DCDIAG problems with connectivity tests 2008 after upgrade to R2

KConner32
KConner32 used Ask the Experts™
on
ok, unfortunately 2 events occured at roughly the same time and I am not sure which one is the cause of my problem.

As a little background, Single domain,  all servers are on Windows 2008.  Writeable domain controller in central office, RDOC domain controllers in branches.

We upgraded all servers to windows 2008 R2 this weekend.  We also lost connectivity to two branches due to Firewall hardware problems.  When I run dcdiag on the writeable domain controller (server1) it fails the connectivity tests (it wasnt doing this last week).  Firewall group say they havent changed anything in the last 2 weeks.

Error message is Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = HQServer1
   * Identified AD Forest.
   Ldap search capabality attribute search failed on server Branch1, return
   value = 81
   Got error while checking if the DC is using FRS or DFSR. Error:
   Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
   because of this error.
   Ldap search capabality attribute search failed on server Branch2, return
   value = 81
   Got error while checking if the DC is using FRS or DFSR. Error:
   Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
   because of this error.
   Done gathering initial info.

Doing initial required tests

   Testing server: HQ\HQServer1
      Starting test: Connectivity
         Message 0x621 not found.
         Got error while checking LDAP and RPC connectivity. Please check your
         firewall settings.
         ......................... HQServer1 failed test Connectivity



So I am trying to figure out if the branch being down or the R2 upgrade is the cause of this.  Google yields no useful information about the error code.
Everything seems fine, I can remote to a branch and using LDP.exe connect to HQ using LDAP, create a user in HQ and then remote to a branch, force replication using repadmin and log in using new user.

Ok, so my questions are:
1 The Branch1/Branch2 server being down doesnt affect the connectivity test does it (branches 3-30 are up)?

2.  Does anyone know what exactly the connectivity test does so I can try to isolate the problem?  Even with the verbose flag on, it doesnt really say what the test does.


Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
bluntTonyHead of ICT
Top Expert 2009

Commented:
HI there,
I would say the errors are down to the links to branches 1 and 2 being down, since the errors are referring to these sites.
The connectivity test checks that entries are registered in DNS, and that the servers are contactable via LDAP and RPC (i.e. on the required ports). Since the links are down, the connectivity test is failing on the LDAP/RPC tests.
More info here: http://technet.microsoft.com/en-us/library/cc776854(WS.10).aspx
 
bluntTonyHead of ICT
Top Expert 2009

Commented:
...that was a 2003 doc, but here is the 2008 version : http://technet.microsoft.com/en-us/library/cc731968(WS.10).aspx
...it says the same thing about the connectivity test though.
Tony

Author

Commented:
ok, was kinda hoping that was it, just the line
......................... HQServer1 failed test Connectivity

Seems to imply that the problem is on the server I am running DCDIAG on (actually I get the same message from any branch).
Should you be charging more for IT Services?

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
Branch 1 and 2 are going to be online in 2 days.  If the issue goes away after that I will close the question and award the points..just want to make sure thats it.
bluntTonyHead of ICT
Top Expert 2009

Commented:
The test is saying that your HQ server cannot contact the two branch servers via LDAP:
Ldap search capabality attribute search failed on server Branch1
I think once the links are back up, then you should be fine. Do by all means leave this open in case this isn't the case though. Bear in mind that the DCDIAG will still fail FRS and DFRS event tests because they check for event log errors in the previous 24 hours. You can either wait a further 24 hours, or clear the logs to get a clean output.
Tony
Commented:
I have two DCs. A 2008 R2 and a 2008. I just upgraded the 2008 server to R2. I'm getting the same results with dcdiag. I use teaming on my NICs. Are you teaming your network cards? That was case here.

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/d5bebedd-bc3a-4b91-a053-7c04c78c2ec1/
I am getting this error on one of my DCs as well. It is a Windows 2008 R2 Enterprise machine (a Hyper-V guest), and I had HP teaming setup and running the virtual switch on top of that.

I disabled the teaming, created two separate virtual switches (one per NIC), and assigned this virtual machine to a new virtual switch, and I still get the message. However, all DCDIAG test pass fine (no issues). Network connectivity is all normal - I can access network shares and see other DCs just fine.

Any other ideas?

Author

Commented:
No not really, disabling the teaming on my nics solved the problem, even though everything worked fine (DNS Lookup, Share Access Etc) I would just get the connectivity error.  I still cannot figure out how to run exactly what the connectivity test runs to isolate the problem any further.  The same issue caused problems in DFS Namespace resolution though (although I could access both shares from either location, and replication worked fine).  I am pretty sure it is a problem related to RPC tests, but some generic ones worked fine so I am not sure exactly what its doing on the RPC side.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial