Sp0cky
asked on
Windows CANNOT find a domain controller for the domain? verify that a DC is available..
w2k3 AD trust between 2 domains and no firewall in between. I can ping dc's by fully qualified and netbios name from both sides. Any ideas as to why this is occuring? I a mgetting stuck..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok... 7 minutes difference..dumb question, how do you set the time synch? I would like to try this!
Configuring the Windows Time service to use an external time source
To configure an internal time server to synchronize with an external time source, follow these steps:
1. Change the server type to NTP. To do this, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
3. In the right pane, right-click Type, and then click Modify.
4. In Edit Value, type NTP in the Value data box, and then click OK.
2. Set AnnounceFlags to 5. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click AnnounceFlags, and then click Modify.
3. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
3. Enable NTPServer. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click Enabled, and then click Modify.
3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
4. Specify the time sources. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click NtpServer, and then click Modify.
3. In Edit Value, type pool.ntp.org in the Value data box, and then click OK.
Note 'ppol.ntp.org' is an example. This should be a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
5. Select the poll interval. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click SpecialPollInterval, and then click Modify.
3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
6. Configure the time correction settings. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
3. In Edit DWORD Value, click to select Decimal in the Base box.
4. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\
6. In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
7. In Edit DWORD Value, click to select Decimal in the Base box.
8. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
7. Quit Registry Editor.
8. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time
http://support.microsoft.com/kb/816042
To configure an internal time server to synchronize with an external time source, follow these steps:
1. Change the server type to NTP. To do this, follow these steps:
1. Click Start, click Run, type regedit, and then click OK.
2. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
3. In the right pane, right-click Type, and then click Modify.
4. In Edit Value, type NTP in the Value data box, and then click OK.
2. Set AnnounceFlags to 5. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click AnnounceFlags, and then click Modify.
3. In Edit DWORD Value, type 5 in the Value data box, and then click OK.
3. Enable NTPServer. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click Enabled, and then click Modify.
3. In Edit DWORD Value, type 1 in the Value data box, and then click OK.
4. Specify the time sources. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click NtpServer, and then click Modify.
3. In Edit Value, type pool.ntp.org in the Value data box, and then click OK.
Note 'ppol.ntp.org' is an example. This should be a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect.
5. Select the poll interval. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click SpecialPollInterval, and then click Modify.
3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes.
6. Configure the time correction settings. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click MaxPosPhaseCorrection, and then click Modify.
3. In Edit DWORD Value, click to select Decimal in the Base box.
4. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
5. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\
6. In the right pane, right-click MaxNegPhaseCorrection, and then click Modify.
7. In Edit DWORD Value, click to select Decimal in the Base box.
8. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for a reasonable value, such as 1 hour (3600) or 30 minutes (1800). The value that you select will depend upon the poll interval, network condition, and external time source.
7. Quit Registry Editor.
8. At the command prompt, type the following command to restart the Windows Time service, and then press ENTER:
net stop w32time && net start w32time
http://support.microsoft.com/kb/816042
edit: ppol.ntp.org should be pool.ntp.org
This is just an example, but it's the time service I use - there are many out there.
This is just an example, but it's the time service I use - there are many out there.
And the clocks on the client machines will have no impact as they're not involved in configuring the trust, so you can safely ignore their configuration at the moment.
It'll be worth it in the future though to follow the full document through and set both 2003 servers as authoritative time sources, then configure the DHCP server at each site to distribute the FQND of the servers to their respective clients as the NTP Time Server.
It'll be worth it in the future though to follow the full document through and set both 2003 servers as authoritative time sources, then configure the DHCP server at each site to distribute the FQND of the servers to their respective clients as the NTP Time Server.
Can you actually create & validate the trust in AD Domains & trust. If you can then u can use Netdom command instead to verify the trust between the two domains. I believe the systax is like this:
netdom trust /d:firstdomain 2ndomain /verify /twoway
netdom trust /d:firstdomain 2ndomain /verify /twoway
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ok. I thought it was easier to do do the time thing! WOW! Editing the registry is always scary .
ASKER
I am doing this on the main dc but there it will not allow me to type "TimeinSeconds" below..
"# Select the poll interval. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click SpecialPollInterval, and then click Modify.
3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes."
"# Select the poll interval. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click SpecialPollInterval, and then click Modify.
3. In Edit DWORD Value, type TimeInSeconds in the Value data box, and then click OK.
Note TimeInSeconds is a placeholder for the number of seconds that you want between each poll. A recommended value is 900 Decimal. This value configures the Time Server to poll every 15 minutes."
You don't. You time in how many seconds you want - not the word TimeinSeconds.
That's what the Note is telling you - TimeInSeconds is a placeholder for the number of seconds that you want...
