Antonio King
asked on
Demoted DC and network slow now
Afternoon,
A few weeks ago I demoted the Main DC server using DCPROMO.
The hole demotion went smoothly with no errors.
But now I'm gettin alot of users reporting their systems are slow in general.
There is only 1 DC in the building, this is also the File server, Exchange server 2003, DNS, DHCP and WINS Server.
Logging in seems to be a bit slower but not too bad, it's generally browsing/opening and saving files on the file server. Also opening, creating and saving emails are being reported as taking alot longer than usual.
I've checked the task manager than the most percentage of the network connection in use i've seen is 7%, The most use of the CPU use i've seen is 30-40%.
The DC is a Dell Poweredge 2800 running Windows Server 2003.
Please advise me on where to look or what to do to find out and resolve the cause of this network slow down.
Many thanks
A few weeks ago I demoted the Main DC server using DCPROMO.
The hole demotion went smoothly with no errors.
But now I'm gettin alot of users reporting their systems are slow in general.
There is only 1 DC in the building, this is also the File server, Exchange server 2003, DNS, DHCP and WINS Server.
Logging in seems to be a bit slower but not too bad, it's generally browsing/opening and saving files on the file server. Also opening, creating and saving emails are being reported as taking alot longer than usual.
I've checked the task manager than the most percentage of the network connection in use i've seen is 7%, The most use of the CPU use i've seen is 30-40%.
The DC is a Dell Poweredge 2800 running Windows Server 2003.
Please advise me on where to look or what to do to find out and resolve the cause of this network slow down.
Many thanks
As with all AD problems, I would start with DNS server check. Seems like your old DC is still referenced somewhere in DNS so clients are trying to contact it, and when they fail, they go to second DC which works.
You can Check this manually in DNS console: expand forward lookup zones and check _msdcs zone if old DC occurs anywhere. If you find it, you can delete it or you can run metadata cleanup on new DC:
http://technet.microsoft.com/en-us/library/cc736378.aspx
You can Check this manually in DNS console: expand forward lookup zones and check _msdcs zone if old DC occurs anywhere. If you find it, you can delete it or you can run metadata cleanup on new DC:
http://technet.microsoft.com/en-us/library/cc736378.aspx
ASKER
I've defined "slow" here...
"Logging in seems to be a bit slower but not too bad, it's generally browsing/opening and saving files on the file server. Also opening, creating and saving emails are being reported as taking alot longer than usual."
So emails, file browsing, and slow log ons (althought not to the extent of it reporting to the wrong DNS server)
The spec of the server is a dual core Xeon 3GHZ with 3GB RAM and is running Windows Server 2003 Standard Edition. With 2 SCSi drives at 130GB each.
"Logging in seems to be a bit slower but not too bad, it's generally browsing/opening and saving files on the file server. Also opening, creating and saving emails are being reported as taking alot longer than usual."
So emails, file browsing, and slow log ons (althought not to the extent of it reporting to the wrong DNS server)
The spec of the server is a dual core Xeon 3GHZ with 3GB RAM and is running Windows Server 2003 Standard Edition. With 2 SCSi drives at 130GB each.
Its bit tricky without knowing exactly wnat you have done:
Did you move the FSMO roles onto the new machine ?
Did you install DNS on the new machine
Did you reconfigure the clients to use the new server as their DNS server ?
Did you move the FSMO roles onto the new machine ?
Did you install DNS on the new machine
Did you reconfigure the clients to use the new server as their DNS server ?
ASKER
Apologies...
We used to have 2 DNS servers on the same site.
I've demoted one, leaving the other as the only and main one.
I've updated the DHCP to reflect the changes and checked numerous clients that they have the new DNS server addresses (which they do)
I have not moved the FSMO roles to the new machine.
We used to have 2 DNS servers on the same site.
I've demoted one, leaving the other as the only and main one.
I've updated the DHCP to reflect the changes and checked numerous clients that they have the new DNS server addresses (which they do)
I have not moved the FSMO roles to the new machine.
ASKER
I have an example:
Took a user 9 minutes to save a 22mb file. Normally it's not noticible for the user.
Took a user 9 minutes to save a 22mb file. Normally it's not noticible for the user.
the server that you have remaining is the forest root?? the first server commissioned and promoted? if this is the case then the FSMO roles will still be homed there.
if you ping the server from a station with the "slow" issue are you seeing any latency? ie
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
would be fine but...
