Solved

Primary DC Won't Start AD or DNS on Own Needs Secondary DNS

Posted on 2008-10-29
70
3,221 Views
Last Modified: 2012-08-10
Alright I'll give you the run down on this one. I have six sites consisting of six DCs all Windows 2008. All Sites have VPNs to Head Office and all sites have VPN to secondary site. AD Sites and Services is setup to reflect this for replication.

Now the issue I have, which by the way came out of no where as it was working before without any issues until they were physically moved and placed into production, is this. When my primary DC is pointed to itself for DNS and is rebooted the server will take an extremely long time to load back up usually 10-15minutes. Then DNS is broken none of the AD components will work. IE Sites and Services, Users and Computers etc.

I get the following eventlog error for AD Domain Services on the server in question. This error occurs 5 times once for every DC.

Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 EDMGSSERVER01
Failing DNS host name:
 2fc0ca51-7f0d-4e39-a431-71efc4c87342._msdcs.ats.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
 
  dcdiag /test:dns
 
 4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11001 No such host is known.


Now on the DNS side of things I will get the following error message repeating every two minutes......seems like the chicken and the egg.

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.


Now as soon as I add another DC DNS Server IP to the NIC everything comes up fine without any issues with a reboot. No errors or anything. I am bit worried as this is the primary DC and has all roles for AD residing on it.

Thoughts??

0
Comment
Question by:ssiadmin
  • 35
  • 22
  • 8
  • +4
70 Comments
 
LVL 18

Expert Comment

by:exx1976
Comment Utility
DNS servers should NEVER be pointed to themselves.  You risk creating what's called a DNS island.

http://support.microsoft.com/kb/275278
0
 
LVL 9

Expert Comment

by:monorail1
Comment Utility
Can you install Windows Support Tools then run a netdiag & dcdiag from cmd prompt? When you physically relocated the servers, did you do an ipconfig /flushdns & ipconfig /registerdns? Other than DNS, are there any other entries in your system or FRS eventvwr? Are there any DNS errors on your other DC/DNS servers? From another machine, can you ping 2fc0ca51-7f0d-4e39-a431-71efc4c87342._msdcs.ats.local? Is this server still listed on the DNS name servers tab and available for replication/zone transfer? Is it a GC under the new AD sites & services?


~ CFJ
0
 

Author Comment

by:ssiadmin
Comment Utility
Internesting, even if this was the case shouldn't the forest root still start being pointed to itself?

When they were relocated the only change that happened was external IP interfaces on the routers. The internal subnets for each site were already in place and did not change.

There are no errors on the other DCs. I don't leave the server in that state for long so it may not pop an error to the other DCs. When it is in that state it isn't avalaible for replication. I can ping it when it isn't in that state. However can't test currently during business hours. And yes it is a GC.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
The DNS island effect was fixed in 2003 Server. All DCs should point to themselves for DNS resolution. I would do a dcdiag /test:dns. Make sure you change the DNS IP to point back to itself for testing purposes. Make sure when you change it do a dcdiag /fix on the DC.
0
 

Author Comment

by:ssiadmin
Comment Utility
When I do have it set to itself as DNS while it "came up with a secondary DNS IP present" and test everything comes back fine. However if I run this test after a reboot without another DNS server in the domain I have massive failures. Cannot find DNS no Active Directory installed etc....

The only way I can do this test is while it came up with a secondary DNS and then remove the secondary and run the tests and fix. This doesn't fix the issue.....as with a reboot the same thing will happen if a secondary isn't present. I have tried removing the DNS role and adding it again. I was thinking of moving over all FSMO roles to another DC and removing AD and DNS from this server completely and readding them, BUT I REALLY don't want to do this if I can help it.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Do a dcdiag /test:dns and post results for me. Disable IPv6 on the server. I didn't realize it was 2008. Make sure you disable that.
0
 

Author Comment

by:ssiadmin
Comment Utility
Do you want it run in the current "working state" or when it is non functional? I can do current state now and non functional after hours......
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Both would be good. I still think it is the IPv6 that is doing it.
0
 

Author Comment

by:ssiadmin
Comment Utility
Here it is currently....IPv6 disabled.