That's what the Note is telling you - TimeInSeconds is a placeholder for the number of seconds that you want...
ASKER
Oh duh, lol. Ok, what about this one? Sorry I am a little confused:
"specify the time sources. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click NtpServer, and then click Modify.
3. In Edit Value, type Peers in the Value data box, and then click OK.
Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect."
I typed "peers" just like it says..
"specify the time sources. To do this, follow these steps:
1. Locate and then click the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\
2. In the right pane, right-click NtpServer, and then click Modify.
3. In Edit Value, type Peers in the Value data box, and then click OK.
Note Peers is a placeholder for a space-delimited list of peers from which your computer obtains time stamps. Each DNS name that is listed must be unique. You must append ,0x1 to the end of each DNS name. If you do not append ,0x1 to the end of each DNS name, the changes made in step 5 will not take effect."
I typed "peers" just like it says..
ASKER
I mean..what peers? I am on a DC. Do I have to change this every time I add a computer to this environment? Thanks.
ASKER
Ah.. it wants time.windows.com, 0x1 right?
ASKER
Uh O - new error..
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/8/2009
Time: 3:14:02 PM
User: N/A
Computer: DC1
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: No such service is known. The service cannot be found in the specified name space. (0x8007277C)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: W32Time
Event Category: None
Event ID: 17
Date: 1/8/2009
Time: 3:14:02 PM
User: N/A
Computer: DC1
Description:
Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer '0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: No such service is known. The service cannot be found in the specified name space. (0x8007277C)
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
No, it just wants time.windows.com,0x1
Or...
pool.ntp.org,0x1 time.windows.com,0x1
It's space delimited, so just remove the space between the comma and the 0x1
Or...
pool.ntp.org,0x1 time.windows.com,0x1
It's space delimited, so just remove the space between the comma and the 0x1
ASKER
Thanks for finding that. It appears to have worked. I guess if it was still screwed up I would see event errors.
Dam but I am still getting problems on the trust:
"The secure channel (SC) reset on domain controller \\abcdc.abc.com of domain abc.com to domain xyz.net failed with error: There are currently no logon servers available to service the logon request."
Dam but I am still getting problems on the trust:
"The secure channel (SC) reset on domain controller \\abcdc.abc.com of domain abc.com to domain xyz.net failed with error: There are currently no logon servers available to service the logon request."
Run netdiag /fix on both servers.
It's installed with the resource kit.
It's installed with the resource kit.
ASKER
Still says "no logon servers exist" when trying to validate the trust.
ASKER
"secure channel reset" failed with errors although the trusts validated - sorry. The when I go to change the trust pword it fails with no logon servers.
can you run netdiag and post the output here?
Run these from cmd on a domain controller:
netdom trust domainA /domain:domainB /verify
Is the trust up?
Reset the password on the trust account:
netdom trust local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay
where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
Try to validate the trust from AD domains & trusts.
SG
netdom trust domainA /domain:domainB /verify
Is the trust up?
Reset the password on the trust account:
netdom trust local_domain /Domain:remote_domain /UserD:administrator /PasswordD:* /UserO:administrator /PasswordO:* /Reset /TwoWay
where "local_domain" is the domain on which the trust is being created and "remote_domain" is the parent, child,
or tree root domain being trusted. In either case, the fully qualified domain name (FQDN) should be used.
Try to validate the trust from AD domains & trusts.
SG
ASKER
Here is netdiag on ABC
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\__admin>netdiag
....................................
Computer Name: __DC1
DNS Host Name: __dc1.__abc.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911567
KB911897
KB911927
KB912812
KB912919
KB913446
KB914388
KB914389
KB917344
KB917422
KB917537
KB917734
KB917953
KB918439
KB920213
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB925398_WMP64
KB925454
KB929969
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : __dc1
IP Address . . . . . . . . : 192.168.7.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.7.3
Dns Servers. . . . . . . . : 192.168.7.4
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{82B6769E-22DD-4949-99B1-680517AB6BC8}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.7.4'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{82B6769E-22DD-4949-99B1-680517AB6BC8}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{82B6769E-22DD-4949-99B1-680517AB6BC8}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\__admin>
ASKER
Here is XYZ net diag (other DC)
Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.
C:\Documents and Settings\Administrator.dc1.000>netdiag
....................................
