Solved

Issues with Intrasite Replication

Posted on 2007-11-26
10
2,076 Views
Last Modified: 2008-11-12
Hi there, I've attached a dump of the results of DCDIAG from a DC in our DMZ. We have 4 DC's and one site, one domain, one tree.

There are two ISA server firewalls that segment the network into chunks, though for the purposes of fault-finding, I have created some temporary allow any/any rules, allowing all traffic to and from the DC's.

Frodo and Samwise are on the same segment (the same as my pc)
Pippin is in the DMZ and separated by ISA
Bilbo is in a "Services" network, also separated by an ISA server.

I need help in figuring out what is going on with the errors in DCDiag, the don't make much sense to me as I seem to be getting different results, depending on where I run the tool from. In addition, I have disabled the "Enforce Strict RPC Compliance" option on the RPC Filter in ISA.

Any help would be much appreciated.
Dave
Domain Controller Diagnosis
 
Performing initial setup:
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Connectivity
         [FRODO] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... FRODO failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Connectivity
         [SAMWISE] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... SAMWISE failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Connectivity
         ......................... PIPPIN passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Connectivity
         [BILBO] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... BILBO failed test Connectivity
 
Doing primary tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Skipping all tests, because server FRODO is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Skipping all tests, because server SAMWISE is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Replications
         ......................... PIPPIN passed test Replications
      Starting test: Topology
         ......................... PIPPIN passed test Topology
      Starting test: CutoffServers
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... PIPPIN passed test CutoffServers
      Starting test: NCSecDesc
         ......................... PIPPIN passed test NCSecDesc
      Starting test: NetLogons
         ......................... PIPPIN passed test NetLogons
      Starting test: Advertising
         ......................... PIPPIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: SAMWISE is the Schema Owner, but is not responding to DS RPC Bind.
         Warning: FRODO is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: BILBO is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         ......................... PIPPIN failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... PIPPIN failed test RidManager
      Starting test: MachineAccount
         ......................... PIPPIN passed test MachineAccount
      Starting test: Services
         ......................... PIPPIN passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... PIPPIN passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... PIPPIN passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... PIPPIN passed test frssysvol
      Starting test: frsevent
         ......................... PIPPIN passed test frsevent
      Starting test: kccevent
         ......................... PIPPIN passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:41:37
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0002719
            Time Generated: 11/26/2007   13:42:19
            (Event String could not be retrieved)
         ......................... PIPPIN failed test systemlog
      Starting test: VerifyReplicas
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... PIPPIN failed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... PIPPIN passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         Can't determine the age of the cross-ref
 
         CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition
 
         CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so following
 
         errors relating to this cross-ref/partition may disappear after
 
         replication  coalesces.  Please ensure that replication is working
 
         from the Domain Naming FSMO to this DC, and retry this test to see if
 
         errors continue. 
         Can't determine the age of the cross-ref
 
         CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=office,DC=zen,DC=co,DC=uk, so following errors
 
         relating to this cross-ref/partition may disappear after replication
 
         coalesces.  Please ensure that replication is working from the Domain
 
         Naming FSMO to this DC, and retry this test to see if errors continue.
 
         ......................... PIPPIN failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... PIPPIN passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Skipping all tests, because server BILBO is
      not responding to directory service requests
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
            For the partition
 
            (CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk) we
 
            encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Schema failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
            For the partition (CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Configuration failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
            For the partition (DC=office,DC=zen,DC=co,DC=uk) we encountered the
 
            following error retrieving the cross-ref's
 
            (CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... office failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.zen.co.uk
      Starting test: Intersite
         Doing intersite inbound replication test on site
 
         ZenInternet-OfficeNetwork: 
            * Warning: Current ISTG failed, ISTG role should be taken by PIPPIN
 
             in 6 hours and 13 minutes. 
         ......................... office.zen.co.uk passed test Intersite
      Starting test: FsmoCheck
         ......................... office.zen.co.uk passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: frodo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
            