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = EDMSERVER01
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Connectivity
         ......................... EDMSERVER01 passed test Connectivity

Doing primary tests

   Testing server: ATS-EDM-HeadOffice\EDMSERVER01

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... EDMSERVER01 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : ats

   Running enterprise tests on : ats.local
      Starting test: DNS
         Test results for domain controllers:

            DC: EDMSERVER01.ats.local
            Domain: ats.local


               TEST: Basic (Basc)
                  Warning: The AAAA record for this DC was not found

               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server:
                  f.root-servers.net. (2001:500:2f::f)
                  Error: Root hints list has invalid root hint server:
                  h.root-servers.net. (2001:500:1::803f:235)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Intel(R) PRO/1000 MT Network Connection:
                     Warning:
                     Missing AAAA record at DNS server 10.25.30.10:
                     EDMSERVER01.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.30.10:
                     gc._msdcs.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.31.10:
                     EDMSERVER01.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.31.10:
                     gc._msdcs.ats.local

               Warning: Record Registrations not found in some network adapters

         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107
            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 198.32.64.12
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

            DNS server: 2001:500:2f::f (f.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: ats.local
               EDMSERVER01                  PASS WARN FAIL PASS PASS WARN n/a

         ......................... ats.local failed test DNS




I'll run this non functioning after hours...
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
When you disabled IPv6 did you do a dcdiag /fix on the system? If not do that. This looks like IPv6 is causing some problems. The DC is looking for AAAA records which are IPv6. I don't the A record test which usually points to IPv6.


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server:
                  a.root-servers.net. (2001:503:ba3e::2:30)
                  Error: Root hints list has invalid root hint server:
                  b.root-servers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server:
                  f.root-servers.net. (2001:500:2f::f)
                  Error: Root hints list has invalid root hint server:
                  h.root-servers.net. (2001:500:1::803f:235)
                  Error: Root hints list has invalid root hint server:
                  l.root-servers.net. (198.32.64.12)

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Intel(R) PRO/1000 MT Network Connection:
                     Warning:
                     Missing AAAA record at DNS server 10.25.30.10:
                     EDMSERVER01.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.30.10:
                     gc._msdcs.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.31.10:
                     EDMSERVER01.ats.local

                     Warning:
                     Missing AAAA record at DNS server 10.25.31.10:
                     gc._msdcs.ats.local
0
 

Author Comment

by:ssiadmin
Comment Utility
I did run the dcdiag /fix. That was the result.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
I guess you will have to do a restart then but make sure IPv6 is fully gone of your nic when you do an ipconfig /all. Do you have one or two NICs?
0
 

Author Comment

by:ssiadmin
Comment Utility
After a reboot with it with IPv6 the same output as above is still valid. Only have one NIC.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Do an ipconfig /all then post. Also, rerun the dcdiag
0
 

Author Comment

by:ssiadmin
Comment Utility
Here it is....

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EDMSERVER01
   Primary Dns Suffix  . . . . . . . : ats.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ats.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-B6-4F-B2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.25.30.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.25.30.1
   DNS Servers . . . . . . . . . . . : 10.25.30.10
                                       10.25.31.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{49F67131-E44F-4783-8545-DB2CABD16
ECE}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


DCDiag


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine EDMSERVER01, is a Directory Server.
   Home Server = EDMSERVER01

   * Connecting to directory service on server EDMSERVER01.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMRSSERVER01,CN=Servers,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMGSSERVER01,CN=Servers,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALSOSERVER01,CN=Servers,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALRSSERVER01,CN=Servers,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMTCSERVER01,CN=Servers,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 6 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         Determining IP6 connectivity
         * Active Directory RPC Services Check
         ......................... EDMSERVER01 passed test Connectivity



Doing primary tests

   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01

      Starting test: Advertising

         The DC EDMSERVER01 is advertising itself as a DC and having a DS.
         The DC EDMSERVER01 is advertising as an LDAP server
         The DC EDMSERVER01 is advertising as having a writeable directory
         The DC EDMSERVER01 is advertising as a Key Distribution Center
         The DC EDMSERVER01 is advertising as a time server
         The DS EDMSERVER01 is advertising as a GC.
         ......................... EDMSERVER01 passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         Skip the test because the event log File Replication Service does not exist.
         ......................... EDMSERVER01 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occurred.  EventID: 0x80001396

            Time Generated: 10/30/2008   09:52:33

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Error Event occurred.  EventID: 0xC000138A

            Time Generated: 10/30/2008   09:52:48

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Warning Event occurred.  EventID: 0x80001396

            Time Generated: 10/30/2008   13:06:31

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Error Event occurred.  EventID: 0xC0001390

            Time Generated: 10/30/2008   13:09:33

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Warning Event occurred.  EventID: 0x80001396

            Time Generated: 10/30/2008   19:00:28

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Warning Event occurred.  EventID: 0x80001396

            Time Generated: 10/30/2008   19:00:39

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Error Event occurred.  EventID: 0xC00004B2

            Time Generated: 10/30/2008   21:08:06

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Error Event occurred.  EventID: 0xC00004B2

            Time Generated: 10/30/2008   21:13:07

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         An Error Event occurred.  EventID: 0xC00004B2