Computer Name: dc1
DNS Host Name: dc1.__xyz.com
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896422
KB896424
KB896428
KB898715
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB905915
KB908519
KB908531
KB910437
KB911280
KB911562
KB911567
KB911897
KB911927
KB912812
KB912919
KB913446
KB914388
KB914389
KB917344
KB917422
KB917734
KB917953
KB918439
KB920213
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB925398_WMP64
KB925454
KB929969
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection 2
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : dc1
IP Address . . . . . . . . : 192.168.4.4
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.4.3
Dns Servers. . . . . . . . : 192.168.4.4
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{DF981F2C-9F1A-4656-AED2-1E3474A2268A}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.4.4'
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{DF981F2C-9F1A-4656-AED2-1E3474A2268A}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{DF981F2C-9F1A-4656-AED2-1E3474A2268A}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\Administrator.dc1.000>
ASKER
snus -
"secure channel reset" failed with errors although the trusts validated - sorry. The when I go to change the trust pword it fails with no logon servers."
"secure channel reset" failed with errors although the trusts validated - sorry. The when I go to change the trust pword it fails with no logon servers."
run this and post: dcdiag /v /e /c
SG
SG
ASKER
Looks like a dc is tombstoned on XYZ domain but I dont see how that would effect the trusts...I will blow it away and promote another machine. The dos prompt is not large enough to catch all the info..can I pipe it out to a text file? I forget how.
[Replications Check,XYZDC2] A recent replication attempt failed:
From XYZDC to XYZDC2
Naming Context: DC=XYZ__,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2009-01-12 09:30:47.
The last success occurred at 2008-05-26 15:08:41.
246 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source XYZDC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
XYZDC2: Current time is 2009-01-12 09:30:47.
CN=Schema,CN=Configuration,DC=XYZ__,DC=com
Last replication recieved from XYZDC at 2008-05-26 14:55:34.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
CN=Configuration,DC=XYZ__,DC=com
Last replication recieved from XYZDC at 2008-05-26 14:55:34.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
DC=XYZ__,DC=com
Last replication recieved from XYZDC at 2008-05-26 15:08:41.
WARNING: This latency is over the Tombstone Lifetime of 180 days
!
* Replication Site Latency Check
......................... XYZDC2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=s
ql__,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=XYZ__,
DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=XYZ__,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... XYZDC2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=XYZ__,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,
DC=XYZ__,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=XYZ__,DC=
com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... XYZDC2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC XYZDC2.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=XYZ__,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=XYZ__,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=XYZ__,DC=com
(Domain,Version 2)
......................... XYZDC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\XYZDC2\netlogon
Verified share \\XYZDC2\sysvol
......................... XYZDC2 passed test NetLogons
Starting test: Advertising
The DC XYZDC2 is advertising itself as a DC and having a DS.
The DC XYZDC2 is advertising as an LDAP server
The DC XYZDC2 is advertising as having a writeable directory
The DC XYZDC2 is advertising as a Key Distribution Center
The DC XYZDC2 is advertising as a time server
The DS XYZDC2 is advertising as a GC.
......................... XYZDC2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=XYZDC,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com
Role Domain Owner = CN=NTDS Settings,CN=XYZDC,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com
Role PDC Owner = CN=NTDS Settings,CN=XYZDC,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com
Role Rid Owner = CN=NTDS Settings,CN=XYZDC,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=XYZDC,CN=Servers
,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com
......................... XYZDC2 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* XYZdc.XYZ__.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1600 to 2099
* rIDPreviousAllocationPool is 1600 to 2099
* rIDNextRID: 1605
......................... XYZDC2 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC XYZDC2 on DC XYZDC2.
* SPN found :LDAP/XYZdc2.XYZ__.com/XYZ__.com
* SPN found :LDAP/XYZdc2.XYZ__.com
* SPN found :LDAP/XYZDC2
* SPN found :LDAP/XYZdc2.XYZ__.com/XYZ__
* SPN found :LDAP/0f808251-be56-4938-8a70-67953a1510ae._msdcs.XYZcluste
r.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/0f808251-be56-4938-8a
70-67953a1510ae/XYZ__.com
* SPN found :HOST/XYZdc2.XYZ__.com/XYZ__.com
* SPN found :HOST/XYZdc2.XYZ__.com
* SPN found :HOST/XYZDC2
* SPN found :HOST/XYZdc2.XYZ__.com/XYZ__
* SPN found :GC/XYZdc2.XYZ__.com/XYZ__.com
......................... XYZDC2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... XYZDC2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... XYZDC2 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
XYZDC2 is in domain DC=XYZ__,DC=com
Checking for CN=XYZDC2,OU=Domain Controllers,DC=XYZ__,DC=com in do
main DC=XYZ__,DC=com on 2 servers
Authoritative attribute dBCSPwd on XYZDC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute dBCSPwd on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute lmPwdHistory on XYZDC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute lmPwdHistory on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute ntPwdHistory on XYZDC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute ntPwdHistory on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute pwdLastSet on XYZDC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute pwdLastSet on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute supplementalCredentials on XYZDC (writeable)
usnLocalChange = 554252
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554252
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 24
Out-of-date attribute supplementalCredentials on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473741
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 23
Authoritative attribute unicodePwd on XYZDC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = XYZDC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute unicodePwd on XYZDC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = XYZDC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Checking for CN=NTDS Settings,CN=XYZDC2,CN=Servers,CN=Default-First-Sit
e-Name,CN=Sites,CN=Configuration,DC=XYZ__,DC=com in domain CN=Configuration
,DC=XYZ__,DC=com on 2 servers
Object is up-to-date on all servers.
......................... XYZDC2 failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... XYZDC2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/11/2009 19:40:54
(Event String could not be retrieved)
......................... XYZDC2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... XYZDC2 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 08:58:36
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/XYZdc.XYZ__.com. The target name used
was . This indicates that the password used to
encrypt the kerberos service ticket is different
than that on the target server. Commonly, this is
due to identically named machine accounts in the
target realm (XYZ__.COM), and the client
realm. Please contact your system
administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 09:00:20
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/XYZdc.XYZ__.com. The target name used
was XYZ__\XYZDC$. This indicates that the
password used to encrypt the kerberos service
ticket is different than that on the target
server. Commonly, this is due to identically
named machine accounts in the target realm
(XYZ__.COM), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 09:20:00
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/XYZdc.XYZ__.com. The target name used
was ldap/XYZdc.XYZ__.com. This indicates
that the password used to encrypt the kerberos
service ticket is different than that on the
target server. Commonly, this is due to
identically named machine accounts in the target
realm (XYZ__.COM), and the client realm.
Please contact your system administrator.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:16
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:16
(Event String could not be retrieved)
......................... XYZDC2 failed test systemlog
Starting test: VerifyReplicas
C:\Documents and Settings\Administrator.__.000>
ASKER
Ok..I got it to work. Here is the total output of XYZ
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine _dc, is a DC.
* Connecting to directory service on server _dc.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\_DC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... _DC passed test Connectivity
Testing server: Default-First-Site-Name\_DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... _DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\_DC
Starting test: Replications
* Replications Check
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source _DC2
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
* Replication Site Latency Check
......................... _DC passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... _DC passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... _DC passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC _DC.
* Security Permissions Check for
DC=ForestDnsZones,DC=_XYZ,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=_XYZ,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=_XYZ,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=_XYZ,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=_XYZ,DC=com
(Domain,Version 2)
......................... _DC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\_DC\netlogon
Verified share \\_DC\sysvol
......................... _DC passed test NetLogons
Starting test: Advertising
The DC _DC is advertising itself as a DC and having a DS.
The DC _DC is advertising as an LDAP server
The DC _DC is advertising as having a writeable directory
The DC _DC is advertising as a Key Distribution Center
The DC _DC is advertising as a time server
The DS _DC is advertising as a GC.
......................... _DC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Domain Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role PDC Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Rid Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
......................... _DC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* _dc._XYZ.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1130
......................... _DC passed test RidManager
Starting test: MachineAccount
Checking machine account for DC _DC on DC _DC.
* SPN found :LDAP/_dc._XYZ.com/_XYZ.com
* SPN found :LDAP/_dc._XYZ.com
* SPN found :LDAP/_DC
* SPN found :LDAP/_dc._XYZ.com/_XYZ
* SPN found :LDAP/edd8b8b2-ee9e-4cfd-b3d8-14052c99874c._msdcs._XYZ.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/edd8b8b2-ee9e-4cfd-b3d8-14052c99874c/_XYZ.com
* SPN found :HOST/_dc._XYZ.com/_XYZ.com
* SPN found :HOST/_dc._XYZ.com
* SPN found :HOST/_DC
* SPN found :HOST/_dc._XYZ.com/_XYZ
* SPN found :GC/_dc._XYZ.com/_XYZ.com
......................... _DC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... _DC passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... _DC passed test OutboundSecureChannels
Starting test: ObjectsReplicated
_DC is in domain DC=_XYZ,DC=com
Checking for CN=_DC,OU=Domain Controllers,DC=_XYZ,DC=com in domain DC=_XYZ,DC=com on 2 servers
Authoritative attribute dBCSPwd on _DC (writeable)
usnLocalChange = 556736
LastOriginatingDsa = _DC
usnOriginatingChange = 556736
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 36
Out-of-date attribute dBCSPwd on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471045
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 28
Authoritative attribute lmPwdHistory on _DC (writeable)
usnLocalChange = 556736
LastOriginatingDsa = _DC
usnOriginatingChange = 556736
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 36
Out-of-date attribute lmPwdHistory on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471045
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 28
Authoritative attribute ntPwdHistory on _DC (writeable)
usnLocalChange = 556736
LastOriginatingDsa = _DC
usnOriginatingChange = 556736
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 36
Out-of-date attribute ntPwdHistory on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471045
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 28
Authoritative attribute pwdLastSet on _DC (writeable)
usnLocalChange = 556736
LastOriginatingDsa = _DC
usnOriginatingChange = 556736
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 36
Out-of-date attribute pwdLastSet on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471045
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 28
Authoritative attribute supplementalCredentials on _DC (writeable)
usnLocalChange = 556737
LastOriginatingDsa = _DC
usnOriginatingChange = 556737
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 35
Out-of-date attribute supplementalCredentials on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471046
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 27
Authoritative attribute unicodePwd on _DC (writeable)
usnLocalChange = 556736
LastOriginatingDsa = _DC
usnOriginatingChange = 556736
timeLastOriginatingChange = 2009-01-10 22:51:45
VersionLastOriginatingChange = 36
Out-of-date attribute unicodePwd on _DC2 (writeable)
usnLocalChange = 512517
LastOriginatingDsa = _DC
usnOriginatingChange = 471045
timeLastOriginatingChange = 2008-05-11 03:06:08
VersionLastOriginatingChange = 28
Checking for CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com in domain CN=Configuration,DC=_XYZ,DC=com on 2 servers
Object is up-to-date on all servers.
