Solved

How to interpret DCDIAG results

Posted on 2008-06-18
1
796 Views
Last Modified: 2012-05-05
Hello All,
We have a total of 4 Domain Controllers, all running Windows Server 2003, SP2. I ran DCDIAG on all of them, and only 1 DC displays an error. The other 3 are completely clean.

Here is the error:
Test: frssysvol
There are errors after SYSVOL has been shared

The error is to 1 DC

We're also getting a lot of KDC errors in the application log on this DC, which could explain why our Cisco Secure ACS is not authenticating wireless or VPN users through this DC. This DC is acting as a RADIUS server.

The KDC error event ID are 7 and 20.

The only real issue we're having is with this Cisco Secure ACS authentication via RADIUS. Everyone else authenticates OK.

If anyone can help, it would be much appreciated.
Thanks!
John
0
Comment
Question by:lyon-it
1 Comment
 
LVL 3

Accepted Solution

by:
GlobalStrata earned 500 total points
ID: 21816601
Most of the issues of dcdiag are DNS records configuration.   Microsoft has a free webcast that explains a bit about using DCdiag for troubleshooting DNS: http://support.microsoft.com/kb/905900

Also, the following articles will help you read the output:

http://technet2.microsoft.com/windowsserver/en/library/5237db58-a1e8-40cd-ae8a-7f52848a90f21033.mspx?mfr=true

http://technet2.microsoft.com/windowsserver/en/library/824f106c-a90b-421b-aa44-ebc1403c8b4c1033.mspx?mfr=true

cheers,

Gladys I. Rodriguez
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Missing Sysvol 13 31
local administrator password solution 26 77
edit user account 1 30
Using an internal domain name that you do not own 6 44
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now