            DC: samwise.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
            
            DC: bilbo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
         
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.zen.co.uk
               frodo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  
               samwise                      PASS FAIL n/a  n/a  n/a  n/a  n/a  
               bilbo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... office.zen.co.uk failed test DNS

Open in new window

0
Comment
Question by:Zen_Internet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 5

Expert Comment

by:t_swartz
ID: 20350213
I always start out with DNS when encountering ad replication problems. Do you have good DNS resolution between all the dc's? When you ping the dc's by name from one to the other, does it return the %computernaem%.domain.whatever? For Example, you ping frodo from pippin and get pinging frodo.mydomain.local [ip address] with 32 bytes of data? Try that with all of them. If you don't see that fqdn returned immediately (let alone unsuccessful ping requests) then you have a dns resolution problem somewhere that needs addressed first.
0
 
LVL 2

Expert Comment

by:geniph
ID: 20352195
What account are you using to run DCDIAG?  Does it have full rights on all domain controllers?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354058
yah whatever you are running it with is failing at the moment, we need to clear that up and get some accurate diags
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:Zen_Internet
ID: 20356415
OK, thanks folks, the results are as follows....
All pings and name resolutions for the other DC's are fine, all successful.

I have recently demoted three older DC's, using DCpromo, they still run the DNS service for some clients that may be manually configured, though as our AD zone is integrated, all I have done is setup a forwarder in DNS to forward all queries to one of the new DC's. When we move offices, these older DC's will be fully retired. I thought I should mention this as it *could* be related, though in fairness, I decided to run the demotion as I was hoping to clear up some of the problems we have been having, I figured a 'tidy up' would always help, even if it just reduced the number of DC's we had to trouble shoot. The remaining four DC's hold the FSMO roles and are all GC's.

The account I'm running dcdiag as is both a Domain Admin and an Enterprise Admin, I'm using a telnet connection to the DC's, running from a command prompt, running under my admin account (no need to worry about telnet, I'm using an IPSec policy to protect it).

RID, PDC and Infrastructure Roles are on Bilbo
Domain Naming Master Role is on Frodo
Schema Master Role is on Samwise

Going to try dcdiag again from RDP....
0
 

Author Comment

by:Zen_Internet
ID: 20356442
...OK, now this is puzzelling!! Everything seems to work fine when I test again this morning (over RDP)

Domain Controller Diagnosis
 
Performing initial setup:
   * Verifying that the local machine bilbo, is a DC. 
   * Connecting to directory service on server bilbo.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 4 DC(s). Testing 4 of them.
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... FRODO passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SAMWISE passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... PIPPIN passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... BILBO passed test Connectivity
 