......................... _DC failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... _DC passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/12/2009 07:47:39
(Event String could not be retrieved)
......................... _DC failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... _DC passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:28:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:02
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:04
(Event String could not be retrieved)
......................... _DC failed test systemlog
Starting test: VerifyReplicas
......................... _DC passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=_DC,OU=Domain Controllers,DC=_XYZ,DC=com and backlink on
CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=_DC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=_XYZ,DC=com
and backlink on CN=_DC,OU=Domain Controllers,DC=_XYZ,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=_DC,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=_XYZ,DC=com
and backlink on
CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
are correct.
......................... _DC passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... _DC passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC _DC for domain _XYZ.com in site Default-First-Site-Name
Checking machine account for DC _DC on DC _DC.
* SPN found :LDAP/_dc._XYZ.com/_XYZ.com
* SPN found :LDAP/_dc._XYZ.com
* SPN found :LDAP/_DC
* SPN found :LDAP/_dc._XYZ.com/_XYZ
* SPN found :LDAP/edd8b8b2-ee9e-4cfd-b3d8-14052c99874c._msdcs._XYZ.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/edd8b8b2-ee9e-4cfd-b3d8-14052c99874c/_XYZ.com
* SPN found :HOST/_dc._XYZ.com/_XYZ.com
* SPN found :HOST/_dc._XYZ.com
* SPN found :HOST/_DC
* SPN found :HOST/_dc._XYZ.com/_XYZ
* SPN found :GC/_dc._XYZ.com/_XYZ.com
[_DC] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... _DC passed test CheckSecurityError
Testing server: Default-First-Site-Name\_DC2
Starting test: Replications
* Replications Check
[Replications Check,_DC2] A recent replication attempt failed:
From _DC to _DC2
Naming Context: CN=Schema,CN=Configuration,DC=_XYZ,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2009-01-12 09:45:25.
The last success occurred at 2008-05-26 14:55:34.
254 failures have occurred since the last success.
[Replications Check,_DC2] A recent replication attempt failed:
From _DC to _DC2
Naming Context: CN=Configuration,DC=_XYZ,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2009-01-12 09:45:25.
The last success occurred at 2008-05-26 14:55:34.
254 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source _DC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,_DC2] A recent replication attempt failed:
From _DC to _DC2
Naming Context: DC=_XYZ,DC=com
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2009-01-12 09:45:25.
The last success occurred at 2008-05-26 15:08:41.
254 failures have occurred since the last success.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source _DC
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
_DC2: Current time is 2009-01-12 09:45:25.
CN=Schema,CN=Configuration,DC=_XYZ,DC=com
Last replication recieved from _DC at 2008-05-26 14:55:34.
WARNING: This latency is over the Tombstone Lifetime of 180 days!
CN=Configuration,DC=_XYZ,DC=com
Last replication recieved from _DC at 2008-05-26 14:55:34.
WARNING: This latency is over the Tombstone Lifetime of 180 days!
DC=_XYZ,DC=com
Last replication recieved from _DC at 2008-05-26 15:08:41.
WARNING: This latency is over the Tombstone Lifetime of 180 days!
* Replication Site Latency Check
......................... _DC2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... _DC2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=_XYZ,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... _DC2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC _DC2.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=_XYZ,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=_XYZ,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=_XYZ,DC=com
(Domain,Version 2)
......................... _DC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\_DC2\netlogon
Verified share \\_DC2\sysvol
......................... _DC2 passed test NetLogons
Starting test: Advertising
The DC _DC2 is advertising itself as a DC and having a DS.
