lost all dns records on DNS at my DC
Dear Experts:
I have lost all data in both DC's and I have a backup of the system state of one of the DC DNS servers.
I need your help to restore the state of the DNS server with an easy step by step guide or similar.
I have lost all data in both DC's and I have a backup of the system state of one of the DC DNS servers.
I need your help to restore the state of the DNS server with an easy step by step guide or similar.
Is DNS running, can you get into the console?
Can you please fill in some background information.
Is this Active Directoryn Integrated DNS
Single/Multiple Domain ?
Some screen shots would be nice in order to undersand the issue
Can you please fill in some background information.
Is this Active Directoryn Integrated DNS
Single/Multiple Domain ?
Some screen shots would be nice in order to undersand the issue
ASKER
sure, more info:
I cant connect by the DNS console , its says access deny
same errors IDs:
DNS: ID 4000
APlications: 1053 1058 1002
SYSTEM : 40960 , 5781 , 5719
So I have this errors on one of the DC's/DNS servers.
I can see all AD content , but DNS content con the console its empty and also I hve access deny erorr on the DNS console.
DNS in both servers was integrated to AD., on a single domain
Help !!!!
I cant connect by the DNS console , its says access deny
same errors IDs:
DNS: ID 4000
APlications: 1053 1058 1002
SYSTEM : 40960 , 5781 , 5719
So I have this errors on one of the DC's/DNS servers.
I can see all AD content , but DNS content con the console its empty and also I hve access deny erorr on the DNS console.
DNS in both servers was integrated to AD., on a single domain
Help !!!!
Important to know if DNS was ad integrated or not.
If it was ad integrated you can make an authorative restore of the DNS zones from tha backups.
if it was textfile based, then you can simply restore DNS files from a backup, and replace teh contenct of teh live DNS file.
If it was ad integrated you can make an authorative restore of the DNS zones from tha backups.
if it was textfile based, then you can simply restore DNS files from a backup, and replace teh contenct of teh live DNS file.
What lead up to this?
Can you show us the output from these please:
ipconfig /all
dcdiag
Chris
ASKER
great , I will do the autoritative restore , but , I only have a backup from the secundary DC which its not a Goblal catalog.
So how should I do so ? should I restore on the same DC from where the backup its coming ? becouse this backup was done on a DC with out Gobla Catalog , will work ???
thnaks
So how should I do so ? should I restore on the same DC from where the backup its coming ? becouse this backup was done on a DC with out Gobla Catalog , will work ???
thnaks
Hmmm I'm not convinced an Authoritative Restore is a good move. You don't know what caused the failure yet.
Chris
ASKER
after lunching a new OSX server , on of the admin has try to integrate it to AD
DONT DO AN AUTHORATIVE RESTORE - no yet at least, this is normally used to recover deleted AD objects and could have unfoseen consequences until we know the root of the issue.
We need to investigate further
Can you provide the results of
dcdiag (you may need to install the windows support tools from the support folder on the Windows CD)
What led up to the current state of affairs ?
We need to investigate further
Can you provide the results of
dcdiag (you may need to install the windows support tools from the support folder on the Windows CD)
What led up to the current state of affairs ?
it can be one of 2 things,
bug in DNS console.
When launching the DNS console, try and connect to a new DNS server in tje console, and for DNS server name try one of the following:
Ip address of DNS server
Netbiosname of DNA server
FQDN of dns server (i.e. server1.domain.com)
there was some problems in past that one or th otehr didnt work, as i remember try to use th FQDN.
if this still gives access denied, then the ACL's of the DNS partition in AD migh have become corrupted. Use ADSIEDIT to connect to the DNS partionion and make sure that the domain admins 9 or administrating user) has read/write access to the DNS records If you provide AD OS versions (2000/2003/2008) i can provide teh path to teh DNS for you
bug in DNS console.
When launching the DNS console, try and connect to a new DNS server in tje console, and for DNS server name try one of the following:
Ip address of DNS server
Netbiosname of DNA server
FQDN of dns server (i.e. server1.domain.com)
there was some problems in past that one or th otehr didnt work, as i remember try to use th FQDN.
if this still gives access denied, then the ACL's of the DNS partition in AD migh have become corrupted. Use ADSIEDIT to connect to the DNS partionion and make sure that the domain admins 9 or administrating user) has read/write access to the DNS records If you provide AD OS versions (2000/2003/2008) i can provide teh path to teh DNS for you
ASKER
sure , its a Windows 2003 64 R2 Standar
It can be far more than one of 2 things, especially considering the error messages being thrown.
