Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

NetDiag DNS Test : 2 DCs

Posted on 2009-05-20
1
Medium Priority
?
746 Views
Last Modified: 2012-05-07
Added a 2nd DC (windows server 2003) to a domain with the first DC being SBS 2003.
Ran NetDiag on each.
The new DC is clean as a whistle.
The original DC (SBS 2003) has these issues:
     DNS Test . . . . . passed
     PASS - all the DNS enteries for DC are registered on the DNS server '192.xx (original DC) and other DCs also have some of the names registered.
     [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.xx (new DC), ERROR_TIMEOUT

     LDAP test . . . . passed
     [FATAL] Cannot open an LDAP session to 'remus (new DC) at 192.xx
     [WARNING] Failed to query SPN registration on DC 'remus. (new DC)

Note: I don't get these messages when running this test on the new DC.

AD replicates ok, after verifying this each DC has its own IP as pref. DNS and each other as second DNS.

Other points to note:
1) ReplMon: FAILURE: 1753 There are no more end points available from the endpoint mapper.
2) GPOTool: ERROR: Version mismatch on Argus (original DC), DS=13, SysVol=11
3) Users are having no issues
4) New DC was DCPromoed last week.
5) Things I've done since:   "dnscmd /clearcache", "ipconfig /flushdns and /registerdns", renamed netlogon.dns and netlogon.db, net stopped and started netlogo, recrated netlogon files, ran "netdiag /fix", and rebooted both servers.
checked replication.

I've researched this to death.  How can I clean up my NetDiag test? Why I'm I getting "passed" on the LDAP test followed by "Fatal" and "Warning"?    

appreciate any thoughts.
0
Comment
Question by:ShawnGray
1 Comment
 

Accepted Solution

by:
ShawnGray earned 0 total points
ID: 24434438
This appears to be a Firewall issue.
I disabled the firewall on the new DC and reran NetDiag on the original DC.
It was clean.  I suppose the question now is what settings should be allowed so I can run the firewall?
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Small Business Server 2011. NOTE: This guide has been written using the preview version of SBS2011 therefore some of the screens may …
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question