            Time Generated: 10/30/2008   21:28:07

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,

            error 0x3afc)

         ......................... EDMSERVER01 failed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... EDMSERVER01 passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... EDMSERVER01 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         ......................... EDMSERVER01 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC EDMSERVER01 on DC EDMSERVER01.
         * SPN found :LDAP/EDMSERVER01.ats.local/ats.local
         * SPN found :LDAP/EDMSERVER01.ats.local
         * SPN found :LDAP/EDMSERVER01
         * SPN found :LDAP/EDMSERVER01.ats.local/ATS
         * SPN found :LDAP/492ec86d-7284-4b41-aa04-2462acdf0c3c._msdcs.ats.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/492ec86d-7284-4b41-aa04-2462acdf0c3c/ats.local
         * SPN found :HOST/EDMSERVER01.ats.local/ats.local
         * SPN found :HOST/EDMSERVER01.ats.local
         * SPN found :HOST/EDMSERVER01
         * SPN found :HOST/EDMSERVER01.ats.local/ATS
         * SPN found :GC/EDMSERVER01.ats.local/ats.local
         ......................... EDMSERVER01 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC EDMSERVER01.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=ats,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=ats,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=ats,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=ats,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=ats,DC=local
            (Domain,Version 3)
         ......................... EDMSERVER01 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\EDMSERVER01\netlogon
         Verified share \\EDMSERVER01\sysvol
         ......................... EDMSERVER01 passed test NetLogons

      Starting test: ObjectsReplicated

         EDMSERVER01 is in domain DC=ats,DC=local
         Checking for CN=EDMSERVER01,OU=Domain Controllers,DC=ats,DC=local in domain DC=ats,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local in domain CN=Configuration,DC=ats,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... EDMSERVER01 passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
         ......................... EDMSERVER01 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4101 to 1073741823
         * EDMSERVER01.ats.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1101 to 1600
         * rIDPreviousAllocationPool is 1101 to 1600
         * rIDNextRID: 1262
         ......................... EDMSERVER01 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... EDMSERVER01 passed test Services

      Starting test: SystemLog

         * The System Event log test
         An Warning Event occurred.  EventID: 0x8000001D

            Time Generated: 10/31/2008   07:35:40

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:12:52

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:12:53

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:12:55

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:12:58

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:12:59

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:13:00

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:13:03

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:13:04

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         An Error Event occurred.  EventID: 0x00000457

            Time Generated: 10/31/2008   08:13:05

            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error

            0x3afc)

         ......................... EDMSERVER01 failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=EDMSERVER01,OU=Domain Controllers,DC=ats,DC=local and backlink on

         CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=EDMSERVER01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=ats,DC=local

         and backlink on

         CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local

         are correct.
         ......................... EDMSERVER01 passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : ats

      Starting test: CheckSDRefDom

         ......................... ats passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ats passed test CrossRefValidation

   
   Running enterprise tests on : ats.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\EDMSERVER01.ats.local

         Locator Flags: 0xe00013fd
         PDC Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         Time Server Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         Preferred Time Server Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         KDC Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         ......................... ats.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site ATS-EDM-HeadOffice, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site ATS-EDM-RentalShop, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site ATS-EDM-GuideSign, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site ATS-EDM-Trafco, this site is outside the scope provided

         by the command line arguments provided.
         Skipping site ATS-CAL-RentalShop, this site is outside the scope

         provided by the command line arguments provided.
         Skipping site ATS-CAL-SalesOffice, this site is outside the scope

         provided by the command line arguments provided.
         ......................... ats.local passed test Intersite

0
 

Author Comment

by:ssiadmin
Comment Utility
I'll run this on the server tonight when it is the only has itself as DNS.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Can  you post the exact errors in the Event Log?
0
 

Author Comment

by:ssiadmin
Comment Utility
These are not specific errors to do with AD all seem to be TerminalServices-Printers errors do to redirection. Such as....

Driver RelayFax OCR Print Driver required for printer RelayFax OCR Printer Driver is unknown. Contact the administrator to install the driver before you log in again.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
So, there is no errors in the DNS, Directory Services, or FRS? If you go to the Event Viewer look for Application and Services if you are looking at the 2008 machine. When you open DNS on the 2008 server do you see SRV and A records for this DC?
0
 

Author Comment

by:ssiadmin
Comment Utility
The errors that are present were from yesterday when then system was only under its own DNS. There were:

DNS

The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

DFS

The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
 
Additional Information:
Error: 160 (One or more arguments are not correct.)