DCDiag please.
NetDiag as well if it's running 2000 or 2003.
Chris
I fully agree with @Chris-Dent, I think some people are making wild guesses - lets try to approach this in a systematic way please - we need some diagnosicis
ASKER
Dear Chris , there you are.
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : data5
Primary Dns Suffix . . . . . . . : uicc0.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : uicc0.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Network Connection #2
Physical Address. . . . . . . . . : 00-07-E9-33-23-BC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.91.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.91.1
DNS Servers . . . . . . . . . . . : 192.168.92.2
Primary WINS Server . . . . . . . : 192.168.91.20
Secondary WINS Server . . . . . . : 192.168.91.2
C:\WINDOWS\ServicePackFiles\amd64>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Frontenex62\DATA5
Starting test: Connectivity
The host 20760173-fa7e-4326-bce5-e8329a06390b._msdcs.uicc0.local could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name (20760173-fa7e-4326-bce5-e8329a06390b._msdcs.uicc0.local) couldn't be resolved, the
server name (data5.uicc0.local) resolved to the IP address (192.168.91.2) and was pingable. Check that the IP
address is registered correctly with the DNS server.
......................... DATA5 failed test Connectivity
Doing primary tests
Testing server: Frontenex62\DATA5
Skipping all tests, because server DATA5 is
not responding to directory service requests
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : uicc0
Starting test: CrossRefValidation
......................... uicc0 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... uicc0 passed test CheckSDRefDom
Running enterprise tests on : uicc0.local
Starting test: Intersite
......................... uicc0.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... uicc0.local failed test FsmoCheck
C:\WINDOWS\ServicePackFiles\amd64>> DNS Servers . . . . . . . . . . . : 192.168.92.2
Really 192.168.92.2 is the system you're having problems with?
Have you tried changing that to 192.168.91.2 (the current server) assuming that runs the DNS service?
Chris
ASKER
You right , I made that mistaque wen I was changing dns config on the server.
Now I put it right , and I got this output from dcdiag:
Please advice how to solve it.
Now I put it right , and I got this output from dcdiag:
Please advice how to solve it.
C:\WINDOWS\ServicePackFiles\amd64>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Frontenex62\DATA5
Starting test: Connectivity
......................... DATA5 passed test Connectivity
Doing primary tests
Testing server: Frontenex62\DATA5
Starting test: Replications
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=DomainDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 12:47:52.
The last success occurred at 2010-04-27 16:08:21.
22 failures have occurred since the last success.
[DC0] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=ForestDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 12:47:52.
The last success occurred at 2010-04-27 15:46:27.
22 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Schema,CN=Configuration,DC=uicc0,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2010-04-28 12:48:01.
The last success occurred at 2010-04-27 15:46:27.
22 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Configuration,DC=uicc0,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2010-04-28 12:47:56.
The last success occurred at 2010-04-27 16:07:27.
22 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=uicc0,DC=local
The replication generated an error (1908):
Could not find the domain controller for this domain.
The failure occurred at 2010-04-28 12:47:52.
The last success occurred at 2010-04-27 16:15:32.
22 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
REPLICATION-RECEIVED LATENCY WARNING
DATA5: Current time is 2010-04-28 12:57:21.
DC=DomainDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:08:20.
DC=ForestDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Schema,CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:07:26.
DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:15:32.
......................... DATA5 passed test Replications
Starting test: NCSecDesc
......................... DATA5 passed test NCSecDesc
Starting test: NetLogons
......................... DATA5 passed test NetLogons
Starting test: Advertising
Warning: DATA5 is not advertising as a Key Distribution Center.
Check that the Directory has started.
......................... DATA5 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: DC0 is the Domain Owner, but is not responding to DS RPC Bind.
[DC0] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: DC0 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC0 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC0 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the Rid Owner, but is not responding to LDAP Bind.
