Solved

Issues with Intrasite Replication

Posted on 2007-11-26
10
2,051 Views
Last Modified: 2008-11-12
Hi there, I've attached a dump of the results of DCDIAG from a DC in our DMZ. We have 4 DC's and one site, one domain, one tree.

There are two ISA server firewalls that segment the network into chunks, though for the purposes of fault-finding, I have created some temporary allow any/any rules, allowing all traffic to and from the DC's.

Frodo and Samwise are on the same segment (the same as my pc)
Pippin is in the DMZ and separated by ISA
Bilbo is in a "Services" network, also separated by an ISA server.

I need help in figuring out what is going on with the errors in DCDiag, the don't make much sense to me as I seem to be getting different results, depending on where I run the tool from. In addition, I have disabled the "Enforce Strict RPC Compliance" option on the RPC Filter in ISA.

Any help would be much appreciated.
Dave
Domain Controller Diagnosis
 

Performing initial setup:

   Done gathering initial info.
 

Doing initial required tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Connectivity

         [FRODO] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... FRODO failed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Connectivity

         [SAMWISE] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... SAMWISE failed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Connectivity

         ......................... PIPPIN passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Connectivity

         [BILBO] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... BILBO failed test Connectivity
 

Doing primary tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Skipping all tests, because server FRODO is

      not responding to directory service requests

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Skipping all tests, because server SAMWISE is

      not responding to directory service requests

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Replications

         ......................... PIPPIN passed test Replications

      Starting test: Topology

         ......................... PIPPIN passed test Topology

      Starting test: CutoffServers

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         ......................... PIPPIN passed test CutoffServers

      Starting test: NCSecDesc

         ......................... PIPPIN passed test NCSecDesc

      Starting test: NetLogons

         ......................... PIPPIN passed test NetLogons

      Starting test: Advertising

         ......................... PIPPIN passed test Advertising

      Starting test: KnowsOfRoleHolders

         Warning: SAMWISE is the Schema Owner, but is not responding to DS RPC Bind.

         Warning: FRODO is the Domain Owner, but is not responding to DS RPC Bind.

         Warning: BILBO is the PDC Owner, but is not responding to DS RPC Bind.

         Warning: BILBO is the Rid Owner, but is not responding to DS RPC Bind.

         Warning: BILBO is the Infrastructure Update Owner, but is not responding to DS RPC Bind.

         ......................... PIPPIN failed test KnowsOfRoleHolders

      Starting test: RidManager

         ......................... PIPPIN failed test RidManager

      Starting test: MachineAccount

         ......................... PIPPIN passed test MachineAccount

      Starting test: Services

         ......................... PIPPIN passed test Services

      Starting test: OutboundSecureChannels

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... PIPPIN passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         ......................... PIPPIN passed test ObjectsReplicated

      Starting test: frssysvol

         ......................... PIPPIN passed test frssysvol

      Starting test: frsevent

         ......................... PIPPIN passed test frsevent

      Starting test: kccevent

         ......................... PIPPIN passed test kccevent

      Starting test: systemlog

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 11/26/2007   13:41:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 11/26/2007   13:41:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 11/26/2007   13:41:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 11/26/2007   13:41:37

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0xC0002719

            Time Generated: 11/26/2007   13:42:19

            (Event String could not be retrieved)

         ......................... PIPPIN failed test systemlog

      Starting test: VerifyReplicas

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... PIPPIN failed test VerifyReplicas

      Starting test: VerifyReferences

         ......................... PIPPIN passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         Can't determine the age of the cross-ref
 

         CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition
 

         CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so following
 

         errors relating to this cross-ref/partition may disappear after
 

         replication  coalesces.  Please ensure that replication is working
 

         from the Domain Naming FSMO to this DC, and retry this test to see if
 

         errors continue. 

         Can't determine the age of the cross-ref
 

         CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=office,DC=zen,DC=co,DC=uk, so following errors
 

         relating to this cross-ref/partition may disappear after replication
 

         coalesces.  Please ensure that replication is working from the Domain
 

         Naming FSMO to this DC, and retry this test to see if errors continue.
 

         ......................... PIPPIN failed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... PIPPIN passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Skipping all tests, because server BILBO is

      not responding to directory service requests
 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... ForestDnsZones failed test CrossRefValidation

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... ForestDnsZones failed test CheckSDRefDom

   

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... DomainDnsZones failed test CrossRefValidation

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... DomainDnsZones failed test CheckSDRefDom

   

   Running partition tests on : Schema

      Starting test: CrossRefValidation

            For the partition
 

            (CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk) we
 

            encountered the following error retrieving the cross-ref's
 

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... Schema failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... Configuration failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   

   Running partition tests on : office

      Starting test: CrossRefValidation

            For the partition (DC=office,DC=zen,DC=co,DC=uk) we encountered the
 

            following error retrieving the cross-ref's
 

            (CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... office failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... office passed test CheckSDRefDom

   

   Running enterprise tests on : office.zen.co.uk

      Starting test: Intersite

         Doing intersite inbound replication test on site
 

         ZenInternet-OfficeNetwork: 

            * Warning: Current ISTG failed, ISTG role should be taken by PIPPIN
 

             in 6 hours and 13 minutes. 