The DC _DC2 is advertising as an LDAP server
The DC _DC2 is advertising as having a writeable directory
The DC _DC2 is advertising as a Key Distribution Center
The DC _DC2 is advertising as a time server
The DS _DC2 is advertising as a GC.
......................... _DC2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Domain Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role PDC Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Rid Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=_DC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com
......................... _DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* _dc._XYZ.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1600 to 2099
* rIDPreviousAllocationPool is 1600 to 2099
* rIDNextRID: 1605
......................... _DC2 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC _DC2 on DC _DC2.
* SPN found :LDAP/_dc2._XYZ.com/_XYZ.com
* SPN found :LDAP/_dc2._XYZ.com
* SPN found :LDAP/_DC2
* SPN found :LDAP/_dc2._XYZ.com/_XYZ
* SPN found :LDAP/0f808251-be56-4938-8a70-67953a1510ae._msdcs._XYZ.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/0f808251-be56-4938-8a70-67953a1510ae/_XYZ.com
* SPN found :HOST/_dc2._XYZ.com/_XYZ.com
* SPN found :HOST/_dc2._XYZ.com
* SPN found :HOST/_DC2
* SPN found :HOST/_dc2._XYZ.com/_XYZ
* SPN found :GC/_dc2._XYZ.com/_XYZ.com
......................... _DC2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... _DC2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... _DC2 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
_DC2 is in domain DC=_XYZ,DC=com
Checking for CN=_DC2,OU=Domain Controllers,DC=_XYZ,DC=com in domain DC=_XYZ,DC=com on 2 servers
Authoritative attribute dBCSPwd on _DC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = _DC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute dBCSPwd on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute lmPwdHistory on _DC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = _DC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute lmPwdHistory on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute ntPwdHistory on _DC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = _DC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute ntPwdHistory on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute pwdLastSet on _DC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = _DC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute pwdLastSet on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Authoritative attribute supplementalCredentials on _DC (writeable)
usnLocalChange = 554252
LastOriginatingDsa = _DC
usnOriginatingChange = 554252
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 24
Out-of-date attribute supplementalCredentials on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473741
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 23
Authoritative attribute unicodePwd on _DC (writeable)
usnLocalChange = 554251
LastOriginatingDsa = _DC
usnOriginatingChange = 554251
timeLastOriginatingChange = 2009-01-02 13:39:43
VersionLastOriginatingChange = 25
Out-of-date attribute unicodePwd on _DC2 (writeable)
usnLocalChange = 515957
LastOriginatingDsa = _DC
usnOriginatingChange = 473740
timeLastOriginatingChange = 2008-05-16 06:58:44
VersionLastOriginatingChange = 24
Checking for CN=NTDS Settings,CN=_DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=_XYZ,DC=com in domain CN=Configuration,DC=_XYZ,DC=com on 2 servers
Object is up-to-date on all servers.
......................... _DC2 failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... _DC2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 01/11/2009 19:40:54
(Event String could not be retrieved)
......................... _DC2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... _DC2 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 08:58:36
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/_dc._XYZ.com. The target name used
was . This indicates that the password used to
encrypt the kerberos service ticket is different
than that on the target server. Commonly, this is
due to identically named machine accounts in the
target realm (_XYZ.COM), and the client
realm. Please contact your system
administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 09:00:20
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/_dc._XYZ.com. The target name used
was _XYZ\_DC$. This indicates that the
password used to encrypt the kerberos service
ticket is different than that on the target
server. Commonly, this is due to identically
named machine accounts in the target realm
(_XYZ.COM), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 01/12/2009 09:20:00
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/_dc._XYZ.com. The target name used
was ldap/_dc._XYZ.com. This indicates
that the password used to encrypt the kerberos
service ticket is different than that on the
target server. Commonly, this is due to
identically named machine accounts in the target
realm (_XYZ.COM), and the client realm.
Please contact your system administrator.
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:13
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:15
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:16
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:25:16
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:44:07
(Event String could not be retrieved)
......................... _DC2 failed test systemlog
Starting test: VerifyReplicas
To pipe to a file: "dcdiag /v / e /c > c:\MyFile.txt"
If you got a tombstoned DC it will not be replicated thus the secure channel password that is used for trust will not be replicated.
The tombstoned DC will have an old trust password.
SG
If you got a tombstoned DC it will not be replicated thus the secure channel password that is used for trust will not be replicated.
The tombstoned DC will have an old trust password.
SG
ASKER
Here's ABC domain...
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dc1, is a DC.