......................... DATA5 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... DATA5 failed test RidManager
Starting test: MachineAccount
......................... DATA5 passed test MachineAccount
Starting test: Services
kdc Service is stopped on [DATA5]
......................... DATA5 failed test Services
Starting test: ObjectsReplicated
......................... DATA5 passed test ObjectsReplicated
Starting test: frssysvol
......................... DATA5 passed test frssysvol
Starting test: frsevent
......................... DATA5 passed test frsevent
Starting test: kccevent
......................... DATA5 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/28/2010 12:15:52
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/28/2010 12:34:36
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/28/2010 12:53:21
(Event String could not be retrieved)
......................... DATA5 failed test systemlog
Starting test: VerifyReferences
......................... DATA5 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : uicc0
Starting test: CrossRefValidation
......................... uicc0 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... uicc0 passed test CheckSDRefDom
Running enterprise tests on : uicc0.local
Starting test: Intersite
......................... uicc0.local passed test Intersite
Starting test: FsmoCheck
......................... uicc0.local passed test FsmoCheck
C:\WINDOWS\ServicePackFiles\amd64>
That's a little better, thank you. Would you be able to run DCDiag against DC0? Might be best to go to DC0 for that.
Chris
ASKER
So , I manage to solve part of the problem , first will gibe you a clear idea about the infraestructure , and them what I have done now and what is the actual error on both servers:
so live it clear, actual infraestructure :
DC0 = DC + GC , DNS ( all records, here I manage to uninstall dns , re install it and got all records from DATA5)
DATA5= DC ( operation master) + DNS ( all records)
Now , I manage to get back all DNS records on DC0 by reinstalling DNS and making it secundary of DATA5 and copy zone information form it.
so , actually I getting the next errors on each server ( look at the code I plubish)
Please help
so live it clear, actual infraestructure :
DC0 = DC + GC , DNS ( all records, here I manage to uninstall dns , re install it and got all records from DATA5)
DATA5= DC ( operation master) + DNS ( all records)
Now , I manage to get back all DNS records on DC0 by reinstalling DNS and making it secundary of DATA5 and copy zone information form it.
so , actually I getting the next errors on each server ( look at the code I plubish)
Please help
Event Type: Error
Event Source: Kerberos
Event Category: None
Event ID: 4
Date: 4/28/2010
Time: 1:54:08 PM
User: N/A
Computer: DATA5
Description:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc0.uicc0.local. The target name used was cifs/DC0. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (UICC0.LOCAL), and the client realm. Please contact your system administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 28/04/2010
Time: 13:42:26
User: NT AUTHORITY\SYSTEM
Computer: DC0
Description:
Windows cannot determine the user or computer name. (Access is denied. ). Group Policy processing aborted.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: LSASRV
Event Category: SPNEGO (Negotiator)
Event ID: 40960
Date: 28/04/2010
Time: 13:33:03
User: N/A
Computer: DC0
Description:
The Security System detected an authentication error for the server cifs/DC0. The failure code from authentication protocol Kerberos was "The attempted logon is invalid. This is either due to a bad username or authentication information.
(0xc000006d)".
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 6d 00 00 c0 m..À
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4000
Date: 28/04/2010
Time: 13:40:18
User: N/A
Computer: DC0
Description:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2d 23 00 00 -#.. ASKER
also , here a copy of the dcdiag on ech server DC
:\WINDOWS\ServicePackFiles\amd64>dcdiag
omain Controller Diagnosis
erforming initial setup:
Done gathering initial info.
oing initial required tests
Testing server: Frontenex62\DATA5
Starting test: Connectivity
......................... DATA5 passed test Connectivity
oing primary tests
Testing server: Frontenex62\DATA5
Starting test: Replications
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=DomainDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 13:46:28.
The last success occurred at 2010-04-27 16:08:21.
23 failures have occurred since the last success.
[DC0] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=ForestDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 13:46:28.
The last success occurred at 2010-04-27 15:46:27.
23 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Schema,CN=Configuration,DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:46:28.
The last success occurred at 2010-04-27 15:46:27.
23 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Configuration,DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:46:28.
The last success occurred at 2010-04-27 16:07:27.
23 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:46:28.
The last success occurred at 2010-04-27 16:15:32.
23 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
DATA5: Current time is 2010-04-28 13:46:13.
DC=DomainDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:08:20.
DC=ForestDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Schema,CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:07:26.
DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:15:32.
......................... DATA5 passed test Replications
Starting test: NCSecDesc
......................... DATA5 passed test NCSecDesc
Starting test: NetLogons
......................... DATA5 passed test NetLogons
Starting test: Advertising
Warning: DATA5 is not advertising as a Key Distribution Center.
Check that the Directory has started.
......................... DATA5 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: DC0 is the Domain Owner, but is not responding to DS RPC Bind.
[DC0] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: DC0 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC0 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC0 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the Rid Owner, but is not responding to LDAP Bind.