Doing primary tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... FRODO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FRODO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FRODO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC FRODO.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... FRODO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\FRODO\netlogon
         Verified share \\FRODO\sysvol
         ......................... FRODO passed test NetLogons
      Starting test: Advertising
         The DC FRODO is advertising itself as a DC and having a DS.
         The DC FRODO is advertising as an LDAP server
         The DC FRODO is advertising as having a writeable directory
         The DC FRODO is advertising as a Key Distribution Center
         The DC FRODO is advertising as a time server
         The DS FRODO is advertising as a GC.
         ......................... FRODO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... FRODO passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 13802 to 14301
         * rIDPreviousAllocationPool is 10802 to 11301
         * rIDNextRID: 11268
         * Warning :There is less than 7% available RIDs in the current pool
         ......................... FRODO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC FRODO on DC FRODO.
         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/frodo.office.zen.co.uk
         * SPN found :LDAP/FRODO
         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk
         * SPN found :HOST/FRODO
         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk
         ......................... FRODO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... FRODO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... FRODO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         FRODO is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... FRODO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... FRODO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... FRODO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... FRODO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... FRODO passed test systemlog
      Starting test: VerifyReplicas
         ......................... FRODO passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... FRODO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... FRODO passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC FRODO on DC BILBO.
         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/frodo.office.zen.co.uk
         * SPN found :LDAP/FRODO
         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk
         * SPN found :HOST/FRODO
         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk
         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [FRODO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... FRODO passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SAMWISE passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SAMWISE passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SAMWISE passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SAMWISE.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... SAMWISE passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SAMWISE\netlogon
         Verified share \\SAMWISE\sysvol
         ......................... SAMWISE passed test NetLogons
      Starting test: Advertising
         The DC SAMWISE is advertising itself as a DC and having a DS.
         The DC SAMWISE is advertising as an LDAP server
         The DC SAMWISE is advertising as having a writeable directory
         The DC SAMWISE is advertising as a Key Distribution Center
         The DC SAMWISE is advertising as a time server
         The DS SAMWISE is advertising as a GC.
         ......................... SAMWISE passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... SAMWISE passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 13302 to 13801
         * rIDPreviousAllocationPool is 13302 to 13801
         * rIDNextRID: 13329
         ......................... SAMWISE passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SAMWISE on DC SAMWISE.
         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/samwise.office.zen.co.uk
         * SPN found :LDAP/SAMWISE
         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk
         * SPN found :HOST/SAMWISE
         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk
         ......................... SAMWISE passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SAMWISE passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SAMWISE passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SAMWISE is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... SAMWISE passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... SAMWISE passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... SAMWISE passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SAMWISE passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... SAMWISE passed test systemlog
      Starting test: VerifyReplicas
         ......................... SAMWISE passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... SAMWISE passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SAMWISE passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC SAMWISE on DC BILBO.
         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/samwise.office.zen.co.uk
         * SPN found :LDAP/SAMWISE
         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk
         * SPN found :HOST/SAMWISE
         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk
         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [SAMWISE] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SAMWISE passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... PIPPIN passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... PIPPIN passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... PIPPIN passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC PIPPIN.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... PIPPIN passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\PIPPIN\netlogon
         Verified share \\PIPPIN\sysvol
         ......................... PIPPIN passed test NetLogons
      Starting test: Advertising
         The DC PIPPIN is advertising itself as a DC and having a DS.
         The DC PIPPIN is advertising as an LDAP server
         The DC PIPPIN is advertising as having a writeable directory
         The DC PIPPIN is advertising as a Key Distribution Center
         The DC PIPPIN is advertising as a time server
         The DS PIPPIN is advertising as a GC.
         ......................... PIPPIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... PIPPIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12302 to 12801
         * rIDPreviousAllocationPool is 12302 to 12801
         * rIDNextRID: 12359
         ......................... PIPPIN passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC PIPPIN on DC PIPPIN.
         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/pippin.office.zen.co.uk
         * SPN found :LDAP/PIPPIN
         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk
         * SPN found :HOST/PIPPIN
         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk
         ......................... PIPPIN passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... PIPPIN passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... PIPPIN passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         PIPPIN is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... PIPPIN passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... PIPPIN passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... PIPPIN passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... PIPPIN passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 11/27/2007   08:14:22
            Event String: The session setup from the computer AKAY01 failed
 
to authenticate. The following error occurred: 
 
%%5 
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:11
            (Event String could not be retrieved)
         ......................... PIPPIN failed test systemlog
      Starting test: VerifyReplicas
         ......................... PIPPIN passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... PIPPIN passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... PIPPIN passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC PIPPIN on DC BILBO.
         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/pippin.office.zen.co.uk
         * SPN found :LDAP/PIPPIN
         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk
         * SPN found :HOST/PIPPIN
         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk
         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... PIPPIN passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... BILBO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BILBO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BILBO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC BILBO.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... BILBO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\BILBO\netlogon
         Verified share \\BILBO\sysvol
         ......................... BILBO passed test NetLogons
      Starting test: Advertising
         The DC BILBO is advertising itself as a DC and having a DS.
         The DC BILBO is advertising as an LDAP server
         The DC BILBO is advertising as having a writeable directory
         The DC BILBO is advertising as a Key Distribution Center
         The DC BILBO is advertising as a time server
         The DS BILBO is advertising as a GC.
         ......................... BILBO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... BILBO passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12802 to 13301
         * rIDPreviousAllocationPool is 12802 to 13301
         * rIDNextRID: 12912
         ......................... BILBO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         ......................... BILBO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BILBO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... BILBO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... BILBO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... BILBO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... BILBO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... BILBO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... BILBO passed test systemlog
      Starting test: VerifyReplicas
         ......................... BILBO passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... BILBO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... BILBO passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... BILBO passed test CheckSecurityError
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
         ......................... office passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.zen.co.uk
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
 