* Connecting to directory service on server dc1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity
Testing server: Default-First-Site-Name\DC4
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... DC4 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC1
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... DC1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=ABC,DC=net
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=ABC,DC=net
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ABC,DC=net
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=ABC,DC=net
(Configuration,Version 2)
* Security Permissions Check for
DC=ABC,DC=net
(Domain,Version 2)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1\netlogon
Verified share \\DC1\sysvol
......................... DC1 passed test NetLogons
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3103 to 1073741823
* dc1.ABC.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1208
......................... DC1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/dc1.ABC.net/ABC.net
* SPN found :LDAP/dc1.ABC.net
* SPN found :LDAP/DC1
* SPN found :LDAP/dc1.ABC.net/ABC
* SPN found :LDAP/d7cd868c-4aae-4711-8494-5d14fab8129a._msdcs.ABC.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d7cd868c-4aae-4711-8494-5d14fab8129a/ABC.net
* SPN found :HOST/dc1.ABC.net/ABC.net
* SPN found :HOST/dc1.ABC.net
* SPN found :HOST/DC1
* SPN found :HOST/dc1.ABC.net/ABC
* SPN found :GC/dc1.ABC.net/ABC.net
......................... DC1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=ABC,DC=net
Checking for CN=DC1,OU=Domain Controllers,DC=ABC,DC=net in domain DC=ABC,DC=net on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net in domain CN=Configuration,DC=ABC,DC=net on 2 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DC1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... DC1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/12/2009 09:41:43
(Event String could not be retrieved)
......................... DC1 failed test systemlog
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=ABC,DC=net and backlink on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
are correct.
The system object reference (frsComputerReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ABC,DC=net
and backlink on CN=DC1,OU=Domain Controllers,DC=ABC,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ABC,DC=net
and backlink on
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
are correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1 for domain ABC.net in site Default-First-Site-Name
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/dc1.ABC.net/ABC.net
* SPN found :LDAP/dc1.ABC.net
* SPN found :LDAP/DC1
* SPN found :LDAP/dc1.ABC.net/ABC
* SPN found :LDAP/d7cd868c-4aae-4711-8494-5d14fab8129a._msdcs.ABC.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d7cd868c-4aae-4711-8494-5d14fab8129a/ABC.net
* SPN found :HOST/dc1.ABC.net/ABC.net
* SPN found :HOST/dc1.ABC.net
* SPN found :HOST/DC1
* SPN found :HOST/dc1.ABC.net/ABC
* SPN found :GC/dc1.ABC.net/ABC.net
[DC1] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... DC1 passed test CheckSecurityError
Testing server: Default-First-Site-Name\DC4
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ABC,DC=net
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... DC4 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC4 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ABC,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC4 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC4.
* Security Permissions Check for
DC=ForestDnsZones,DC=ABC,DC=net
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=ABC,DC=net
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ABC,DC=net
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=ABC,DC=net
(Configuration,Version 2)
* Security Permissions Check for
DC=ABC,DC=net
(Domain,Version 2)
......................... DC4 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC4\netlogon
Verified share \\DC4\sysvol
......................... DC4 passed test NetLogons
Starting test: Advertising
The DC DC4 is advertising itself as a DC and having a DS.
The DC DC4 is advertising as an LDAP server
The DC DC4 is advertising as having a writeable directory
The DC DC4 is advertising as a Key Distribution Center
The DC DC4 is advertising as a time server
The DS DC4 is advertising as a GC.
......................... DC4 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
......................... DC4 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3103 to 1073741823
* dc1.ABC.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2603 to 3102
* rIDPreviousAllocationPool is 2603 to 3102
* rIDNextRID: 2603
......................... DC4 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC4 on DC DC4.
* SPN found :LDAP/dc4.ABC.net/ABC.net
* SPN found :LDAP/dc4.ABC.net
* SPN found :LDAP/DC4
* SPN found :LDAP/dc4.ABC.net/ABC
* SPN found :LDAP/c8e3ecb1-089d-4037-b247-c7cb570b2af0._msdcs.ABC.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c8e3ecb1-089d-4037-b247-c7cb570b2af0/ABC.net
* SPN found :HOST/dc4.ABC.net/ABC.net
* SPN found :HOST/dc4.ABC.net
* SPN found :HOST/DC4
* SPN found :HOST/dc4.ABC.net/ABC
* SPN found :GC/dc4.ABC.net/ABC.net
......................... DC4 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC4 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC4 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC4 is in domain DC=ABC,DC=net
Checking for CN=DC4,OU=Domain Controllers,DC=ABC,DC=net in domain DC=ABC,DC=net on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net in domain CN=Configuration,DC=ABC,DC=net on 2 servers
Object is up-to-date on all servers.