......................... DATA5 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... DATA5 failed test RidManager
Starting test: MachineAccount
......................... DATA5 passed test MachineAccount
Starting test: Services
kdc Service is stopped on [DATA5]
......................... DATA5 failed test Services
Starting test: ObjectsReplicated
......................... DATA5 passed test ObjectsReplicated
Starting test: frssysvol
......................... DATA5 passed test frssysvol
Starting test: frsevent
......................... DATA5 passed test frsevent
Starting test: kccevent
......................... DATA5 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC25A001D
Time Generated: 04/28/2010 12:53:21
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000005
Time Generated: 04/28/2010 12:57:34
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 12:57:39
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000005
Time Generated: 04/28/2010 13:22:49
Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:37:12
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:37:12
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40011006
Time Generated: 04/28/2010 13:46:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:50:42
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:54:08
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:56:18
Event String: The kerberos client received a
......................... DATA5 failed test systemlog
Starting test: VerifyReferences
......................... DATA5 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : uicc0
Starting test: CrossRefValidation
......................... uicc0 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... uicc0 passed test CheckSDRefDom
Running enterprise tests on : uicc0.local
Starting test: Intersite
......................... uicc0.local passed test Intersite
Starting test: FsmoCheck
......................... uicc0.local passed test FsmoCheck
:\WINDOWS\ServicePackFiles\amd64>
C:\WINDOWS\ServicePackFiles\amd64>dcdiag.exe
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Frontenex62\DC0
Starting test: Connectivity
......................... DC0 passed test Connectivity
Doing primary tests
Testing server: Frontenex62\DC0
Starting test: Replications
[Replications Check,DC0] A recent replication attempt failed:
From DATA5 to DC0
Naming Context: DC=DomainDnsZones,DC=uicc0,DC=local
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2010-04-28 13:37:38.
The last success occurred at 2010-04-27 16:08:05.
25 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC0] A recent replication attempt failed:
From DATA5 to DC0
Naming Context: DC=ForestDnsZones,DC=uicc0,DC=local
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2010-04-28 13:37:38.
The last success occurred at 2010-04-27 15:58:42.
25 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source DATA5
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,DC0] A recent replication attempt failed:
From DATA5 to DC0
Naming Context: CN=Schema,CN=Configuration,DC=uicc0,DC=local
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2010-04-28 13:37:38.
The last success occurred at 2010-04-27 15:58:41.
25 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC0] A recent replication attempt failed:
From DATA5 to DC0
Naming Context: CN=Configuration,DC=uicc0,DC=local
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2010-04-28 13:37:38.
The last success occurred at 2010-04-27 16:07:11.
25 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
[Replications Check,DC0] A recent replication attempt failed:
From DATA5 to DC0
Naming Context: DC=uicc0,DC=local
The replication generated an error (1908):
Win32 Error 1908
The failure occurred at 2010-04-28 13:37:38.
The last success occurred at 2010-04-27 16:16:12.
25 failures have occurred since the last success.
Kerberos Error.
A KDC was not found to authenticate the call.
Check that sufficient domain controllers are available.
REPLICATION-RECEIVED LATENCY WARNING
DC0: Current time is 2010-04-28 13:47:21.
DC=DomainDnsZones,DC=uicc0,DC=local
Last replication recieved from DATA5 at 2010-04-27 16:08:05.
DC=ForestDnsZones,DC=uicc0,DC=local
Last replication recieved from DATA5 at 2010-04-27 15:58:42.
CN=Schema,CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DATA5 at 2010-04-27 15:58:41.
CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DATA5 at 2010-04-27 16:07:10.
DC=uicc0,DC=local
Last replication recieved from DATA5 at 2010-04-27 16:16:12.
......................... DC0 passed test Replications
Starting test: NCSecDesc
......................... DC0 passed test NCSecDesc
Starting test: NetLogons
......................... DC0 passed test NetLogons
Starting test: Advertising
......................... DC0 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... DC0 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... DC0 passed test RidManager
Starting test: MachineAccount
The account DC0 is not a DC account. It cannot replicate.
Warning: Attribute userAccountControl of DC0 is: 0x81000 = ( UF_WORKST
ATION_TRUST_ACCOUNT | UF_TRUSTED_FOR_DELEGATION )
Typical setting for a DC is 0x82000 = ( UF_SERVER_TRUST_ACCOUNT | UF_TR
USTED_FOR_DELEGATION )
This may be affecting replication?