         ......................... office.zen.co.uk passed test Intersite

      Starting test: FsmoCheck

         ......................... office.zen.co.uk passed test FsmoCheck

      Starting test: DNS

         Test results for domain controllers:

            

            DC: frodo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

         

            

            DC: samwise.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

         

            

            DC: bilbo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

         

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: office.zen.co.uk

               frodo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  

               samwise                      PASS FAIL n/a  n/a  n/a  n/a  n/a  

               bilbo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  

         

         ......................... office.zen.co.uk failed test DNS

Open in new window

0
Comment
Question by:Zen_Internet
10 Comments
 
LVL 5

Expert Comment

by:t_swartz
ID: 20350213
I always start out with DNS when encountering ad replication problems. Do you have good DNS resolution between all the dc's? When you ping the dc's by name from one to the other, does it return the %computernaem%.domain.whatever? For Example, you ping frodo from pippin and get pinging frodo.mydomain.local [ip address] with 32 bytes of data? Try that with all of them. If you don't see that fqdn returned immediately (let alone unsuccessful ping requests) then you have a dns resolution problem somewhere that needs addressed first.
0
 
LVL 2

Expert Comment

by:geniph
ID: 20352195
What account are you using to run DCDIAG?  Does it have full rights on all domain controllers?
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 20354058
yah whatever you are running it with is failing at the moment, we need to clear that up and get some accurate diags
0
 

Author Comment

by:Zen_Internet
ID: 20356415
OK, thanks folks, the results are as follows....
All pings and name resolutions for the other DC's are fine, all successful.

I have recently demoted three older DC's, using DCpromo, they still run the DNS service for some clients that may be manually configured, though as our AD zone is integrated, all I have done is setup a forwarder in DNS to forward all queries to one of the new DC's. When we move offices, these older DC's will be fully retired. I thought I should mention this as it *could* be related, though in fairness, I decided to run the demotion as I was hoping to clear up some of the problems we have been having, I figured a 'tidy up' would always help, even if it just reduced the number of DC's we had to trouble shoot. The remaining four DC's hold the FSMO roles and are all GC's.

The account I'm running dcdiag as is both a Domain Admin and an Enterprise Admin, I'm using a telnet connection to the DC's, running from a command prompt, running under my admin account (no need to worry about telnet, I'm using an IPSec policy to protect it).

RID, PDC and Infrastructure Roles are on Bilbo
Domain Naming Master Role is on Frodo
Schema Master Role is on Samwise

Going to try dcdiag again from RDP....
0
 

Author Comment

by:Zen_Internet
ID: 20356442
...OK, now this is puzzelling!! Everything seems to work fine when I test again this morning (over RDP)


Domain Controller Diagnosis
 

Performing initial setup:

   * Verifying that the local machine bilbo, is a DC. 

   * Connecting to directory service on server bilbo.

   * Collecting site info.

   * Identifying all servers.

   * Identifying all NC cross-refs.

   * Found 4 DC(s). Testing 4 of them.

   Done gathering initial info.
 

Doing initial required tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... FRODO passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... SAMWISE passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... PIPPIN passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... BILBO passed test Connectivity
 

Doing primary tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... FRODO passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... FRODO passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... FRODO passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC FRODO.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... FRODO passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\FRODO\netlogon

         Verified share \\FRODO\sysvol

         ......................... FRODO passed test NetLogons

      Starting test: Advertising

         The DC FRODO is advertising itself as a DC and having a DS.

         The DC FRODO is advertising as an LDAP server

         The DC FRODO is advertising as having a writeable directory

         The DC FRODO is advertising as a Key Distribution Center

         The DC FRODO is advertising as a time server

         The DS FRODO is advertising as a GC.

         ......................... FRODO passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... FRODO passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 13802 to 14301

         * rIDPreviousAllocationPool is 10802 to 11301

         * rIDNextRID: 11268

         * Warning :There is less than 7% available RIDs in the current pool

         ......................... FRODO passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC FRODO on DC FRODO.

         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/frodo.office.zen.co.uk

         * SPN found :LDAP/FRODO

         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk

         * SPN found :HOST/FRODO

         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk

         ......................... FRODO passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... FRODO passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... FRODO passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         FRODO is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... FRODO passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... FRODO passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... FRODO passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... FRODO passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... FRODO passed test systemlog

      Starting test: VerifyReplicas

         ......................... FRODO passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... FRODO passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... FRODO passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC FRODO on DC BILBO.

         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/frodo.office.zen.co.uk

         * SPN found :LDAP/FRODO

         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk

         * SPN found :HOST/FRODO

         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk

         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [FRODO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... FRODO passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... SAMWISE passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SAMWISE passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SAMWISE passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SAMWISE.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... SAMWISE passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\SAMWISE\netlogon

         Verified share \\SAMWISE\sysvol

         ......................... SAMWISE passed test NetLogons

      Starting test: Advertising

         The DC SAMWISE is advertising itself as a DC and having a DS.

         The DC SAMWISE is advertising as an LDAP server

         The DC SAMWISE is advertising as having a writeable directory

         The DC SAMWISE is advertising as a Key Distribution Center

         The DC SAMWISE is advertising as a time server

         The DS SAMWISE is advertising as a GC.

         ......................... SAMWISE passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... SAMWISE passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 13302 to 13801

         * rIDPreviousAllocationPool is 13302 to 13801

         * rIDNextRID: 13329

         ......................... SAMWISE passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC SAMWISE on DC SAMWISE.

         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/samwise.office.zen.co.uk

         * SPN found :LDAP/SAMWISE

         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk

         * SPN found :HOST/SAMWISE

         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk

         ......................... SAMWISE passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... SAMWISE passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... SAMWISE passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         SAMWISE is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... SAMWISE passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... SAMWISE passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... SAMWISE passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... SAMWISE passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... SAMWISE passed test systemlog

      Starting test: VerifyReplicas

         ......................... SAMWISE passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... SAMWISE passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... SAMWISE passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC SAMWISE on DC BILBO.

         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/samwise.office.zen.co.uk

         * SPN found :LDAP/SAMWISE

         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk

         * SPN found :HOST/SAMWISE

         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk

         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [SAMWISE] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... SAMWISE passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... PIPPIN passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... PIPPIN passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... PIPPIN passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC PIPPIN.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... PIPPIN passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\PIPPIN\netlogon

         Verified share \\PIPPIN\sysvol

         ......................... PIPPIN passed test NetLogons

      Starting test: Advertising

         The DC PIPPIN is advertising itself as a DC and having a DS.

         The DC PIPPIN is advertising as an LDAP server

         The DC PIPPIN is advertising as having a writeable directory

         The DC PIPPIN is advertising as a Key Distribution Center

         The DC PIPPIN is advertising as a time server

         The DS PIPPIN is advertising as a GC.

         ......................... PIPPIN passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... PIPPIN passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 12302 to 12801

         * rIDPreviousAllocationPool is 12302 to 12801

         * rIDNextRID: 12359

         ......................... PIPPIN passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC PIPPIN on DC PIPPIN.

         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/pippin.office.zen.co.uk

         * SPN found :LDAP/PIPPIN

         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk

         * SPN found :HOST/PIPPIN

         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk

         ......................... PIPPIN passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... PIPPIN passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... PIPPIN passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         PIPPIN is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... PIPPIN passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... PIPPIN passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... PIPPIN passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... PIPPIN passed test kccevent

      Starting test: systemlog

         * The System Event log test

         An Error Event occured.  EventID: 0x000016AD

            Time Generated: 11/27/2007   08:14:22

            Event String: The session setup from the computer AKAY01 failed
 

to authenticate. The following error occurred: 
 

%%5 

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:07

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:07

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:08

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:08

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:11

            (Event String could not be retrieved)

         ......................... PIPPIN failed test systemlog

      Starting test: VerifyReplicas

         ......................... PIPPIN passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... PIPPIN passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... PIPPIN passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC PIPPIN on DC BILBO.

         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/pippin.office.zen.co.uk

         * SPN found :LDAP/PIPPIN

         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk

         * SPN found :HOST/PIPPIN

         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk

         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... PIPPIN passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... BILBO passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... BILBO passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... BILBO passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC BILBO.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... BILBO passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\BILBO\netlogon

         Verified share \\BILBO\sysvol

         ......................... BILBO passed test NetLogons

      Starting test: Advertising

         The DC BILBO is advertising itself as a DC and having a DS.

         The DC BILBO is advertising as an LDAP server

         The DC BILBO is advertising as having a writeable directory

         The DC BILBO is advertising as a Key Distribution Center

         The DC BILBO is advertising as a time server

         The DS BILBO is advertising as a GC.

         ......................... BILBO passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... BILBO passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 12802 to 13301

         * rIDPreviousAllocationPool is 12802 to 13301

         * rIDNextRID: 12912

         ......................... BILBO passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         ......................... BILBO passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... BILBO passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... BILBO passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... BILBO passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... BILBO passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... BILBO passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... BILBO passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... BILBO passed test systemlog

      Starting test: VerifyReplicas

         ......................... BILBO passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... BILBO passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... BILBO passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... BILBO passed test CheckSecurityError
 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

   

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

   

   Running partition tests on : Schema

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   

   Running partition tests on : office

      Starting test: CrossRefValidation

         ......................... office passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... office passed test CheckSDRefDom

   

   Running enterprise tests on : office.zen.co.uk

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope
 

         provided by the command line arguments provided. 

         Doing intersite inbound replication test on site
 

         ZenInternet-OfficeNetwork: 

            Locating & Contacting Intersite Topology Generator (ISTG) ... 

               The ISTG for site ZenInternet-OfficeNetwork is: FRODO. 

            Checking for down bridgeheads ... 

            Doing in depth site analysis ... 

               All expected sites and bridgeheads are replicating into site
 

               ZenInternet-OfficeNetwork. 

         ......................... office.zen.co.uk passed test Intersite

      Starting test: FsmoCheck

         GC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         PDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Preferred Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         KDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         ......................... office.zen.co.uk passed test FsmoCheck

      Starting test: DNS

         Test results for domain controllers:

            

            DC: bilbo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:13:72:4F:C2:68

                     IP address is static

                     IP address: 10.3.0.1

                     DNS servers:

                        10.5.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.1:

                     bilbo.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.1:

                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

                     Matching PDC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 

         

            

            DC: frodo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:14:22:14:58:AA

                     IP address is static

                     IP address: 10.5.0.1

                     DNS servers:

                        10.5.0.1 (<name unavailable>) [Valid]

                        10.5.0.2 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.1:

                     frodo.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.1:

                     1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

         

            

