network path.
         ......................... PDC failed test systemlog
      Starting test: VerifyReferences
         ......................... PDC passed test VerifyReferences
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : rammingpaving
      Starting test: CrossRefValidation
         ......................... rammingpaving passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... rammingpaving passed test CheckSDRefDom
   
   Running enterprise tests on : rammingpaving.com
      Starting test: Intersite
         ......................... rammingpaving.com passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1722
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1722
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1722
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1722
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1722
         A KDC could not be located - All the KDCs are down.
         ......................... rammingpaving.com failed test FsmoCheck
<<<

If I run it on the DC itself, everything seems to be working ok.

>>>>>



Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\PDC
      Starting test: Replications
         ......................... PDC passed test Replications
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... PDC passed test NetLogons
      Starting test: Advertising
         ......................... PDC passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: MachineAccount
         ......................... PDC passed test MachineAccount
      Starting test: Services
            Could not open IISADMIN Service on [PDC]:failed with 1060: The specified service does not exist as an installed service.
            Could not open SMTPSVC Service on [PDC]:failed with 1060: The specified service does not exist as an installed service.
         ......................... PDC failed test Services
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PDC passed test frssysvol
      Starting test: kccevent
         ......................... PDC passed test kccevent
      Starting test: systemlog
         ......................... PDC passed test systemlog
   
   Running enterprise tests on : rammingpaving.com
      Starting test: Intersite
         ......................... rammingpaving.com passed test Intersite
      Starting test: FsmoCheck
         ......................... rammingpaving.com passed test FsmoCheck

<<<<


My other issue is that I have a Terminal Server box and when I unplug the old DC, users won't get authenticated, saying that the RPC server is unavailable. I am assuming that it's still looking for the old DC (RP01). Why doesn't it find the new DC?

I'm concerned about bringing the old DC down now, but this puppy needs to go. It's on its last leg.

Any help troubleshooting this would be appreciated.

Christian



I
0
Comment
Question by:onepiolin
1 Comment
 
LVL 86

Accepted Solution

by:
oBdA earned 2000 total points
ID: 20087429
First of all, make sure your DNS settings are correct (and the new machine has all necessary DNS zones?):
10 DNS Errors That Will Kill Your Network
http://www.mstraining.com/misc/10_dns_errors_that_will_kill_you.htm

Frequently Asked Questions About Windows 2000 DNS and Windows Server 2003 DNS
http://support.microsoft.com/?kbid=291382

Best practices for DNS client settings in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/?kbid=825036

Then it seems like you didn't make the new DC a global catalog:
How to promote a domain controller to a global catalog server
http://support.microsoft.com/?kbid=296882

Did you move the FSMO roles to the new machine?
How To View and Transfer FSMO Roles in Windows Server 2003
http://support.microsoft.com/?kbid=324801

And just in case: do NOT just shut down the old DC. Once you've verified your network can run without it, bring it back online and run dcpromo on it do demote it.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
Native ability to set a user account password via AD GPO was removed because the passwords can be easily decrypted by any authenticated user in the domain. Microsoft recommends LAPS as a replacement and I have written an article that does something …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question