Directory Service

The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
 
Some clients may currently be relying on unsigned SASL binds or LDAP simple binds over a non-SSL/TLS connection, and will stop working if this configuration change is made.  To assist in identifying these clients, if such binds occur this  directory server will log a summary event once every 24 hours indicating how many such binds  occurred.  You are encouraged to configure those clients to not use such binds.  Once no such events are observed  for an extended period, it is recommended that you configure the server to reject such binds.
 
For more details and information on how to make this configuration change to the server, please see http://go.microsoft.com/fwlink/?LinkID=87923.
 
You can enable additional logging to log an event each time a client makes such a bind, including information on which client made the bind.  To do so, please raise the setting for the "LDAP Interface Events" event logging category to level 2 or higher.

Active Directory Domain Services was unable to establish a connection with the global catalog.
 
Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200d50
 
User Action:
Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

This error below occurs 5 different time for every other DC in the forest....

Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
 
Source domain controller:
 EDMTCSERVER01
Failing DNS host name:
 bfd6940c-3f3c-487d-b97c-8c1fc2d8df8f._msdcs.ats.local
 
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur.  To log all individual failure events, set the following diagnostics registry value to 1:
 
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
 
User Action:
 
 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
 
 2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
 
 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
 
  dcdiag /test:dns
 
 4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
 
  dcdiag /test:dns
 
 5) For further analysis of DNS error failures see KB 824449:
   http://support.microsoft.com/?kbid=824449
 
Additional Data
Error value:
 11001 No such host is known.



Yes I do see A records and SRV record for this DC. However when I try to view DNS when it is only itself as DNS, DNS won't load and I cant see anything at all.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Are you using the actual IP address not the 127.0.0.1 loopback address when you put this IP address by itself, right? We are going to have to wait until tonight to really get into testing or when you can change it back to point to itself only.
0
 

Author Comment

by:ssiadmin
Comment Utility
Alright that is fine...not using the loopback address.
0
 

Author Comment

by:ssiadmin
Comment Utility
Here is the dcdiag....


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine EDMSERVER01, is a Directory Server.
   Home Server = EDMSERVER01
   * Connecting to directory service on server EDMSERVER01.
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMRSSERVER01,CN=Servers,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMGSSERVER01,CN=Servers,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALSOSERVER01,CN=Servers,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALRSSERVER01,CN=Servers,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMTCSERVER01,CN=Servers,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identifying all NC cross-refs.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 492ec86d-7284-4b41-aa04-2462acdf0c3c._msdcs.ats.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         ......................... EDMSERVER01 failed test Connectivity

Doing primary tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Skipping all tests, because server EDMSERVER01 is not responding to
      directory service requests.
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
   
      Test omitted by user request: DNS
      Test omitted by user request: DNS
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : ats
      Starting test: CheckSDRefDom
         ......................... ats passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ats passed test CrossRefValidation
   
   Running enterprise tests on : ats.local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... ats.local failed test LocatorCheck
      Starting test: Intersite
         Skipping site ATS-EDM-HeadOffice, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-GuideSign, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-Trafco, this site is outside the scope provided
         by the command line arguments provided.
         Skipping site ATS-CAL-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-CAL-SalesOffice, this site is outside the scope
         provided by the command line arguments provided.
         ......................... ats.local passed test Intersite


Here is dcdiag /fix


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine EDMSERVER01, is a Directory Server.
   Home Server = EDMSERVER01
   * Connecting to directory service on server EDMSERVER01.
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMRSSERVER01,CN=Servers,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMGSSERVER01,CN=Servers,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALSOSERVER01,CN=Servers,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALRSSERVER01,CN=Servers,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMTCSERVER01,CN=Servers,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identifying all NC cross-refs.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 492ec86d-7284-4b41-aa04-2462acdf0c3c._msdcs.ats.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         ......................... EDMSERVER01 failed test Connectivity

Doing primary tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Skipping all tests, because server EDMSERVER01 is not responding to
      directory service requests.
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
   
      Test omitted by user request: DNS
      Test omitted by user request: DNS
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : ats
      Starting test: CheckSDRefDom
         ......................... ats passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ats passed test CrossRefValidation
   