            DC: pippin.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:14:22:20:3F:51

                     IP address is static

                     IP address: 10.4.0.1

                     DNS servers:

                        10.4.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.4.0.1:

                     pippin.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.4.0.1:

                     a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.4.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.4.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

         

            

            DC: samwise.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:14:22:14:58:7A

                     IP address is static

                     IP address: 10.5.0.2

                     DNS servers:

                        10.5.0.2 (<name unavailable>) [Valid]

                        10.5.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.2:

                     samwise.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.2:

                     7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.2:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.2:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

         

         Summary of test results for DNS servers used by the above domain controllers:
 

            DNS server: 10.4.0.1 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 10.5.0.1 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 10.5.0.2 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 212.23.3.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

            DNS server: 212.23.6.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: office.zen.co.uk

               bilbo                        PASS PASS PASS PASS PASS PASS n/a  

               frodo                        PASS PASS PASS PASS PASS PASS n/a  

               pippin                       PASS PASS PASS PASS PASS PASS n/a  

               samwise                      PASS PASS PASS PASS PASS PASS n/a  

         

         ......................... office.zen.co.uk passed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20356473
...and when I run THE SAME tests over the Telnet connection to the SAME server, I get loads of failures!


Domain Controller Diagnosis
 

Performing initial setup:

   * Verifying that the local machine bilbo, is a DC. 

   * Connecting to directory service on server bilbo.

   * Collecting site info.

   * Identifying all servers.

   * Identifying all NC cross-refs.

   * Found 4 DC(s). Testing 4 of them.

   Done gathering initial info.
 

Doing initial required tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         [FRODO] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... FRODO failed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         [SAMWISE] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... SAMWISE failed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         [PIPPIN] DsBindWithSpnEx() failed with error 5,

         Access is denied..

         ......................... PIPPIN failed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... BILBO passed test Connectivity
 

Doing primary tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Skipping all tests, because server FRODO is

      not responding to directory service requests

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Skipping all tests, because server SAMWISE is

      not responding to directory service requests

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Skipping all tests, because server PIPPIN is

      not responding to directory service requests

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... BILBO passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... BILBO passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Performing downstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Performing downstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Performing downstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Performing downstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         * Performing downstream (of target) analysis.

         DsReplicaSyncAllW failed with error The naming context specified for this replication operation is invalid..

         ......................... BILBO passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC BILBO.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... BILBO passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\BILBO\netlogon

         Verified share \\BILBO\sysvol

         ......................... BILBO passed test NetLogons

      Starting test: Advertising

         The DC BILBO is advertising itself as a DC and having a DS.

         The DC BILBO is advertising as an LDAP server

         The DC BILBO is advertising as having a writeable directory

         The DC BILBO is advertising as a Key Distribution Center

         The DC BILBO is advertising as a time server

         The DS BILBO is advertising as a GC.

         ......................... BILBO passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Warning: SAMWISE is the Schema Owner, but is not responding to DS RPC Bind.

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Warning: FRODO is the Domain Owner, but is not responding to DS RPC Bind.

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... BILBO failed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 12802 to 13301

         * rIDPreviousAllocationPool is 12802 to 13301

         * rIDNextRID: 12912

         ......................... BILBO passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         ......................... BILBO passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... BILBO passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... BILBO passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 1 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 1 servers

            Object is up-to-date on all servers.

         ......................... BILBO passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... BILBO passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... BILBO passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... BILBO passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... BILBO passed test systemlog

      Starting test: VerifyReplicas

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... BILBO failed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... BILBO passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         Can't determine the age of the cross-ref
 

         CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so
 

         following errors relating to this cross-ref/partition may disappear
 

         after replication  coalesces.  Please ensure that replication is
 

         working from the Domain Naming FSMO to this DC, and retry this test to
 

         see if errors continue. 

         Can't determine the age of the cross-ref
 

         CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition
 

         CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk, so following
 

         errors relating to this cross-ref/partition may disappear after
 

         replication  coalesces.  Please ensure that replication is working
 

         from the Domain Naming FSMO to this DC, and retry this test to see if
 

         errors continue. 

         Can't determine the age of the cross-ref
 

         CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         for the partition DC=office,DC=zen,DC=co,DC=uk, so following errors
 

         relating to this cross-ref/partition may disappear after replication
 

         coalesces.  Please ensure that replication is working from the Domain
 

         Naming FSMO to this DC, and retry this test to see if errors continue.
 

         ......................... BILBO failed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... BILBO passed test CheckSecurityError
 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... ForestDnsZones failed test CrossRefValidation

      Starting test: CheckSDRefDom

            For the partition (DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=6f39c24d-314a-4fe8-93b8-46e57df1cdb5,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... ForestDnsZones failed test CheckSDRefDom

   

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... DomainDnsZones failed test CrossRefValidation

      Starting test: CheckSDRefDom

            For the partition (DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=b0ac23ba-5bdc-43a2-ac37-dc08ab63b0f8,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... DomainDnsZones failed test CheckSDRefDom

   

   Running partition tests on : Schema

      Starting test: CrossRefValidation

            For the partition
 

            (CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk) we
 

            encountered the following error retrieving the cross-ref's
 

            (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... Schema failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

            For the partition (CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

            we encountered the following error retrieving the cross-ref's
 

            (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... Configuration failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   

   Running partition tests on : office

      Starting test: CrossRefValidation

            For the partition (DC=office,DC=zen,DC=co,DC=uk) we encountered the
 

            following error retrieving the cross-ref's
 

            (CN=ZENDOMAIN,CN=Partitions,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk)
 

             information: 

               LDAP Error 0x1 (1). 