Reply from x.x.x.x: bytes=32 time<50ms TTL=126
Reply from x.x.x.x: bytes=32 time<28ms TTL=126
Reply from x.x.x.x: bytes=32 time<74ms TTL=126
would indicate an issue with network traffic??
how many users are using the server?
What service pack are you running?
Windows server
exchange
is this happening to all users? or just some?
Sorry lots of questions..
/Fox
/Fox
if you ping the server from a station with the "slow" issue are you seeing any latency? ie
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
Reply from x.x.x.x: bytes=32 time<1ms TTL=126
would be fine but...
Reply from x.x.x.x: bytes=32 time<50ms TTL=126
Reply from x.x.x.x: bytes=32 time<28ms TTL=126
Reply from x.x.x.x: bytes=32 time<74ms TTL=126
would indicate an issue with network traffic??
how many users are using the server?
What service pack are you running?
Windows server
exchange
is this happening to all users? or just some?
Sorry lots of questions..
/Fox
/Fox
Dusan,
If the other DC was removed using DCpromo then there should be any need to remove anything....
/Fox
If the other DC was removed using DCpromo then there should be any need to remove anything....
/Fox
I know, but I am still waiting for Alan-Yeo to confirm that, I have seen numerous uncomplete demotes...
ASKER
@Dusan,
I checked the forwarders when the demotion shortly after the demotion and there were no references to the old DC. I've just checked again, and nothing is there.
@Knightfox
I've checked the response times and they are all coming back less than a milisecond, from numerous machines.
I checked the forwarders when the demotion shortly after the demotion and there were no references to the old DC. I've just checked again, and nothing is there.
@Knightfox
I've checked the response times and they are all coming back less than a milisecond, from numerous machines.
>> I have not moved the FSMO roles to the new machine. <<
Run DCDIAG to check Active Directory and the location of the FSMO roles
Run DCDIAG to check Active Directory and the location of the FSMO roles
Also, you said there is only one DC in the building. Are there any more outside (another site)?
and also run a netdiag as well please...
/Fox
/Fox
ASKER
@Duan Bajic
There are 2 other domain controllers at two other sites.
@ KTCS
DCDIAG Report:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
The host e4f78e29-d996-4c9c-9499-76 f5d5b99cc1 ._msdcs.DO MAIN.BLABL ABLA.CO.UK could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(e4f78e29-d996-4c9c-9499-7 6f5d5b99cc 1._msdcs.D OMAIN.BLAB LABLA.CO.U K)
couldn't be resolved, the server name
(SERVER.DOMAIN.BLABLABLA.C O.UK) resolved to the IP address
(***.***.***.***) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... SERVER failed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.BLABLABLA.CO.UK passed test FsmoCheck
@Knightfox
.......................... .......... ..
Computer Name: SERVER
DNS Host Name: SERVER.DOMAIN.BLABLABLA.CO .UK
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB915800-v9
KB921503
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933566-IE7
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936059
KB936357
KB936782
KB937143-IE7
KB938127-IE7
KB938464
KB938759-v4
KB939653-IE7
KB940848-v3
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615-IE7
KB942763
KB942830
KB942831
KB942841
KB943055
KB943460
KB943484
KB943485
KB943729
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948745
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838-IE7
KB953839
KB954211
KB956390-IE7
KB956391
KB956803
KB956841
KB957095
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : ***.***.***.***
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : ***.***.***.***
Dns Servers. . . . . . . . : ***.***.***.***
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : {FA7B7980-2826-4AA6-B663-E 5F6FF10262 D}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : ***.***.***.***
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CCF201E9-FE40 -47E1-9DA5 -E10C948E2 1B9}
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '***.***.***.***'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CCF201E9-FE40 -47E1-9DA5 -E10C948E2 1B9}
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FA7B7980-2826 -4AA6-B663 -E5F6FF102 62D}
NetBT_Tcpip_{CCF201E9-FE40 -47E1-9DA5 -E10C948E2 1B9}
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
There are 2 other domain controllers at two other sites.
@ KTCS
DCDIAG Report:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
The host e4f78e29-d996-4c9c-9499-76
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(e4f78e29-d996-4c9c-9499-7
couldn't be resolved, the server name
(SERVER.DOMAIN.BLABLABLA.C
(***.***.***.***) and was pingable. Check that the IP address is
registered correctly with the DNS server.
......................... SERVER failed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.BLABLABLA.CO.UK passed test FsmoCheck
@Knightfox
..........................