......................... DC0 failed test MachineAccount
Starting test: Services
......................... DC0 passed test Services
Starting test: ObjectsReplicated
......................... DC0 passed test ObjectsReplicated
Starting test: frssysvol
......................... DC0 passed test frssysvol
Starting test: frsevent
......................... DC0 passed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x80000677
Time Generated: 04/28/2010 13:38:18
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000466
Time Generated: 04/28/2010 13:38:18
(Event String could not be retrieved)
......................... DC0 failed test kccevent
Starting test: systemlog
......................... DC0 passed test systemlog
Starting test: VerifyReferences
......................... DC0 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : uicc0
Starting test: CrossRefValidation
......................... uicc0 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... uicc0 passed test CheckSDRefDom
Running enterprise tests on : uicc0.local
Starting test: Intersite
......................... uicc0.local passed test Intersite
Starting test: FsmoCheck
......................... uicc0.local passed test FsmoCheck
C:\WINDOWS\ServicePackFiles\amd64>This is a bit concerning:
The kerberos client received a KRB_AP_ERR_MODIFIED error from the server host/dc0.uicc0.local
Now it is possible to reset the password DC0 holds on the domain, however we must check for a duplicate account first.
Can you run these please:
dsquery * -Filter "(|(servicePrincipalName=*
dsquery computer domaniroot -name dc0
If you could run that on both servers, we need to be absolutely sure it only returns DC0 (the Domain Controller) in all cases.
Chris
ASKER
Yeap I got DC0 on both servers.
Since DNS is tentatively working, would you run:
nslookup dc0
nslookup 192.168.92.2
I'm assuming the second is the current IP for dc0, if not, please correct it for the test.
Thanks,
Chris
nslookup dc0
nslookup 192.168.92.2
I'm assuming the second is the current IP for dc0, if not, please correct it for the test.
Thanks,
Chris
ASKER
nop . its loke this:
DC0 = 192.168.91.20
DATA5: 192.168.91.2
And by the way , I manage to transfer from data5 tio dc0 zones:
uicc0.local
_msdcs.uicc0.local
and also I just done the same for the revers lookup zone.
I just try to run dcdiag from dc0 , but I get acces deny.
DC0 = 192.168.91.20
DATA5: 192.168.91.2
And by the way , I manage to transfer from data5 tio dc0 zones:
uicc0.local
_msdcs.uicc0.local
and also I just done the same for the revers lookup zone.
I just try to run dcdiag from dc0 , but I get acces deny.
ASKER
I manage to run dcdiag from data5 , I'm attaching the content.
dsquery * -Filter "(|(servicePrincipalName=*host/dc0.uicc0.local*)(servicePrincipalName=*cifs/DC0*))"
dsquery computer domaniroot -name dc0
ASKER
sorry , here the dcdiag of data5 output
C:\WINDOWS\ServicePackFiles\amd64>dcdiag.exe
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Frontenex62\DATA5
Starting test: Connectivity
......................... DATA5 passed test Connectivity
Doing primary tests
Testing server: Frontenex62\DATA5
Starting test: Replications
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=DomainDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 13:47:47.
The last success occurred at 2010-04-27 16:08:21.
24 failures have occurred since the last success.
[DC0] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=ForestDnsZones,DC=uicc0,DC=local
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2010-04-28 13:47:47.
The last success occurred at 2010-04-27 15:46:27.
24 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Schema,CN=Configuration,DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:47:47.
The last success occurred at 2010-04-27 15:46:27.
24 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: CN=Configuration,DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:47:47.
The last success occurred at 2010-04-27 16:07:27.
24 failures have occurred since the last success.
[Replications Check,DATA5] A recent replication attempt failed:
From DC0 to DATA5
Naming Context: DC=uicc0,DC=local
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-04-28 13:47:47.
The last success occurred at 2010-04-27 16:15:32.
24 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
DATA5: Current time is 2010-04-28 14:25:19.
DC=DomainDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:08:20.
DC=ForestDnsZones,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Schema,CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 15:46:27.
CN=Configuration,DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:07:26.
DC=uicc0,DC=local
Last replication recieved from DC0 at 2010-04-27 16:15:32.
......................... DATA5 passed test Replications
Starting test: NCSecDesc
......................... DATA5 passed test NCSecDesc
Starting test: NetLogons
......................... DATA5 passed test NetLogons
Starting test: Advertising
Warning: DATA5 is not advertising as a Key Distribution Center.