         ......................... office failed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... office passed test CheckSDRefDom

   

   Running enterprise tests on : office.zen.co.uk

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope
 

         provided by the command line arguments provided. 

         Doing intersite inbound replication test on site
 

         ZenInternet-OfficeNetwork: 

            Locating & Contacting Intersite Topology Generator (ISTG) ... 

               *Warning: Currest ISTG (FRODO) is down.  Looking for a new ISTG.
 

               * Warning: Current ISTG failed, ISTG role should be taken by
 

               BILBO  in 4 hours and 7 minutes. 

            Checking for down bridgeheads ... 

            Doing in depth site analysis ... 

               All expected sites and bridgeheads are replicating into site
 

               ZenInternet-OfficeNetwork. 

         ......................... office.zen.co.uk passed test Intersite

      Starting test: FsmoCheck

         GC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         PDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Preferred Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         KDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         ......................... office.zen.co.uk passed test FsmoCheck

      Starting test: DNS

         Test results for domain controllers:

            

            DC: frodo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]

         

            

            DC: bilbo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:13:72:4F:C2:68

                     IP address is static

                     IP address: 10.3.0.1

                     DNS servers:

                        10.5.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.1:

                     bilbo.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.1:

                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

                     Matching PDC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 

         

            

            DC: samwise.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]

         

            

            DC: pippin.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                  Error: No DS RPC connectivity

                  Error: No WMI connectivity

                  [Error details: 0x80070005 (Type: HRESULT - Facility: Win32, Description: Access is denied.) - Connection to WMI server failed]

         

         Summary of test results for DNS servers used by the above domain controllers:
 

            DNS server: 10.5.0.1 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 212.23.3.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

            DNS server: 212.23.6.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: office.zen.co.uk

               frodo                        PASS FAIL n/a  n/a  n/a  n/a  n/a  

               bilbo                        PASS PASS PASS PASS PASS PASS n/a  

               samwise                      PASS FAIL n/a  n/a  n/a  n/a  n/a  

               pippin                       PASS FAIL n/a  n/a  n/a  n/a  n/a  

         

         ......................... office.zen.co.uk failed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20356510
sorry to keep posting here folks, I just figured something else out. If I forget about Telnet for the moment (that's a whole other question) and use RDP, running the same test "dcdiag /v /e /c" WITH THE TEMPORARY FW RULES REMOVED, I get failures on the DC that is separated by two firewall rulebases.  I'm going to monitor and see if I can see what's causing this, at least I've managed to narrow it down somewhat! - I was totally baffled earlier as the network is running OK for the most part, GPO's are applying, users can authenticate and access resources, Exchange is happy. Will post back when I have something more to add. Thanks.


Domain Controller Diagnosis
 

Performing initial setup:

   * Verifying that the local machine bilbo, is a DC. 

   * Connecting to directory service on server bilbo.

   * Collecting site info.

   * Identifying all servers.

   * Identifying all NC cross-refs.

   * Found 4 DC(s). Testing 4 of them.

   Done gathering initial info.
 

Doing initial required tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... FRODO passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... SAMWISE passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... PIPPIN passed test Connectivity

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Connectivity

         * Active Directory LDAP Services Check

         * Active Directory RPC Services Check

         ......................... BILBO passed test Connectivity
 

Doing primary tests

   

   Testing server: ZenInternet-OfficeNetwork\FRODO

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... FRODO passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... FRODO passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... FRODO passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC FRODO.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... FRODO passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\FRODO\netlogon

         Verified share \\FRODO\sysvol

         ......................... FRODO passed test NetLogons

      Starting test: Advertising

         The DC FRODO is advertising itself as a DC and having a DS.

         The DC FRODO is advertising as an LDAP server

         The DC FRODO is advertising as having a writeable directory

         The DC FRODO is advertising as a Key Distribution Center

         The DC FRODO is advertising as a time server

         The DS FRODO is advertising as a GC.

         ......................... FRODO passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... FRODO passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 13802 to 14301

         * rIDPreviousAllocationPool is 10802 to 11301

         * rIDNextRID: 11268

         * Warning :There is less than 7% available RIDs in the current pool

         ......................... FRODO passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC FRODO on DC FRODO.

         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/frodo.office.zen.co.uk

         * SPN found :LDAP/FRODO

         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk

         * SPN found :HOST/FRODO

         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk

         ......................... FRODO passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... FRODO passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... FRODO passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         FRODO is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... FRODO passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... FRODO passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... FRODO passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... FRODO passed test kccevent

      Starting test: systemlog

         * The System Event log test

         An Error Event occured.  EventID: 0x000016AD

            Time Generated: 11/27/2007   09:05:04

            Event String: The session setup from the computer AKAY01 failed
 

to authenticate. The following error occurred: 
 

%%5 

         ......................... FRODO failed test systemlog

      Starting test: VerifyReplicas

         ......................... FRODO passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=FRODO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... FRODO passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... FRODO passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC FRODO on DC BILBO.