Computer Name: SERVER
DNS Host Name: SERVER.DOMAIN.BLABLABLA.CO
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB915800-v9
KB921503
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931768
KB931784
KB931836
KB932168
KB933360
KB933566
KB933566-IE7
KB933729
KB933854
KB935839
KB935840
KB935966
KB936021
KB936059
KB936357
KB936782
KB937143-IE7
KB938127-IE7
KB938464
KB938759-v4
KB939653-IE7
KB940848-v3
KB941202
KB941568
KB941569
KB941644
KB941672
KB941693
KB942615-IE7
KB942763
KB942830
KB942831
KB942841
KB943055
KB943460
KB943484
KB943485
KB943729
KB944533-IE7
KB944653
KB945553
KB946026
KB947864-IE7
KB948496
KB948590
KB948745
KB948881
KB949014
KB950759-IE7
KB950760
KB950762
KB950974
KB951066
KB951072-v2
KB951698
KB951746
KB951748
KB952954
KB953838-IE7
KB953839
KB954211
KB956390-IE7
KB956391
KB956803
KB956841
KB957095
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : ***.***.***.***
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : ***.***.***.***
Dns Servers. . . . . . . . : ***.***.***.***
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Adapter : {FA7B7980-2826-4AA6-B663-E
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : SERVER
IP Address . . . . . . . . : ***.***.***.***
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{CCF201E9-FE40
NetBT_Tcpip_{FA7B7980-2826
2 NetBt transports currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Failed
[WARNING] The DNS entries for this DC are not registered correctly on DNS server '***.***.***.***'. Please wait for 30 minutes for DNS server replication.
[FATAL] No DNS servers have the DNS records for this DC registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{CCF201E9-FE40
NetBT_Tcpip_{FA7B7980-2826
The redir is bound to 2 NetBt transports.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FA7B7980-2826
NetBT_Tcpip_{CCF201E9-FE40
The browser is bound to 2 NetBt transports.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Check in the root of _msdcs zone if there exists Alias (CNAME) record for e4f78e29-d996-4c9c-9499-76 f5d5b99cc1
pointing to
SERVER.DOMAIN.BLABLABLA.CO .UK
pointing to
SERVER.DOMAIN.BLABLABLA.CO
ASKER
That record does not exist.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you perform nslookup against the DC? for itself?
ASKER
@Dusan_Bajic
I reset the NETLOGON service and checked for that CNAME record. It still doesn't exist, anywhere.
Also there are NO references to the old DC other than an A record for it.
@knightfox
nslookup returns
Default Server: UnKnown
Address: ***.***.***.***
>
I reset the NETLOGON service and checked for that CNAME record. It still doesn't exist, anywhere.
Also there are NO references to the old DC other than an A record for it.
@knightfox
nslookup returns
Default Server: UnKnown
Address: ***.***.***.***
>
You can add record manually, it will do no harm. Then try dcdiag again.
ASKER
i've added that record manually, dcdiag passes all tests.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
......................... SERVER passed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.BLABLABLA.CO.UK passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Starting test: Replications
......................... SERVER passed test Replications
Starting test: NCSecDesc
......................... SERVER passed test NCSecDesc
Starting test: NetLogons
......................... SERVER passed test NetLogons
Starting test: Advertising
......................... SERVER passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test RidManager
Starting test: MachineAccount
......................... SERVER passed test MachineAccount
Starting test: Services
......................... SERVER passed test Services
Starting test: ObjectsReplicated
......................... SERVER passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test frssysvol
Starting test: frsevent
......................... SERVER passed test frsevent
Starting test: kccevent
......................... SERVER passed test kccevent
Starting test: systemlog
......................... SERVER passed test systemlog
Starting test: VerifyReferences
......................... SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.BLABLABLA.CO.UK passed test FsmoCheck
OK, we are moving somewhere :)
Can you test speed now?
Can you test speed now?
Also keep an eye on event log after this point and paste any AD related errors here.
ASKER
I'll report back in a couple of days.
I myself do not experience any problems on my computer.
Although i'm not regularily opening files from our file server like most users.
nslookup is still reporting it doesn't know it's name!
Also, should I run these checks on the other DC's?
I've just ran one on one of them and it's reporting loads of errors all reporting back to this main one.
I myself do not experience any problems on my computer.
Although i'm not regularily opening files from our file server like most users.
nslookup is still reporting it doesn't know it's name!
Also, should I run these checks on the other DC's?
I've just ran one on one of them and it's reporting loads of errors all reporting back to this main one.
Sure, run dcdiag on all servers and paste (or attach .txt) here, also run ipconfig /all on DC's and one (your) desktop.