   Running enterprise tests on : ats.local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
         1355
         A Good Time Server could not be located.
         Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
         A KDC could not be located - All the KDCs are down.
         ......................... ats.local failed test LocatorCheck
      Starting test: Intersite
         Skipping site ATS-EDM-HeadOffice, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-GuideSign, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-Trafco, this site is outside the scope provided
         by the command line arguments provided.
         Skipping site ATS-CAL-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-CAL-SalesOffice, this site is outside the scope
         provided by the command line arguments provided.
         ......................... ats.local passed test Intersite


dcdiag /test:dns


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine EDMSERVER01, is a Directory Server.
   Home Server = EDMSERVER01
   * Connecting to directory service on server EDMSERVER01.
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMRSSERVER01,CN=Servers,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMGSSERVER01,CN=Servers,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALSOSERVER01,CN=Servers,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALRSSERVER01,CN=Servers,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMTCSERVER01,CN=Servers,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   The directory service on EDMSERVER01 has not finished initializing.
    In order for the directory service to consider itself synchronized, it must
   attempt an initial synchronization with at least one replica of this
   server's writeable domain.  It must also obtain Rid information from the Rid
   FSMO holder.
    The directory service has not signalled the event which lets other services
   know that it is ready to accept requests. Services such as the Key
   Distribution Center, Intersite Messaging Service, and NetLogon will not
   consider this system as an eligible domain controller.
   * Identifying all NC cross-refs.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 492ec86d-7284-4b41-aa04-2462acdf0c3c._msdcs.ats.local could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         ......................... EDMSERVER01 failed test Connectivity

Doing primary tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas
   
      Starting test: DNS
         
         DNS Tests are running and not hung. Please wait a few minutes...
         See DNS test in enterprise tests section for results
         ......................... EDMSERVER01 failed test DNS
   
   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   
   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   
   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   
   Running partition tests on : ats
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation
   
   Running enterprise tests on : ats.local
      Starting test: DNS
         Test results for domain controllers:
           
            DC: EDMSERVER01.ats.local
            Domain: ats.local
           
                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  Error: No LDAP connectivity
                  Microsoft© Windows Server© 2008 Enterprise  (Service Pack level: 1.0)
                   is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:0C:29:B6:4F:B2
                     IP Address is static
                     IP address: 10.25.30.10
                     DNS servers:
                        Warning:
                        10.25.30.10 (EDMSERVER01) [Invalid (unreachable)]
                        Warning: adapter
                        [00000006] Intel(R) PRO/1000 MT Network Connection has
                        invalid DNS server: 10.25.30.10 (EDMSERVER01)
                  Error: all DNS servers are invalid
                  No host records (A or AAAA) were found for this DC
                  The SOA record for the Active Directory zone was not found
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
                  [Error details: 1722 (Type: Win32 - Description: The RPC server is unavailable.)]
         
         Summary of test results for DNS servers used by the above domain
         controllers:
         
            DNS server: 10.25.30.10 (EDMSERVER01)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 10.25.30.10               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               Name resolution is not functional. _ldap._tcp.ats.local. failed on the DNS server 10.25.30.10
               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: ats.local
               EDMSERVER01                  PASS FAIL n/a  n/a  n/a  n/a  n/a  
         
         ......................... ats.local failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite

0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Well it seems that DNS isn't correct which is causing the issues. You removed IPv6. Can you post ipconfig /all for this server. Can you do a screen shot of DNS then post?
0
 

Author Comment

by:ssiadmin
Comment Utility
You want it in the broken state or the way it currently is running?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Do it in current state.
0
 

Author Comment

by:ssiadmin
Comment Utility
Here it is

Windows IP Configuration

   Host Name . . . . . . . . . . . . : EDMSERVER01
   Primary Dns Suffix  . . . . . . . : ats.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ats.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-B6-4F-B2
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.25.30.10(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.25.30.1
   DNS Servers . . . . . . . . . . . : 10.25.30.10
                                       10.25.31.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{49F67131-E44F-4783-8545-DB2CABD1
ECE}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
0
 

Author Comment

by:ssiadmin
Comment Utility
DNS - Screenshot
0
 

Author Comment

by:ssiadmin
Comment Utility
DNS - Screenshot
Doesn't look like the first one came through....

DNS.bmp
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
I do is one issue. Your msdcs folder isn't listed under the ats.local zone. Also, this doesn't make a difference that I have ever experienced but I remember once a while someone talking about a weird issue when the A record was lower case and other A records were upper case this one server kept failing DNS resolution.
0
 

Author Comment

by:ssiadmin
Comment Utility
Here is the ats.local site expanded it does infact have the _msdcs folder. Hmm I will change to uppercase.....
DNS-2.bmp
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Yes, it's under there but it is greyed out. I think that is the problem.
0
 

Author Comment

by:ssiadmin
Comment Utility
Yes it appears so. Any ideas on a fix? i am missing everything from there....
DNS-3.bmp
0
 

Author Comment

by:ssiadmin
Comment Utility
Everythign is listed under the _msdcs.ats.local folder.
DNS-4.bmp
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Can you drag the folder back under the at.local  zone?
0
 