         * SPN found :LDAP/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/frodo.office.zen.co.uk

         * SPN found :LDAP/FRODO

         * SPN found :LDAP/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1f46d946-11e2-4e9c-bc59-a9efdfdf97db/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/frodo.office.zen.co.uk

         * SPN found :HOST/FRODO

         * SPN found :HOST/frodo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/frodo.office.zen.co.uk/office.zen.co.uk

         Checking for CN=FRODO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [FRODO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... FRODO passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\SAMWISE

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... SAMWISE passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SAMWISE passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... SAMWISE passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SAMWISE.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... SAMWISE passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\SAMWISE\netlogon

         Verified share \\SAMWISE\sysvol

         ......................... SAMWISE passed test NetLogons

      Starting test: Advertising

         The DC SAMWISE is advertising itself as a DC and having a DS.

         The DC SAMWISE is advertising as an LDAP server

         The DC SAMWISE is advertising as having a writeable directory

         The DC SAMWISE is advertising as a Key Distribution Center

         The DC SAMWISE is advertising as a time server

         The DS SAMWISE is advertising as a GC.

         ......................... SAMWISE passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... SAMWISE passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 13302 to 13801

         * rIDPreviousAllocationPool is 13302 to 13801

         * rIDNextRID: 13329

         ......................... SAMWISE passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC SAMWISE on DC SAMWISE.

         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/samwise.office.zen.co.uk

         * SPN found :LDAP/SAMWISE

         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk

         * SPN found :HOST/SAMWISE

         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk

         ......................... SAMWISE passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... SAMWISE passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... SAMWISE passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         SAMWISE is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... SAMWISE passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... SAMWISE passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... SAMWISE passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... SAMWISE passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... SAMWISE passed test systemlog

      Starting test: VerifyReplicas

         ......................... SAMWISE passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=SAMWISE,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... SAMWISE passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... SAMWISE passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC SAMWISE on DC BILBO.

         * SPN found :LDAP/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/samwise.office.zen.co.uk

         * SPN found :LDAP/SAMWISE

         * SPN found :LDAP/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ec29bae-365f-4f7c-9e58-3c2de5f45985/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/samwise.office.zen.co.uk

         * SPN found :HOST/SAMWISE

         * SPN found :HOST/samwise.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/samwise.office.zen.co.uk/office.zen.co.uk

         Checking for CN=SAMWISE,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [SAMWISE] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... SAMWISE passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\PIPPIN

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... PIPPIN passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... PIPPIN passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... PIPPIN passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC PIPPIN.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... PIPPIN passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\PIPPIN\netlogon

         Verified share \\PIPPIN\sysvol

         ......................... PIPPIN passed test NetLogons

      Starting test: Advertising

         The DC PIPPIN is advertising itself as a DC and having a DS.

         The DC PIPPIN is advertising as an LDAP server

         The DC PIPPIN is advertising as having a writeable directory

         The DC PIPPIN is advertising as a Key Distribution Center

         The DC PIPPIN is advertising as a time server

         The DS PIPPIN is advertising as a GC.

         ......................... PIPPIN passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... PIPPIN passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 12302 to 12801

         * rIDPreviousAllocationPool is 12302 to 12801

         * rIDNextRID: 12359

         ......................... PIPPIN passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC PIPPIN on DC PIPPIN.

         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/pippin.office.zen.co.uk

         * SPN found :LDAP/PIPPIN

         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk

         * SPN found :HOST/PIPPIN

         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk

         ......................... PIPPIN passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... PIPPIN passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... PIPPIN passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         PIPPIN is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... PIPPIN passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... PIPPIN passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... PIPPIN passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... PIPPIN passed test kccevent

      Starting test: systemlog

         * The System Event log test

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:07

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:07

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:08

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:08

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:09

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:10

            (Event String could not be retrieved)

         An Error Event occured.  EventID: 0x00000457

            Time Generated: 11/27/2007   08:54:11

            (Event String could not be retrieved)

         ......................... PIPPIN failed test systemlog

      Starting test: VerifyReplicas

         ......................... PIPPIN passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=PIPPIN,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=PIPPIN,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... PIPPIN passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... PIPPIN passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC PIPPIN on DC BILBO.

         * SPN found :LDAP/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/pippin.office.zen.co.uk

         * SPN found :LDAP/PIPPIN

         * SPN found :LDAP/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/a6b6f620-b0e3-40ea-b793-3de0389cd1b7._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a6b6f620-b0e3-40ea-b793-3de0389cd1b7/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/pippin.office.zen.co.uk

         * SPN found :HOST/PIPPIN

         * SPN found :HOST/pippin.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/pippin.office.zen.co.uk/office.zen.co.uk

         Checking for CN=PIPPIN,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 2 servers

            Object is up-to-date on all servers.

         [PIPPIN] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... PIPPIN passed test CheckSecurityError

   

   Testing server: ZenInternet-OfficeNetwork\BILBO

      Starting test: Replications

         * Replications Check

         * Replication Latency Check

            DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 5 entries in the vector were ignored.

                  5 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

            DC=office,DC=zen,DC=co,DC=uk

               Latency information for 12 entries in the vector were ignored.

                  12 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  

         ......................... BILBO passed test Replications

      Starting test: Topology

         * Configuration Topology Integrity Check

         * Analyzing the connection topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the connection topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... BILBO passed test Topology

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check

         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for CN=Configuration,DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         * Analyzing the alive system replication topology for DC=office,DC=zen,DC=co,DC=uk.