         provided by the command line arguments provided. 
         Doing intersite inbound replication test on site
 
         ZenInternet-OfficeNetwork: 
            Locating & Contacting Intersite Topology Generator (ISTG) ... 
               The ISTG for site ZenInternet-OfficeNetwork is: FRODO. 
            Checking for down bridgeheads ... 
            Doing in depth site analysis ... 
               All expected sites and bridgeheads are replicating into site
 
               ZenInternet-OfficeNetwork. 
         ......................... office.zen.co.uk passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         PDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         KDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         ......................... office.zen.co.uk passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: bilbo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:13:72:4F:C2:68
                     IP address is static
                     IP address: 10.3.0.1
                     DNS servers:
                        10.5.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.1:
                     bilbo.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.1:
                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
                     Matching PDC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 
         
            
            DC: frodo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:14:58:AA
                     IP address is static
                     IP address: 10.5.0.1
                     DNS servers:
                        10.5.0.1 (<name unavailable>) [Valid]
                        10.5.0.2 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.1:
                     frodo.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.1:
                     1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
         
            
            DC: pippin.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:20:3F:51
                     IP address is static
                     IP address: 10.4.0.1
                     DNS servers:
                        10.4.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.4.0.1:
                     pippin.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.4.0.1:
                     a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.4.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.4.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
         
            
            DC: samwise.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:14:58:7A
                     IP address is static
                     IP address: 10.5.0.2
                     DNS servers:
                        10.5.0.2 (<name unavailable>) [Valid]
                        10.5.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.2:
                     samwise.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.2:
                     7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.2:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.2:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
         
         Summary of test results for DNS servers used by the above domain controllers:
 
            DNS server: 10.4.0.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 10.5.0.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 10.5.0.2 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 212.23.3.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
            DNS server: 212.23.6.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.zen.co.uk
               bilbo                        PASS PASS PASS PASS PASS PASS n/a  
               frodo                        PASS PASS PASS PASS PASS PASS n/a  
               pippin                       PASS PASS PASS PASS PASS PASS n/a  
               samwise                      PASS PASS PASS PASS PASS PASS n/a  
         
         ......................... office.zen.co.uk passed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20356473
...and when I run THE SAME tests over the Telnet connection to the SAME server, I get loads of failures!

Domain Controller Diagnosis
 
Performing initial setup:
   * Verifying that the local machine bilbo, is a DC. 
   * Connecting to directory service on server bilbo.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 4 DC(s). Testing 4 of them.
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         [FRODO] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... FRODO failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         [SAMWISE] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... SAMWISE failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         [PIPPIN] DsBindWithSpnEx() failed with error 5,
         Access is denied..
         ......................... PIPPIN failed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... BILBO passed test Connectivity
 