Author Comment

by:ssiadmin
Comment Utility
No there is no ability to drag and drop. However I have checked multiple 2008 Domains and they all seem to have the same greyed out msdcs folder under the domain with a NS record for the main DC.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
You have created a delegation of _mcdcs in ats.local zone and created a new zone _mcdcs.ats.local
To get rid of it, delete both the extra _mcdcs.ats.local zone and the delegation under ats.local and run netdiag/fix on the DC to let it re-create _mcdcs and its subdata as sub-domain in ats.local zone.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Typo, I ment _msdcs
0
 

Author Comment

by:ssiadmin
Comment Utility
Not supported in Windows 2008 enviroments. Also it won't run....
http://social.technet.microsoft.com/forums/en-US/winserverPN/thread/6d1f31c8-4af6-4d9f-aeab-98ea2f612657/
I ran dcdiag /fix instead and this created the folder once again under ats.local Doesn't look like everything is there yet though....I'l give it some time....
0
 

Author Comment

by:ssiadmin
Comment Utility
So rebooted the server with DNS to itself. Same issue still persists.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Do a dcdiag then post.
0
 

Author Comment

by:ssiadmin
Comment Utility


Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine EDMSERVER01, is a Directory Server.
   Home Server = EDMSERVER01
   * Connecting to directory service on server EDMSERVER01.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ats,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMRSSERVER01,CN=Servers,CN=ATS-EDM-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMGSSERVER01,CN=Servers,CN=ATS-EDM-GuideSign,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALSOSERVER01,CN=Servers,CN=ATS-CAL-SalesOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CALRSSERVER01,CN=Servers,CN=ATS-CAL-RentalShop,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=EDMTCSERVER01,CN=Servers,CN=ATS-EDM-Trafco,CN=Sites,CN=Configuration,DC=ats,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 6 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         Determining IP6 connectivity
         * Active Directory RPC Services Check
         ......................... EDMSERVER01 passed test Connectivity
 
Doing primary tests
   
   Testing server: ATS-EDM-HeadOffice\EDMSERVER01
      Starting test: Advertising
         The DC EDMSERVER01 is advertising itself as a DC and having a DS.
         The DC EDMSERVER01 is advertising as an LDAP server
         The DC EDMSERVER01 is advertising as having a writeable directory
         The DC EDMSERVER01 is advertising as a Key Distribution Center
         The DC EDMSERVER01 is advertising as a time server
         The DS EDMSERVER01 is advertising as a GC.
         ......................... EDMSERVER01 passed test Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Starting test: FrsEvent
         * The File Replication Service Event log test
         Skip the test because the event log File Replication Service does not exist.
         ......................... EDMSERVER01 passed test FrsEvent
      Starting test: DFSREvent
         The DFS Replication Event Log.
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         An Warning Event occurred.  EventID: 0x80001396
            Time Generated: 11/03/2008   09:44:45
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Warning Event occurred.  EventID: 0x80001396
            Time Generated: 11/03/2008   19:00:45
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Warning Event occurred.  EventID: 0x80001396
            Time Generated: 11/03/2008   19:00:47
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   19:14:31
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   19:19:31
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   19:34:32
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   20:34:59
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Warning Event occurred.  EventID: 0x800008A4
            Time Generated: 11/03/2008   21:30:29
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   21:37:39
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   21:42:39
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
         ......................... EDMSERVER01 failed test DFSREvent
      Starting test: SysVolCheck
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... EDMSERVER01 passed test SysVolCheck
      Starting test: KccEvent
         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... EDMSERVER01 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         ......................... EDMSERVER01 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         Checking machine account for DC EDMSERVER01 on DC EDMSERVER01.
         * SPN found :LDAP/EDMSERVER01.ats.local/ats.local
         * SPN found :LDAP/EDMSERVER01.ats.local
         * SPN found :LDAP/EDMSERVER01
         * SPN found :LDAP/EDMSERVER01.ats.local/ATS
         * SPN found :LDAP/492ec86d-7284-4b41-aa04-2462acdf0c3c._msdcs.ats.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/492ec86d-7284-4b41-aa04-2462acdf0c3c/ats.local
         * SPN found :HOST/EDMSERVER01.ats.local/ats.local
         * SPN found :HOST/EDMSERVER01.ats.local
         * SPN found :HOST/EDMSERVER01
         * SPN found :HOST/EDMSERVER01.ats.local/ATS
         * SPN found :GC/EDMSERVER01.ats.local/ats.local
         ......................... EDMSERVER01 passed test MachineAccount
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC EDMSERVER01.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=ats,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=ats,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=ats,DC=local
            (Schema,Version 3)
         * Security Permissions Check for
           CN=Configuration,DC=ats,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for
           DC=ats,DC=local
            (Domain,Version 3)
         ......................... EDMSERVER01 passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\EDMSERVER01\netlogon
         Verified share \\EDMSERVER01\sysvol
         ......................... EDMSERVER01 passed test NetLogons
      Starting test: ObjectsReplicated
         EDMSERVER01 is in domain DC=ats,DC=local
         Checking for CN=EDMSERVER01,OU=Domain Controllers,DC=ats,DC=local in domain DC=ats,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local in domain CN=Configuration,DC=ats,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... EDMSERVER01 passed test ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
         ......................... EDMSERVER01 passed test Replications
      Starting test: RidManager
         * Available RID Pool for the Domain is 4101 to 1073741823
         * EDMSERVER01.ats.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1101 to 1600
         * rIDPreviousAllocationPool is 1101 to 1600
         * rIDNextRID: 1262
         ......................... EDMSERVER01 passed test RidManager
      Starting test: Services
         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: DFSR
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... EDMSERVER01 passed test Services
      Starting test: SystemLog
         * The System Event log test
         An Warning Event occurred.  EventID: 0x8000001D
            Time Generated: 11/04/2008   07:45:34
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:12
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:13
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:18
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:19
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:20
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:21
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:24
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:25
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x00000457
            Time Generated: 11/04/2008   07:55:26
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... EDMSERVER01 failed test SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Starting test: VerifyReferences
         The system object reference (serverReference)
         CN=EDMSERVER01,OU=Domain Controllers,DC=ats,DC=local and backlink on
         CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         are correct.
         The system object reference (serverReferenceBL)
         CN=EDMSERVER01,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=ats,DC=local
         and backlink on
         CN=NTDS Settings,CN=EDMSERVER01,CN=Servers,CN=ATS-EDM-HeadOffice,CN=Sites,CN=Configuration,DC=ats,DC=local
         are correct.
         ......................... EDMSERVER01 passed test VerifyReferences
      Test omitted by user request: VerifyReplicas
   