         * Performing upstream (of target) analysis.

         * Performing downstream (of target) analysis.

         ......................... BILBO passed test CutoffServers

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC BILBO.

         * Security Permissions Check for

           DC=ForestDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           DC=DomainDnsZones,DC=office,DC=zen,DC=co,DC=uk

            (NDNC,Version 2)

         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Schema,Version 2)

         * Security Permissions Check for

           CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

            (Configuration,Version 2)

         * Security Permissions Check for

           DC=office,DC=zen,DC=co,DC=uk

            (Domain,Version 2)

         ......................... BILBO passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check

         Verified share \\BILBO\netlogon

         Verified share \\BILBO\sysvol

         ......................... BILBO passed test NetLogons

      Starting test: Advertising

         The DC BILBO is advertising itself as a DC and having a DS.

         The DC BILBO is advertising as an LDAP server

         The DC BILBO is advertising as having a writeable directory

         The DC BILBO is advertising as a Key Distribution Center

         The DC BILBO is advertising as a time server

         The DS BILBO is advertising as a GC.

         ......................... BILBO passed test Advertising

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SAMWISE,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Domain Owner = CN=NTDS Settings,CN=FRODO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role PDC Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Rid Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         Role Infrastructure Update Owner = CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk

         ......................... BILBO passed test KnowsOfRoleHolders

      Starting test: RidManager

         * Available RID Pool for the Domain is 14302 to 1073741823

         * bilbo.office.zen.co.uk is the RID Master

         * DsBind with RID Master was successful

         * rIDAllocationPool is 12802 to 13301

         * rIDPreviousAllocationPool is 12802 to 13301

         * rIDNextRID: 12912

         ......................... BILBO passed test RidManager

      Starting test: MachineAccount

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         ......................... BILBO passed test MachineAccount

      Starting test: Services

         * Checking Service: Dnscache

         * Checking Service: NtFrs

         * Checking Service: IsmServ

         * Checking Service: kdc

         * Checking Service: SamSs

         * Checking Service: LanmanServer

         * Checking Service: LanmanWorkstation

         * Checking Service: RpcSs

         * Checking Service: w32time

         * Checking Service: NETLOGON

         ......................... BILBO passed test Services

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test

         ** Did not run Outbound Secure Channels test

         because /testdomain: was not entered

         ......................... BILBO passed test OutboundSecureChannels

      Starting test: ObjectsReplicated

         BILBO is in domain DC=office,DC=zen,DC=co,DC=uk

         Checking for CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk in domain DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         Checking for CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk in domain CN=Configuration,DC=office,DC=zen,DC=co,DC=uk on 4 servers

            Object is up-to-date on all servers.

         ......................... BILBO passed test ObjectsReplicated

      Starting test: frssysvol

         * The File Replication Service SYSVOL ready test 

         File Replication Service's SYSVOL is ready 

         ......................... BILBO passed test frssysvol

      Starting test: frsevent

         * The File Replication Service Event log test 

         ......................... BILBO passed test frsevent

      Starting test: kccevent

         * The KCC Event log test

         Found no KCC errors in Directory Service Event log in the last 15 minutes.

         ......................... BILBO passed test kccevent

      Starting test: systemlog

         * The System Event log test

         Found no errors in System Event log in the last 60 minutes.

         ......................... BILBO passed test systemlog

      Starting test: VerifyReplicas

         ......................... BILBO passed test VerifyReplicas

      Starting test: VerifyReferences

         The system object reference (serverReference)
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk and
 

         backlink on
 

         CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         The system object reference (frsComputerReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=BILBO,OU=Domain Controllers,DC=office,DC=zen,DC=co,DC=uk are
 

         correct. 

         The system object reference (serverReferenceBL)
 

         CN=BILBO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=office,DC=zen,DC=co,DC=uk
 

         and backlink on
 

         CN=NTDS Settings,CN=BILBO,CN=Servers,CN=ZenInternet-OfficeNetwork,CN=Sites,CN=Configuration,DC=office,DC=zen,DC=co,DC=uk
 

         are correct. 

         ......................... BILBO passed test VerifyReferences

      Starting test: VerifyEnterpriseReferences

         ......................... BILBO passed test VerifyEnterpriseReferences

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!

         Found KDC BILBO for domain office.zen.co.uk in site ZenInternet-OfficeNetwork

         Checking machine account for DC BILBO on DC BILBO.

         * SPN found :LDAP/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :LDAP/bilbo.office.zen.co.uk

         * SPN found :LDAP/BILBO

         * SPN found :LDAP/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :LDAP/1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk

         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1e34e300-8748-49e9-a163-c792a6524cd4/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk/office.zen.co.uk

         * SPN found :HOST/bilbo.office.zen.co.uk

         * SPN found :HOST/BILBO

         * SPN found :HOST/bilbo.office.zen.co.uk/ZENDOMAIN

         * SPN found :GC/bilbo.office.zen.co.uk/office.zen.co.uk

         [BILBO] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.

         ......................... BILBO passed test CheckSecurityError
 

DNS Tests are running and not hung. Please wait a few minutes...

   

   Running partition tests on : ForestDnsZones

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

   

   Running partition tests on : DomainDnsZones

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

   

   Running partition tests on : Schema

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

   

   Running partition tests on : Configuration

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

   

   Running partition tests on : office

      Starting test: CrossRefValidation

         ......................... office passed test CrossRefValidation

      Starting test: CheckSDRefDom

         ......................... office passed test CheckSDRefDom

   

   Running enterprise tests on : office.zen.co.uk

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope
 

         provided by the command line arguments provided. 