Doing primary tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Skipping all tests, because server FRODO is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Skipping all tests, because server SAMWISE is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Skipping all tests, because server PIPPIN is
      not responding to directory service requests
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... BILBO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BILBO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         * Performing downstream (of target) analysis.
         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..
         ......................... BILBO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC BILBO.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... BILBO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\BILBO\netlogon
         Verified share \\BILBO\sysvol
         ......................... BILBO passed test NetLogons
      Starting test: Advertising
         The DC BILBO is advertising itself as a DC and having a DS.
         The DC BILBO is advertising as an LDAP server
         The DC BILBO is advertising as having a writeable directory
         The DC BILBO is advertising as a Key Distribution Center
         The DC BILBO is advertising as a time server
         The DS BILBO is advertising as a GC.
         ......................... BILBO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Warning: SAMWISE is the Schema Owner, but is not responding to DS RPC Bind.
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Warning: FRODO is the Domain Owner, but is not responding to DS RPC Bind.
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... BILBO failed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12802 to 13301
         * rIDPreviousAllocationPool is 12802 to 13301
         * rIDNextRID: 12912
         ......................... BILBO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         ......................... BILBO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BILBO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... BILBO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 1 servers
            Object is up-to-date on all servers.
         ......................... BILBO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... BILBO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... BILBO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... BILBO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... BILBO passed test systemlog
      Starting test: VerifyReplicas
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... BILBO failed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... BILBO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         Can't determine the age of the cross-ref
 
         CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so
 
         following errors relating to this cross-ref/partition may disappear
 
         after replication  coalesces.  Please ensure that replication is
 
         working from the Domain Naming FSMO to this DC, and retry this test to
 
         see if errors continue. 
         Can't determine the age of the cross-ref
 
         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition
 
         CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so following
 
         errors relating to this cross-ref/partition may disappear after
 
         replication  coalesces.  Please ensure that replication is working
 
         from the Domain Naming FSMO to this DC, and retry this test to see if
 
         errors continue. 
         Can't determine the age of the cross-ref
 
         CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         for the partition DC=office,DC=zen,DC=co,DC=uk, so following errors
 
         relating to this cross-ref/partition may disappear after replication
 
         coalesces.  Please ensure that replication is working from the Domain
 
         Naming FSMO to this DC, and retry this test to see if errors continue.
 
         ......................... BILBO failed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... BILBO passed test CheckSecurityError
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... ForestDnsZones failed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CrossRefValidation
      Starting test: CheckSDRefDom
            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... DomainDnsZones failed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
            For the partition
 
            (CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk) we
 
            encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Schema failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
            For the partition (CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
            we encountered the following error retrieving the cross-ref's
 
            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... Configuration failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
            For the partition (DC=office,DC=zen,DC=co,DC=uk) we encountered the
 
            following error retrieving the cross-ref's
 
            (CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 
             information: 
               LDAP Error 0x1 (1). 
         ......................... office failed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.zen.co.uk
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
 
         provided by the command line arguments provided. 
         Doing intersite inbound replication test on site
 
         ZenInternet-OfficeNetwork: 
            Locating & Contacting Intersite Topology Generator (ISTG) ... 
               *Warning: Currest ISTG (FRODO) is down.  Looking for a new ISTG.
 
               * Warning: Current ISTG failed, ISTG role should be taken by
 
               BILBO  in 4 hours and 7 minutes. 
            Checking for down bridgeheads ... 
            Doing in depth site analysis ... 
               All expected sites and bridgeheads are replicating into site
 
               ZenInternet-OfficeNetwork. 
         ......................... office.zen.co.uk passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         PDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         KDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         ......................... office.zen.co.uk passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: frodo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]
         
            
            DC: bilbo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:13:72:4F:C2:68
                     IP address is static
                     IP address: 10.3.0.1
                     DNS servers:
                        10.5.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.1:
                     bilbo.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.1:
                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
                     Matching PDC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 
         
            
            DC: samwise.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]
         
            
            DC: pippin.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  Error: No DS RPC connectivity
                  Error: No WMI connectivity
                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]
         
         Summary of test results for DNS servers used by the above domain controllers:
 
            DNS server: 10.5.0.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 212.23.3.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
            DNS server: 212.23.6.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.zen.co.uk
               frodo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  
               bilbo                        PASS PASS PASS PASS PASS PASS n/a  
               samwise                      PASS FAIL n/a  n/a  n/a  n/a  n/a  
               pippin                       PASS FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... office.zen.co.uk failed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20356510
sorry to keep posting here folks, I just figured something else out. If I forget about Telnet for the moment (that's a whole other question) and use RDP, running the same test "dcdiag /v /e /c" WITH THE TEMPORARY FW RULES REMOVED, I get failures on the DC that is separated by two firewall rulebases.  I'm going to monitor and see if I can see what's causing this, at least I've managed to narrow it down somewhat! - I was totally baffled earlier as the network is running OK for the most part, GPO's are applying, users can authenticate and access resources, Exchange is happy. Will post back when I have something more to add. Thanks.

