Solved

NetDiag DNS Test : 2 DCs

Posted on 2009-05-20
1
743 Views
Last Modified: 2012-05-07
Added a 2nd DC (windows server 2003) to a domain with the first DC being SBS 2003.
Ran NetDiag on each.
The new DC is clean as a whistle.
The original DC (SBS 2003) has these issues:
     DNS Test . . . . . passed
     PASS - all the DNS enteries for DC are registered on the DNS server '192.xx (original DC) and other DCs also have some of the names registered.
     [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.xx (new DC), ERROR_TIMEOUT

     LDAP test . . . . passed
     [FATAL] Cannot open an LDAP session to 'remus (new DC) at 192.xx
     [WARNING] Failed to query SPN registration on DC 'remus. (new DC)

Note: I don't get these messages when running this test on the new DC.

AD replicates ok, after verifying this each DC has its own IP as pref. DNS and each other as second DNS.

Other points to note:
1) ReplMon: FAILURE: 1753 There are no more end points available from the endpoint mapper.
2) GPOTool: ERROR: Version mismatch on Argus (original DC), DS=13, SysVol=11
3) Users are having no issues
4) New DC was DCPromoed last week.
5) Things I've done since:   "dnscmd /clearcache", "ipconfig /flushdns and /registerdns", renamed netlogon.dns and netlogon.db, net stopped and started netlogo, recrated netlogon files, ran "netdiag /fix", and rebooted both servers.
checked replication.

I've researched this to death.  How can I clean up my NetDiag test? Why I'm I getting "passed" on the LDAP test followed by "Fatal" and "Warning"?    

appreciate any thoughts.
0
Comment
Question by:ShawnGray
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 

Accepted Solution

by:
ShawnGray earned 0 total points
ID: 24434438
This appears to be a Firewall issue.
I disabled the firewall on the new DC and reran NetDiag on the original DC.
It was clean.  I suppose the question now is what settings should be allowed so I can run the firewall?
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Set time on server to sync with the internet clock 22 114
2003 Server DNS/FS errors 6 82
SBS 2011 Backup Drive 8 108
Domain Controller FSMO 7 80
I've often see, or have been asked, the question about the difference between the Exchange 2010 SP1 version, available as part of Small Business Server (SBS) 2011, and the “normal” Exchange 2010 SP1 Standard. The answer to the question is relativ…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question