These DNS issues are usually hard to locate but not so hard to correct.
These DNS issues are usually hard to locate but not so hard to correct.
ASKER
ipconfig/all are fine on all servers and workstations (i've tested a few)
The DC's all point just to themselves as the main DNS, and the default gateways/ip address are all correct. So I'm not worried there.
I think I can work through the dcdiag errors, but If i do run into difficulty i'll post back here.
Would that CNAME record missing cause a slowdown when opening files/emails etc?
The DC's all point just to themselves as the main DNS, and the default gateways/ip address are all correct. So I'm not worried there.
I think I can work through the dcdiag errors, but If i do run into difficulty i'll post back here.
Would that CNAME record missing cause a slowdown when opening files/emails etc?
The fact that NSLOOKUP returns
Default Server: UnKnown
Address: ***.***.***.***
... is normal - its becuase there is no reverse lookup zone - it not required and is not relvant to your problem
Default Server: UnKnown
Address: ***.***.***.***
... is normal - its becuase there is no reverse lookup zone - it not required and is not relvant to your problem
>> The DC's all point just to themselves as the main DNS <<
What to the point to as the alternate DNS? - You should only have INTERNAL DNS server listed
What to the point to as the alternate DNS? - You should only have INTERNAL DNS server listed
ASKER
@ KCTS
Each of our sites has its on DC, each DC has DNS Server running, all replicating to one another.
EG. Ipconfig/all for "DC SERVER1" has its Primary DNS server set to "DC SERVER1", and for now, there is no Alternate DNS server.
Each of our sites has its on DC, each DC has DNS Server running, all replicating to one another.
EG. Ipconfig/all for "DC SERVER1" has its Primary DNS server set to "DC SERVER1", and for now, there is no Alternate DNS server.
OK thats fine - not a bad idea to put another internal server as the alternate though...
did you see my comment about NSLOOKUP ?
did you see my comment about NSLOOKUP ?
ASKER
I did, and couldn't believe that didn't twig with me straight away! Haha.
Ok, two of the DC servers are not reporting any errors in dcdiag now. But one of them is... (Note, this is not the main one this topic was orginally discussing)
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: LOCATION3\SERVER3
Starting test: Connectivity
......................... SERVER3 passed test Connectivity
Doing primary tests
Testing server: LOCATION3\SERVER3
Starting test: Replications
......................... SERVER3 passed test Replications
Starting test: NCSecDesc
......................... SERVER3 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER3 passed test NetLogons
Starting test: Advertising
......................... SERVER3 passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER is the Schema Owner, but is not responding to DS RPC Bind.
[SERVER] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER is the Schema Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Domain Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Domain Owner, but is not responding to LDAP Bind.
Warning: SERVER is the PDC Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Rid Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... SERVER3 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER3 failed test RidManager
Starting test: MachineAccount
......................... SERVER3 passed test MachineAccount
Starting test: Services
......................... SERVER3 passed test Services
Starting test: ObjectsReplicated
......................... SERVER3 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER3 passed test frssysvol
Starting test: frsevent
......................... SERVER3 passed test frsevent
Starting test: kccevent
......................... SERVER3 passed test kccevent
Starting test: systemlog
......................... SERVER3 passed test systemlog
Starting test: VerifyReferences
......................... SERVER3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.BLABLABLA.CO.UK failed test FsmoCheck
Ok, two of the DC servers are not reporting any errors in dcdiag now. But one of them is... (Note, this is not the main one this topic was orginally discussing)
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: LOCATION3\SERVER3
Starting test: Connectivity
......................... SERVER3 passed test Connectivity
Doing primary tests
Testing server: LOCATION3\SERVER3
Starting test: Replications
......................... SERVER3 passed test Replications
Starting test: NCSecDesc
......................... SERVER3 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER3 passed test NetLogons
Starting test: Advertising
......................... SERVER3 passed test Advertising
Starting test: KnowsOfRoleHolders
[SERVER] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: SERVER is the Schema Owner, but is not responding to DS RPC Bind.
[SERVER] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: SERVER is the Schema Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Domain Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Domain Owner, but is not responding to LDAP Bind.
Warning: SERVER is the PDC Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the PDC Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Rid Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Rid Owner, but is not responding to LDAP Bind.
