Solved

NetDiag DNS Test : 2 DCs

Posted on 2009-05-20
1
744 Views
Last Modified: 2012-05-07
Added a 2nd DC (windows server 2003) to a domain with the first DC being SBS 2003.
Ran NetDiag on each.
The new DC is clean as a whistle.
The original DC (SBS 2003) has these issues:
     DNS Test . . . . . passed
     PASS - all the DNS enteries for DC are registered on the DNS server '192.xx (original DC) and other DCs also have some of the names registered.
     [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.xx (new DC), ERROR_TIMEOUT

     LDAP test . . . . passed
     [FATAL] Cannot open an LDAP session to 'remus (new DC) at 192.xx
     [WARNING] Failed to query SPN registration on DC 'remus. (new DC)

Note: I don't get these messages when running this test on the new DC.

AD replicates ok, after verifying this each DC has its own IP as pref. DNS and each other as second DNS.

Other points to note:
1) ReplMon: FAILURE: 1753 There are no more end points available from the endpoint mapper.
2) GPOTool: ERROR: Version mismatch on Argus (original DC), DS=13, SysVol=11
3) Users are having no issues
4) New DC was DCPromoed last week.
5) Things I've done since:   "dnscmd /clearcache", "ipconfig /flushdns and /registerdns", renamed netlogon.dns and netlogon.db, net stopped and started netlogo, recrated netlogon files, ran "netdiag /fix", and rebooted both servers.
checked replication.

I've researched this to death.  How can I clean up my NetDiag test? Why I'm I getting "passed" on the LDAP test followed by "Fatal" and "Warning"?    

appreciate any thoughts.
0
Comment
Question by:ShawnGray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
ShawnGray earned 0 total points
ID: 24434438
This appears to be a Firewall issue.
I disabled the firewall on the new DC and reran NetDiag on the original DC.
It was clean.  I suppose the question now is what settings should be allowed so I can run the firewall?
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question