Domain Controller Diagnosis
 
Performing initial setup:
   * Verifying that the local machine bilbo, is a DC. 
   * Connecting to directory service on server bilbo.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 4 DC(s). Testing 4 of them.
   Done gathering initial info.
 
Doing initial required tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... FRODO passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... SAMWISE passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... PIPPIN passed test Connectivity
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... BILBO passed test Connectivity
 
Doing primary tests
   
   Testing server: ZenInternet-OfficeNetwork\FRODO
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... FRODO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FRODO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... FRODO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC FRODO.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... FRODO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\FRODO\netlogon
         Verified share \\FRODO\sysvol
         ......................... FRODO passed test NetLogons
      Starting test: Advertising
         The DC FRODO is advertising itself as a DC and having a DS.
         The DC FRODO is advertising as an LDAP server
         The DC FRODO is advertising as having a writeable directory
         The DC FRODO is advertising as a Key Distribution Center
         The DC FRODO is advertising as a time server
         The DS FRODO is advertising as a GC.
         ......................... FRODO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... FRODO passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 13802 to 14301
         * rIDPreviousAllocationPool is 10802 to 11301
         * rIDNextRID: 11268
         * Warning :There is less than 7% available RIDs in the current pool
         ......................... FRODO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC FRODO on DC FRODO.
         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/frodo.office.zen.co.uk
         * SPN found :LDAP/FRODO
         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk
         * SPN found :HOST/FRODO
         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk
         ......................... FRODO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... FRODO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... FRODO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         FRODO is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... FRODO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... FRODO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... FRODO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... FRODO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x000016AD
            Time Generated: 11/27/2007   09:05:04
            Event String: The session setup from the computer AKAY01 failed
 
to authenticate. The following error occurred: 
 