Warning: SERVER is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: SERVER is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... SERVER3 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER3 failed test RidManager
Starting test: MachineAccount
......................... SERVER3 passed test MachineAccount
Starting test: Services
......................... SERVER3 passed test Services
Starting test: ObjectsReplicated
......................... SERVER3 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER3 passed test frssysvol
Starting test: frsevent
......................... SERVER3 passed test frsevent
Starting test: kccevent
......................... SERVER3 passed test kccevent
Starting test: systemlog
......................... SERVER3 passed test systemlog
Starting test: VerifyReferences
......................... SERVER3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Starting test: Intersite
......................... DOMAIN.BLABLABLA.CO.UK passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.BLABLABLA.CO.UK failed test FsmoCheck
Run these two pings on server3:
ping SERVER.DOMAIN.BLABLABLA.CO .UK
ping e4f78e29-d996-4c9c-9499-76 f5d5b99cc1 ._msdsc.do main.blabl abla.co.uk
ping SERVER.DOMAIN.BLABLABLA.CO
ping e4f78e29-d996-4c9c-9499-76
ASKER
Ok, responses...
Pinging SERVER.DOMAIN.BLABLABLA.CO .UK [***.***.***.***] with 32 bytes of data:
Reply from ***.***.***.***: bytes=32 time=28ms TTL=128
Reply from ***.***.***.***: bytes=32 time=30ms TTL=128
Reply from ***.***.***.***: bytes=32 time=30ms TTL=128
Reply from ***.***.***.***: bytes=32 time=60ms TTL=128
Ping statistics for ***.***.***.***:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 60ms, Average = 37ms
Ping request could not find host e4f78e29-d996-4c9c-9499-76 f5d5b99cc1 ._msdsc.DO MAIN.BLABL ABLA.co.uk . Please check the name and try again.
Pinging SERVER.DOMAIN.BLABLABLA.CO
Reply from ***.***.***.***: bytes=32 time=28ms TTL=128
Reply from ***.***.***.***: bytes=32 time=30ms TTL=128
Reply from ***.***.***.***: bytes=32 time=30ms TTL=128
Reply from ***.***.***.***: bytes=32 time=60ms TTL=128
Ping statistics for ***.***.***.***:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 60ms, Average = 37ms
Ping request could not find host e4f78e29-d996-4c9c-9499-76
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
There are numerous errors in the DNS event logs.
SERVER resides in 192.168.58...
SERVER2 resides in 192.168.50...
SERVER3 resides in 192.168.20...
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000051
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone 50.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone 58.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone domain.blablabla.co.uk. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
-------------------------- -----
-------------------------- -----
There's a warning on SERVER...
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 21/10/2008
Time: 17:40:24
User: N/A
Computer: SERVER
Description:
The DNS server encountered error 32 attempting to load zone 20.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
-------------------------- -----
-------------------------- -----
-------------------------- -----
Theres also 5 errors on SERVER2
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000051
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone 50.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone 58.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone domain.blablabla.co.uk. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
-------------------------- -----
Wow, I hope I've laid that all out easy to read!
SERVER resides in 192.168.58...
SERVER2 resides in 192.168.50...
SERVER3 resides in 192.168.20...
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000051
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone 50.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone 58.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 20/10/2008
Time: 17:10:20
User: N/A
Computer: SERVER3
Description:
The DNS server was unable to complete directory service enumeration of zone domain.blablabla.co.uk. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
--------------------------
--------------------------
There's a warning on SERVER...
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 21/10/2008
Time: 17:40:24
User: N/A
Computer: SERVER
Description:
The DNS server encountered error 32 attempting to load zone 20.168.192.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
--------------------------
--------------------------
--------------------------
Theres also 5 errors on SERVER2
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 00000051
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone 50.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone 58.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4004
Date: 10/17/2008
Time: 12:08:32 AM
User: N/A
Computer: SERVER2
Description:
The DNS server was unable to complete directory service enumeration of zone domain.blablabla.co.uk. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0000232a
--------------------------
Wow, I hope I've laid that all out easy to read!
If you have three DCs and there is DNS service on each of them, you should setup ipconfig on all DCs so that every DC points to all three of them (I hope you have active directory integrated DNS zones). (point to itself first, then the others), at least untill you solve these issues.
I'll read the errors tomorrow :)
Oh, and what about 2. and 3. from my previous post?
I'll read the errors tomorrow :)
Oh, and what about 2. and 3. from my previous post?
ASKER
I ran the following commands on all DC's...
ipconfig/flushdns
net stop netlogon
net start netlogon
ipconfig/registerdns
It appears dcdiag only has one error on SERVER3 now...