         Doing intersite inbound replication test on site
 

         ZenInternet-OfficeNetwork: 

            Locating & Contacting Intersite Topology Generator (ISTG) ... 

               The ISTG for site ZenInternet-OfficeNetwork is: FRODO. 

            Checking for down bridgeheads ... 

            Doing in depth site analysis ... 

               All expected sites and bridgeheads are replicating into site
 

               ZenInternet-OfficeNetwork. 

         ......................... office.zen.co.uk passed test Intersite

      Starting test: FsmoCheck

         GC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         PDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         Preferred Time Server Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         KDC Name: \\bilbo.office.zen.co.uk

         Locator Flags: 0xe00001fd

         ......................... office.zen.co.uk passed test FsmoCheck

      Starting test: DNS

         Test results for domain controllers:

            

            DC: bilbo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:13:72:4F:C2:68

                     IP address is static

                     IP address: 10.3.0.1

                     DNS servers:

                        10.5.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.1:

                     bilbo.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.1:

                     1e34e300-8748-49e9-a163-c792a6524cd4._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

                     Matching PDC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.pdc._msdcs.office.zen.co.uk
 

         

            

            DC: samwise.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:14:22:14:58:7A

                     IP address is static

                     IP address: 10.5.0.2

                     DNS servers:

                        10.5.0.2 (<name unavailable>) [Valid]

                        10.5.0.1 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.2:

                     samwise.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.2:

                     7ec29bae-365f-4f7c-9e58-3c2de5f45985._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.2:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.2:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

         

            

            DC: frodo.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                   Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     MAC address is 00:14:22:14:58:AA

                     IP address is static

                     IP address: 10.5.0.1

                     DNS servers:

                        10.5.0.1 (<name unavailable>) [Valid]

                        10.5.0.2 (<name unavailable>) [Valid]

                  The A record for this DC was found

                  The SOA record for the Active Directory zone was found

                  The Active Directory zone on this DC/DNS server was found (primary)

                  Root zone on this DC/DNS server was not found

                  

               TEST: Forwarders/Root hints (Forw)

                  Recursion is enabled

                  Forwarders Information: 

                     212.23.3.100 (<name unavailable>) [Valid] 

                     212.23.6.100 (<name unavailable>) [Valid] 

                  

               TEST: Delegations (Del)

                  No delegations were found in this zone on this DNS server

                  

               TEST: Dynamic update (Dyn)

                  Dynamic update is enabled on the zone office.zen.co.uk.

                  Test record _dcdiag_test_record added successfully in zone office.zen.co.uk.

                  Test record _dcdiag_test_record deleted successfully in zone office.zen.co.uk.

                  

               TEST: Records registration (RReg)

                  Network Adapter [00000002] Intel(R) PRO/1000 MT Network Connection:

                     Matching A record found at DNS server 10.5.0.1:

                     frodo.office.zen.co.uk
 

                     Matching CNAME record found at DNS server 10.5.0.1:

                     1f46d946-11e2-4e9c-bc59-a9efdfdf97db._msdcs.office.zen.co.uk
 

                     Matching DC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.dc._msdcs.office.zen.co.uk
 

                     Matching GC SRV record found at DNS server 10.5.0.1:

                     _ldap._tcp.gc._msdcs.office.zen.co.uk
 

         

            

            DC: pippin.office.zen.co.uk

            Domain: office.zen.co.uk
 

                  

               TEST: Authentication (Auth)

                  Authentication test: Successfully completed

                  

               TEST: Basic (Basc)

                  Error: No WMI connectivity

                  [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailable.) - Connection to WMI server failed]

         

         Summary of test results for DNS servers used by the above domain controllers:
 

            DNS server: 10.5.0.1 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 10.5.0.2 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered 

               

            DNS server: 212.23.3.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

            DNS server: 212.23.6.100 (<name unavailable>)

               All tests passed on this DNS server

               This is a valid DNS server. 

               

         Summary of DNS test results:

         

                                            Auth Basc Forw Del  Dyn  RReg Ext  

               ________________________________________________________________

            Domain: office.zen.co.uk

               bilbo                        PASS PASS PASS PASS PASS PASS n/a  

               samwise                      PASS PASS PASS PASS PASS PASS n/a  

               frodo                        PASS PASS PASS PASS PASS PASS n/a  

               pippin                       PASS FAIL n/a  n/a  n/a  n/a  n/a  

         

         ......................... office.zen.co.uk failed test DNS

Open in new window

0
 

Author Comment

by:Zen_Internet
ID: 20358305
I've investigated and discovered that (in my example) TCP 2881 is used during DCDIAG between the DC's, as this is a high port I'm pretty sure that it's just a randomly assigned port (not something I can forge a new FW rule on). I'd be keen not to just allow all high ports between the DC in the DMZ and the other DC's, everything seems pretty happy now so I'm going to leave it and see how it all goes. Anyone else got an advice on the rules needed between DC's, when separated by FW's?
0
 
LVL 2

Accepted Solution

by:
geniph earned 250 total points
ID: 20359813
0
 

Author Comment

by:Zen_Internet
ID: 20361490
Awesome! Thanks very much :)
0

Join & Write a Comment

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now