%%5 
         ......................... FRODO failed test systemlog
      Starting test: VerifyReplicas
         ......................... FRODO passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... FRODO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... FRODO passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC FRODO on DC BILBO.
         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/frodo.office.zen.co.uk
         * SPN found :LDAP/FRODO
         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/frodo.office.zen.co.uk
         * SPN found :HOST/FRODO
         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk
         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [FRODO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... FRODO passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\SAMWISE
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... SAMWISE passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SAMWISE passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SAMWISE passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC SAMWISE.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... SAMWISE passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\SAMWISE\netlogon
         Verified share \\SAMWISE\sysvol
         ......................... SAMWISE passed test NetLogons
      Starting test: Advertising
         The DC SAMWISE is advertising itself as a DC and having a DS.
         The DC SAMWISE is advertising as an LDAP server
         The DC SAMWISE is advertising as having a writeable directory
         The DC SAMWISE is advertising as a Key Distribution Center
         The DC SAMWISE is advertising as a time server
         The DS SAMWISE is advertising as a GC.
         ......................... SAMWISE passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... SAMWISE passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 13302 to 13801
         * rIDPreviousAllocationPool is 13302 to 13801
         * rIDNextRID: 13329
         ......................... SAMWISE passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC SAMWISE on DC SAMWISE.
         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/samwise.office.zen.co.uk
         * SPN found :LDAP/SAMWISE
         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk
         * SPN found :HOST/SAMWISE
         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk
         ......................... SAMWISE passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SAMWISE passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... SAMWISE passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         SAMWISE is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... SAMWISE passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... SAMWISE passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... SAMWISE passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... SAMWISE passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... SAMWISE passed test systemlog
      Starting test: VerifyReplicas
         ......................... SAMWISE passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... SAMWISE passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... SAMWISE passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC SAMWISE on DC BILBO.
         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/samwise.office.zen.co.uk
         * SPN found :LDAP/SAMWISE
         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/samwise.office.zen.co.uk
         * SPN found :HOST/SAMWISE
         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk
         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [SAMWISE] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... SAMWISE passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\PIPPIN
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... PIPPIN passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... PIPPIN passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... PIPPIN passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC PIPPIN.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... PIPPIN passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\PIPPIN\netlogon
         Verified share \\PIPPIN\sysvol
         ......................... PIPPIN passed test NetLogons
      Starting test: Advertising
         The DC PIPPIN is advertising itself as a DC and having a DS.
         The DC PIPPIN is advertising as an LDAP server
         The DC PIPPIN is advertising as having a writeable directory
         The DC PIPPIN is advertising as a Key Distribution Center
         The DC PIPPIN is advertising as a time server
         The DS PIPPIN is advertising as a GC.
         ......................... PIPPIN passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... PIPPIN passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12302 to 12801
         * rIDPreviousAllocationPool is 12302 to 12801
         * rIDNextRID: 12359
         ......................... PIPPIN passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC PIPPIN on DC PIPPIN.
         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/pippin.office.zen.co.uk
         * SPN found :LDAP/PIPPIN
         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk
         * SPN found :HOST/PIPPIN
         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk
         ......................... PIPPIN passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... PIPPIN passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... PIPPIN passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         PIPPIN is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... PIPPIN passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... PIPPIN passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... PIPPIN passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... PIPPIN passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:07
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:08
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:09
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 11/27/2007   08:54:11
            (Event String could not be retrieved)
         ......................... PIPPIN failed test systemlog
      Starting test: VerifyReplicas
         ......................... PIPPIN passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... PIPPIN passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... PIPPIN passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC PIPPIN on DC BILBO.
         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/pippin.office.zen.co.uk
         * SPN found :LDAP/PIPPIN
         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/pippin.office.zen.co.uk
         * SPN found :HOST/PIPPIN
         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk
         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers
            Object is up-to-date on all servers.
         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... PIPPIN passed test CheckSecurityError
   
   Testing server: ZenInternet-OfficeNetwork\BILBO
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 5 entries in the vector were ignored.
                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=office,DC=zen,DC=co,DC=uk
               Latency information for 12 entries in the vector were ignored.
                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... BILBO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BILBO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BILBO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC BILBO.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=office,DC=zen,DC=co,DC=uk
            (Domain,Version 2)
         ......................... BILBO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\BILBO\netlogon
         Verified share \\BILBO\sysvol
         ......................... BILBO passed test NetLogons
      Starting test: Advertising
         The DC BILBO is advertising itself as a DC and having a DS.
         The DC BILBO is advertising as an LDAP server
         The DC BILBO is advertising as having a writeable directory
         The DC BILBO is advertising as a Key Distribution Center
         The DC BILBO is advertising as a time server
         The DS BILBO is advertising as a GC.
         ......................... BILBO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
         ......................... BILBO passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 14302 to 1073741823
         * bilbo.office.zen.co.uk is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12802 to 13301
         * rIDPreviousAllocationPool is 12802 to 13301
         * rIDNextRID: 12912
         ......................... BILBO passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         ......................... BILBO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BILBO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... BILBO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk
         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers
            Object is up-to-date on all servers.
         ......................... BILBO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... BILBO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test 
         ......................... BILBO passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... BILBO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... BILBO passed test systemlog
      Starting test: VerifyReplicas
         ......................... BILBO passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 
         backlink on
 
         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         The system object reference (frsComputerReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 
         correct. 
         The system object reference (serverReferenceBL)
 
         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 
         and backlink on
 
         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 
         are correct. 
         ......................... BILBO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... BILBO passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork
         Checking machine account for DC BILBO on DC BILBO.
         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :LDAP/bilbo.office.zen.co.uk
         * SPN found :LDAP/BILBO
         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk
         * SPN found :HOST/bilbo.office.zen.co.uk
         * SPN found :HOST/BILBO
         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN
         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk
         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... BILBO passed test CheckSecurityError
 
DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : office
      Starting test: CrossRefValidation
         ......................... office passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... office passed test CheckSDRefDom
   
   Running enterprise tests on : office.zen.co.uk
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope
 
         provided by the command line arguments provided. 
         Doing intersite inbound replication test on site
 
         ZenInternet-OfficeNetwork: 
            Locating & Contacting Intersite Topology Generator (ISTG) ... 
               The ISTG for site ZenInternet-OfficeNetwork is: FRODO. 
            Checking for down bridgeheads ... 
            Doing in depth site analysis ... 
               All expected sites and bridgeheads are replicating into site
 
               ZenInternet-OfficeNetwork. 
         ......................... office.zen.co.uk passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         PDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         Preferred Time Server Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         KDC Name: \\bilbo.office.zen.co.uk
         Locator Flags: 0xe00001fd
         ......................... office.zen.co.uk passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
            
            DC: bilbo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:13:72:4F:C2:68
                     IP address is static
                     IP address: 10.3.0.1
                     DNS servers:
                        10.5.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.1:
                     bilbo.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.1:
                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
                     Matching PDC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 
         
            
            DC: samwise.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:14:58:7A
                     IP address is static
                     IP address: 10.5.0.2
                     DNS servers:
                        10.5.0.2 (<name unavailable>) [Valid]
                        10.5.0.1 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.2:
                     samwise.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.2:
                     7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.2:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.2:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
         
            
            DC: frodo.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:14:58:AA
                     IP address is static
                     IP address: 10.5.0.1
                     DNS servers:
                        10.5.0.1 (<name unavailable>) [Valid]
                        10.5.0.2 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                  
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information: 
                     212.23.3.100 (<name unavailable>) [Valid] 
                     212.23.6.100 (<name unavailable>) [Valid] 
                  
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                  
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone office.zen.co.uk.
                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.
                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.
                  
               TEST: Records registration (RReg)
                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 10.5.0.1:
                     frodo.office.zen.co.uk
 
                     Matching CNAME record found at DNS server 10.5.0.1:
                     1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
 
                     Matching DC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 
                     Matching GC SRV record found at DNS server 10.5.0.1:
                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 
         
            
            DC: pippin.office.zen.co.uk
            Domain: office.zen.co.uk
 
                  
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                  
               TEST: Basic (Basc)
                  Error: No WMI connectivity
                  [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailable.) - Connection to WMI server failed]
         
         Summary of test results for DNS servers used by the above domain controllers:
 
            DNS server: 10.5.0.1 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 10.5.0.2 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 
               
            DNS server: 212.23.3.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
            DNS server: 212.23.6.100 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server. 
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: office.zen.co.uk
               bilbo                        PASS PASS PASS PASS PASS PASS n/a  
               samwise                      PASS PASS PASS PASS PASS PASS n/a  
               frodo                        PASS PASS PASS PASS PASS PASS n/a  
               pippin                       PASS FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... office.zen.co.uk failed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20358305
I've investigated and discovered that (in my example) TCP 2881 is used during DCDIAG between the DC's, as this is a high port I'm pretty sure that it's just a randomly assigned port (not something I can forge a new FW rule on). I'd be keen not to just allow all high ports between the DC in the DMZ and the other DC's, everything seems pretty happy now so I'm going to leave it and see how it all goes. Anyone else got an advice on the rules needed between DC's, when separated by FW's?
0
 
LVL 2

Accepted Solution

by:
geniph earned 250 total points
ID: 20359813
0
 

Author Comment

by:Zen_Internet
ID: 20361490
Awesome! Thanks very much :)
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
New IP's needed ASAP 6 86
Certificate Authority Issues 6 55
Trying to install Active Directory on Windows 2012 R2 - restart message problem 10 54
Duplicate SPN entries 1 23
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question