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.BLABLABLA.CO.UK failed test FsmoCheck
ipconfig/flushdns
net stop netlogon
net start netlogon
ipconfig/registerdns
It appears dcdiag only has one error on SERVER3 now...
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... DOMAIN.BLABLABLA.CO.UK failed test FsmoCheck
ASKER
Hi Dusan.
My above reply solved number 2. in your previous post.
There are no other errors anywhere other than those DNS errors. Of which I think have probably been resolved through my actions in my above post.
Only error left now is the one above.
I think we are getting somewhere now! :)
I think the replication problems with SERVER3 are due to environment power failures in that building.
A new UPS is now in place that should savely shutdown the server now.
My above reply solved number 2. in your previous post.
There are no other errors anywhere other than those DNS errors. Of which I think have probably been resolved through my actions in my above post.
Only error left now is the one above.
I think we are getting somewhere now! :)
I think the replication problems with SERVER3 are due to environment power failures in that building.
A new UPS is now in place that should savely shutdown the server now.
Ok, for this error: check in server3 DNS: _msdcs... , pdc, _tcp: what do you have there?
ASKER
There are records for SERVER2 and SERVER3 but nothing for SERVER. (Only that CNAME record you asked me to manually create)
There should be only one server in pdc branch, check again please
ASKER
Oh, missed that. There is no PDC branch.
In fact none of the DNS servers have a pdc branch under _msdcs
In fact none of the DNS servers have a pdc branch under _msdcs
Can you please run
DCdiag /test:Knowsofroleholders /v
on all three servers (no need to paste all if they are the same)
DCdiag /test:Knowsofroleholders /v
ASKER
All the same responses...
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SERVER, is a DC.
* Connecting to directory service on server SERVER.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=DOM AIN,CN=Sit es,CN=Conf iguration, DC=DOMAIN, DC=BLABLAB LA,DC=CO,D C=UK
Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=DOM AIN,CN=Sit es,CN=Conf iguration, DC=DOMAIN, DC=BLABLAB LA,DC=CO,D C=UK
Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=DOM AIN,CN=Sit es,CN=Conf iguration, DC=DOMAIN, DC=BLABLAB LA,DC=CO,D C=UK
Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=DOM AIN,CN=Sit es,CN=Conf iguration, DC=DOMAIN, DC=BLABLAB LA,DC=CO,D C=UK
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Serv ers,CN=DOM AIN,CN=Sit es,CN=Conf iguration, DC=DOMAIN, DC=BLABLAB LA,DC=CO,D C=UK
......................... SERVER passed test KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DOMAIN
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine SERVER, is a DC.
* Connecting to directory service on server SERVER.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DOMAIN\SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERVER passed test Connectivity
Doing primary tests
Testing server: DOMAIN\SERVER
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER,CN=Serv
......................... SERVER passed test KnowsOfRoleHolders
Test omitted by user request: RidManager
Test omitted by user request: MachineAccount
Test omitted by user request: Services
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: ObjectsReplicated
Test omitted by user request: frssysvol
Test omitted by user request: frsevent
Test omitted by user request: kccevent
Test omitted by user request: systemlog
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DomainDnsZones
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Schema
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : Configuration
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running partition tests on : DOMAIN
Test omitted by user request: CrossRefValidation
Test omitted by user request: CheckSDRefDom
Running enterprise tests on : DOMAIN.BLABLABLA.CO.UK
Test omitted by user request: Intersite
Test omitted by user request: FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Under _msdcs you should have: dc, domains, gc and pdc. Is the pdc only one missing?
ASKER
pdc is the only one missing under _msdcs.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Am I manually adding this to SERVER3, the one with the error in DCDIAG?
Yes, but later it should replicate itself to all DNS servers
ASKER
Hurrah!
No dcdiag errors on any DC's now. Changes look like they're replicating now.
I shall report back next week to give my users a few days to see whether these changes affect their "problems"
No dcdiag errors on any DC's now. Changes look like they're replicating now.
I shall report back next week to give my users a few days to see whether these changes affect their "problems"
Cool, also keep an eye on event log errors and post if you find any.
ASKER
Thanks for all your help guys
Is this a small business server?? or standard MS installs? the fact that you are running a DC as a files server, exchange server dhcp, dns and wins could be contributing to the issue.. I am going to guess that the server disks are being hammered.
MS recomend that you do not run exchange on the same server as a domain controller...
Could you please tell me the spec of the server?
When the users say slow.. what do they mean...
slow logon?
file browsing?
Outlook/Email?
internet?
could you please define slow.
/Fox