Check that the Directory has started.
......................... DATA5 failed test Advertising
Starting test: KnowsOfRoleHolders
Warning: DC0 is the Domain Owner, but is not responding to DS RPC Bind.
[DC0] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: DC0 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC0 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the PDC Owner, but is not responding to LDAP Bind.
Warning: DC0 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC0 is the Rid Owner, but is not responding to LDAP Bind.
......................... DATA5 failed test KnowsOfRoleHolders
Starting test: RidManager
......................... DATA5 failed test RidManager
Starting test: MachineAccount
......................... DATA5 passed test MachineAccount
Starting test: Services
kdc Service is stopped on [DATA5]
......................... DATA5 failed test Services
Starting test: ObjectsReplicated
......................... DATA5 passed test ObjectsReplicated
Starting test: frssysvol
......................... DATA5 passed test frssysvol
Starting test: frsevent
......................... DATA5 passed test frsevent
Starting test: kccevent
......................... DATA5 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:37:12
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:37:12
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40011006
Time Generated: 04/28/2010 13:46:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:50:42
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:54:08
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:56:18
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:57:43
Event String: The kerberos client received a
An Error Event occured. EventID: 0x40000004
Time Generated: 04/28/2010 13:59:54
Event String: The kerberos client received a
......................... DATA5 failed test systemlog
Starting test: VerifyReferences
......................... DATA5 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : uicc0
Starting test: CrossRefValidation
......................... uicc0 passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... uicc0 passed test CheckSDRefDom
Running enterprise tests on : uicc0.local
Starting test: Intersite
......................... uicc0.local passed test Intersite
Starting test: FsmoCheck
......................... uicc0.local passed test FsmoCheck
C:\WINDOWS\ServicePackFiles\amd64>
How many DCs do you have? Just the two?
> And by the way , I manage to transfer from data5 tio dc0 zones:
This shouldn't have been necessary, but I'm quite happy as long as that component works.
DC0 clearly needs the most attention. The most common causes for the error you have are:
1. Duplicate account (as suggested in the error message)
2. Name / IP are resolving to a different host
Did you get a chance to run the two nslookup commands to see what they return for DC0?
Chris
ASKER
so , here the output
from data5 :
C:\WINDOWS\ServicePackFile
Server: data5.uicc0.local
Address: 192.168.91.2
Name: dc0.uicc0.local
Address: 192.168.91.20
from dc0:
same output
Just same adds:
I find out that in DC0 we are missing ou like system and others , but data5 hass all.
So wy not tomake data5 GC and also the master role, them un install from dc0 the dc role , and re instaled.
Good idea?
from data5 :
C:\WINDOWS\ServicePackFile
Server: data5.uicc0.local
Address: 192.168.91.2
Name: dc0.uicc0.local
Address: 192.168.91.20
from dc0:
same output
Just same adds:
I find out that in DC0 we are missing ou like system and others , but data5 hass all.
So wy not tomake data5 GC and also the master role, them un install from dc0 the dc role , and re instaled.
Good idea?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I manage to change the server config so , now all my servers are point to 192.168.91.2 as DNS
But I seems to have a problem on data5
wen I open the DNS console , its try to connect to DC0 instead of him self.
Any ideA?
But I seems to have a problem on data5
wen I open the DNS console , its try to connect to DC0 instead of him self.
Any ideA?
ASKER
Hope you can help.
So , I manage to solve the dns console issue.
in same server I'm geting 1219 system error , when I try to logon with the admin domain credential which refuses, but I manage to log on with the local admin . any idea how to solve this ?
I have also problem with exchange 2007 server. will see that latter.
So , I manage to solve the dns console issue.
in same server I'm geting 1219 system error , when I try to logon with the admin domain credential which refuses, but I manage to log on with the local admin . any idea how to solve this ?
I have also problem with exchange 2007 server. will see that latter.
> when I try to logon with the admin domain credential which refuses, but I manage to log on with the local admin
I thought Data5 was a Domain Controller? Unless you booted into DirectoryService restore mode there's no such thing as Domain Admin.
What changes have you made so far? Only the DNS server?
Chris
As in the Forward Lookup Zone is gone? Otherwise exactly what is missing?
If that's all then I shouldn't worry too much, open the DNS Console and create a new version of your zone. Ensure you permit dynamic updates, then run this on your DCs:
ipconfig /registerdns
net stop netlogon && net start netlogon
And this one any other important system:
ipconfig /registerdns
Chris