      Test omitted by user request: DNS
      Test omitted by user request: DNS
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : ats
      Starting test: CheckSDRefDom
         ......................... ats passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ats passed test CrossRefValidation
   
   Running enterprise tests on : ats.local
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         PDC Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         Time Server Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         Preferred Time Server Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         KDC Name: \\EDMSERVER01.ats.local
         Locator Flags: 0xe00013fd
         ......................... ats.local passed test LocatorCheck
      Starting test: Intersite
         Skipping site ATS-EDM-HeadOffice, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-GuideSign, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-EDM-Trafco, this site is outside the scope provided
         by the command line arguments provided.
         Skipping site ATS-CAL-RentalShop, this site is outside the scope
         provided by the command line arguments provided.
         Skipping site ATS-CAL-SalesOffice, this site is outside the scope
         provided by the command line arguments provided.
         ......................... ats.local passed test Intersite
 
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Was  this a test with it only pointing to itself?
0
 

Author Comment

by:ssiadmin
Comment Utility
No this is working....I'll have to do it outside business hours....
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Can you post the current eventlog messages that dcdiag complains about including eventids?
0
 

Author Comment

by:ssiadmin
Comment Utility
The only error messages from the time period it is requesting is Terminal Services Printer errors. I.E. Drivers.....

Driver HP Color LaserJet CM4730 MFP PCL 6 required for printer !!edmdc01!HP_CM4730_EDM_DEMO is unknown. Contact the administrator to install the driver before you log in again.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
You have as posted above errors/warnings in DS/FRS logs, which should be investigated.
Sample:

      An Error Event occurred.  EventID: 0xC00004B2
            Time Generated: 11/03/2008   19:14:31
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
           (Event String (event log = DFS Replication) could not be retrieved,
            error 0x3afc)
0
 

Author Comment

by:ssiadmin
Comment Utility
There is only a couple errors reported from last night this is when i would have changed DNS to itself and rebooted. This is when the server is in its criippled state. No errors on that eventlog category today.  See screenshot below....
DFS.bmp
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Couple of thing is your DFS service running? Frs service started?
0
 

Author Comment

by:ssiadmin
Comment Utility
Currently it is yes. I will have to double check when it is crippled.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
So, Now you see the correct folders listed under DNS, right? Can you compare with other DNS servers?
0
 

Author Comment

by:ssiadmin
Comment Utility
It is properly replicated to all other DCs in the forest. Everything appears normal in DNS.
0
 
LVL 31

Accepted Solution

by:
Henrik Johansson earned 250 total points
Comment Utility
If DNS is replicating as expected and have been cleaned up from having extra _msdcs zone, everything works normal except of when rebooting DC at the time you're trying to only have itself as DNS without secondary DNS configured?

As you're having AD-integrated DNS-zones, you nead to have multiple DNS servers configured on each DC for redundancy when rebooting DC/DNS. Otherwise, you'll get the scenario that AD relys on DNS and DNS at the same time relys on AD with the result that reboot takes unnecessary long time when services starts in incorrect order.
The logging in the screenshot is that DFSR service starts before AD/DNS is available on local server and server isn't aware of any DNS/DC exist in the domain when not having a second DNS to query.
0
 

Author Comment

by:ssiadmin
Comment Utility
Yes this is true, only rebooting the main DC this error occurs. I will try to put DFSR as a delayed startup and see if that solves the issue.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
That very true AD and DNS rely on each other and if one isn't started then they throw off errors. If you have the DC pointing to itself for resolution only do you get errors still after the server has been sitting there for a while?
0
 

Author Comment

by:ssiadmin
Comment Utility
Nothing will start at all. Completely cripple unless a secondary DNS is enabled.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Are the netlogon and DNS services started after you reboot?
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
If secondary DNS on each DC = no problem
No secondary DNS on DC gives problem with "catch 22"-behavior when services depends on eachover to start normal.

So why are you trying to remove the redundancy and give yourself unnecessary problems?
0
 

Author Comment

by:ssiadmin
Comment Utility
Well it comes down to that it should work with one DNS server. Having the forest root not able to come up under itself as a DNS server properly is quite worrysome. As well as I don't want this to create a larger issue down the road. Granted there are five other site for redundancy, it still creates a significant amount of risk in my eyes to the overall function of the domain. Especially on the main DC of the forest.
I will delay startup of the DFSR service tonight and see if this resolves the issue.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
As AD-integrated DNS-zones rely on AD and AD the same time rely on DNS, you only give yourself unnecessary problems when trying to configure it this way.

If you don't want to rely on DC/DNS in other site/domain, you nead to have an extra DC/DNS in main/root site/domain and configure the DC to use that DC/DNS as secondary DNS.
0
 

Author Comment

by:ssiadmin
Comment Utility
Does not work with delayed start up of the DFSR service. Yes both DNS and Netlogon startup. It may be time for a MS call I think.
0
 

Author Comment

by:ssiadmin
Comment Utility
UPDATE:
So after 20-30 hours with Microsoft thi is still not solved. It appears the workaround for this issue is to have the secondary DNS address listed.
0
 
LVL 31

Expert Comment

by:Henrik Johansson
Comment Utility
Author's last comment requested to be accepted as solution is what I've tried to say a couple of times, so why isn't any of my posts accepted?

Having secondary DNS server configured on each DC is correct configuration when having AD-integrated DNS-zones.
As author doesn't want to rely on WAN-link to other DC/DNS, I've also suggested that another DC/DNS is configured in the main site.

Suggest accept http:#22879815
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 250 total points
Comment Utility
@henjoh09

You should be able to have one DNS server listed in the TCP\IP properties of a DC and the DC should boot you might get a couple of errors on DC until it fully comes up. The server is the FSMO rolder shouldn't have to rely on secondary DNS server to boot. On a properly working DC with DNS you should be able to just use the IP of the DC for DNS.

Darius
0
 

Author Comment

by:ssiadmin
Comment Utility
That is a workaround that I had before. Not a solution, darisg is right as it should function on it own.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
@ssiadmin

You can delay the Netlogon service from running before the DNS service is started. See if this helps.

http://www.eventid.net/display.asp?eventid=3096&eventno=145&source=NETLOGON&phase=1

http://support.microsoft.com/?id=193888
0
 

Author Comment

by:ssiadmin
Comment Utility
I already tried that as well.
0
 
LVL 1

Expert Comment

by:thirdorderharmonic
Comment Utility
I have the same issue.  It's very frustrating.  Before I added a second DC, the first one booted fine without a second DNS server entry.... Now that I've added a second DC the first one can't boot on its own.  It hangs indefinately at 'Applying computer settings' with the same errors as above in the logs.

DNS was dependant on AD, and AD was dependant on the DNS before i added a second DC and it worked fine before....   How can a second DNS server be the only solution when some people only run one DC?

0
 

Expert Comment

by:ComputerGuy17
Comment Utility
Does anyone have a solution to this?  It happens to my server too, I want to decommission my old server but can't until I figure out how to make DNS load by itself first.
0

Featured Post

Are end users causing IT problems again?

You’ve taken the time to design and update all your end user’s email signatures, only to find out they’re messing up the HTML, changing the font and ruining the imagery. What can you do to prevent this? Find out how you can save your signatures from end users today.

Join & Write a Comment

One of the most often confused topics in the area DNS is the idea of GLUE records. Specifically, what they are, when they are needed, when they are provided, and how they are created. First, WHAT IS GLUE? To understand GLUE, you must first under…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now