......................... DC4 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC4 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DC4 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... DC4 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC4 passed test systemlog
Starting test: VerifyReplicas
......................... DC4 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC4,OU=Domain Controllers,DC=ABC,DC=net and backlink on
CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
are correct.
The system object reference (frsComputerReferenceBL)
CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ABC,DC=net
and backlink on CN=DC4,OU=Domain Controllers,DC=ABC,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ABC,DC=net
and backlink on
CN=NTDS Settings,CN=DC4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ABC,DC=net
are correct.
......................... DC4 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC4 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1 for domain ABC.net in site Default-First-Site-Name
Checking machine account for DC DC4 on DC DC1.
* SPN found :LDAP/dc4.ABC.net/ABC.net
* SPN found :LDAP/dc4.ABC.net
* SPN found :LDAP/DC4
* SPN found :LDAP/dc4.ABC.net/ABC
* SPN found :LDAP/c8e3ecb1-089d-4037-b247-c7cb570b2af0._msdcs.ABC.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c8e3ecb1-089d-4037-b247-c7cb570b2af0/ABC.net
* SPN found :HOST/dc4.ABC.net/ABC.net
* SPN found :HOST/dc4.ABC.net
* SPN found :HOST/DC4
* SPN found :HOST/dc4.ABC.net/ABC
* SPN found :GC/dc4.ABC.net/ABC.net
Checking for CN=DC4,OU=Domain Controllers,DC=ABC,DC=net in domain DC=ABC,DC=net on 2 servers
Object is up-to-date on all servers.
[DC4] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... DC4 passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : ABC
Starting test: CrossRefValidation
......................... ABC passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ABC passed test CheckSDRefDom
Running enterprise tests on : ABC.net
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ABC.net passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc1.ABC.net
Locator Flags: 0xe00003fd
PDC Name: \\dc1.ABC.net
Locator Flags: 0xe00003fd
Time Server Name: \\dc1.ABC.net
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\dc1.ABC.net
Locator Flags: 0xe00003fd
KDC Name: \\dc1.ABC.net
Locator Flags: 0xe00003fd
......................... ABC.net passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: dc4.ABC.net
Domain: ABC.net
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC:
MAC address is 00:1A:4B:D4:6F:61
IP address is static
IP address: 192.168.7.8
DNS servers:
192.168.7.4 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure ABC.net.
Test record _dcdiag_test_record added successfully in zone ABC.net.
Test record _dcdiag_test_record deleted successfully in zone ABC.net.
TEST: Records registration (RReg)
Network Adapter [00000007] Embedded Broadcom NetXtreme 5721 PCI-E Gigabit NIC:
Matching A record found at DNS server 192.168.7.4:
dc4.ABC.net
Matching CNAME record found at DNS server 192.168.7.4:
c8e3ecb1-089d-4037-b247-c7cb570b2af0._msdcs.ABC.net
Matching DC SRV record found at DNS server 192.168.7.4:
_ldap._tcp.dc._msdcs.ABC.net
Matching GC SRV record found at DNS server 192.168.7.4:
_ldap._tcp.gc._msdcs.ABC.net
DC: dc1.ABC.net
Domain: ABC.net
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000008] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 00:17:08:2C:5D:CA
IP address is static
IP address: 192.168.7.4
DNS servers:
192.168.7.4 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure ABC.net.
Test record _dcdiag_test_record added successfully in zone ABC.net.
Test record _dcdiag_test_record deleted successfully in zone ABC.net.
TEST: Records registration (RReg)
Network Adapter [00000008] Broadcom NetXtreme Gigabit Ethernet:
Matching A record found at DNS server 192.168.7.4:
dc1.ABC.net
Matching CNAME record found at DNS server 192.168.7.4:
d7cd868c-4aae-4711-8494-5d14fab8129a._msdcs.ABC.net
Matching DC SRV record found at DNS server 192.168.7.4:
_ldap._tcp.dc._msdcs.ABC.net
Matching GC SRV record found at DNS server 192.168.7.4:
_ldap._tcp.gc._msdcs.ABC.net
Matching PDC SRV record found at DNS server 192.168.7.4:
_ldap._tcp.pdc._msdcs.ABC.net
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.9.0.107 (b.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
2 test failures on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.168.7.4 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: ABC.net
dc4 PASS PASS FAIL PASS WARN PASS n/a
dc1 PASS PASS FAIL PASS WARN PASS n/a
......................... ABC.net failed test DNSASKER
Hmm.. looks like one tested dns and the other didn't..I wonder why?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Will have an answer back on Thursday..cant reboot until then.
ASKER
Thanks guys. This "project" has been tombstoned lol. So I did not want to keep you hanging. I will let you know whe nit reinstates.
ASKER