indsupport
asked on
NtFrs Event ID 13508 13509 13512 13565
My environment is a network with the topology as follows:
Router to SonicWall FireWall
3 Domain Controllers - Main DC, Email Server Secondary DC and VPNServer 3rd DC which is our DHCP Server
I have a logon.bat script running and group policies running as well. Everything seems to be working decently, but I am not sure because the primary DC doesn't go down.
These warnings pop up all the time on all 3 machines and I wanted to finally get down to fixing them.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 2/17/2010
Time: 2:27:21 AM
User: N/A
Computer: MAIL
Description:
The File Replication Service is having trouble enabling replication from GLOBAL to MAIL for c:\windows\sysvol\domain using the DNS name GLOBAL.x.tv. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name GLOBAL.x.tv from this computer.
[2] FRS is not running on GLOBAL.x.tv.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00 00 00 ....
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13512
Date: 2/17/2010
Time: 2:25:37 AM
User: N/A
Computer: MAIL
Description:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer MAIL. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 8/6/2009
Time: 12:29:16 PM
User: N/A
Computer: MAIL
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer MAIL cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13509
Date: 8/6/2009
Time: 12:26:44 PM
User: N/A
Computer: MAIL
Description:
The File Replication Service has enabled replication from GLOBAL to MAIL for c:\windows\sysvol\domain after repeated retries.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Router to SonicWall FireWall
3 Domain Controllers - Main DC, Email Server Secondary DC and VPNServer 3rd DC which is our DHCP Server
I have a logon.bat script running and group policies running as well. Everything seems to be working decently, but I am not sure because the primary DC doesn't go down.
These warnings pop up all the time on all 3 machines and I wanted to finally get down to fixing them.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13508
Date: 2/17/2010
Time: 2:27:21 AM
User: N/A
Computer: MAIL
Description:
The File Replication Service is having trouble enabling replication from GLOBAL to MAIL for c:\windows\sysvol\domain using the DNS name GLOBAL.x.tv. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name GLOBAL.x.tv from this computer.
[2] FRS is not running on GLOBAL.x.tv.
[3] The topology information in the Active Directory for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 05 00 00 00 ....
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13512
Date: 2/17/2010
Time: 2:25:37 AM
User: N/A
Computer: MAIL
Description:
The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\windows\ntfrs\jet on the computer MAIL. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13565
Date: 8/6/2009
Time: 12:29:16 PM
User: N/A
Computer: MAIL
Description:
File Replication Service is initializing the system volume with data from another domain controller. Computer MAIL cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
To check for the SYSVOL share, at the command prompt, type:
net share
When File Replication Service completes the initialization process, the SYSVOL share will appear.
The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume, the availability of other domain controllers, and the replication interval between domain controllers.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Event Type: Warning
Event Source: NtFrs
Event Category: None
Event ID: 13509
Date: 8/6/2009
Time: 12:26:44 PM
User: N/A
Computer: MAIL
Description:
The File Replication Service has enabled replication from GLOBAL to MAIL for c:\windows\sysvol\domain after repeated retries.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
99.99% of all replication problems stem from a problem with DNS. Run DCdiag /v on both your "Global" Server and "Mail" server to find these DNS discrepancies. Once DNS is fixed, then restart the FRS service to reset the replication set. If this doesn't work, use the Authoritative Burflag for the PDCe and Non-Authoritative flag for any other DCs.
Prior to fixing the replication set, (I Don't care what Microsoft says), you have to fix DNS.
Prior to fixing the replication set, (I Don't care what Microsoft says), you have to fix DNS.
ASKER
ChiefIT:
Mail
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mail, is a DC.
* Connecting to directory service on server mail.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MA IL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MAIL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MA IL
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=x,DC= tv
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=x,DC= tv
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=x,DC=t v
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=x,DC=t v
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=x,DC=tv
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... MAIL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MAIL.
* Security Permissions Check for
DC=ForestDnsZones,DC=x,DC= tv
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=x,DC= tv
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=x,DC=t v
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=x,DC=t v
(Configuration,Version 2)
* Security Permissions Check for
DC=x,DC=tv
(Domain,Version 2)
......................... MAIL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MAIL\netlogon
Verified share \\MAIL\sysvol
......................... MAIL passed test NetLogons
Starting test: Advertising
The DC MAIL is advertising itself as a DC and having a DS.
The DC MAIL is advertising as an LDAP server
The DC MAIL is advertising as having a writeable directory
The DC MAIL is advertising as a Key Distribution Center
The DC MAIL is advertising as a time server
The DS MAIL is advertising as a GC.
......................... MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-Fi
rst-Site-Name,CN=Sites,CN= Configurat ion,DC=x,D C=tv
Role Domain Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-Fi
rst-Site-Name,CN=Sites,CN= Configurat ion,DC=x,D C=tv
Role PDC Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First
-Site-Name,CN=Sites,CN=Con figuration ,DC=x,DC=t v
Role Rid Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First
-Site-Name,CN=Sites,CN=Con figuration ,DC=x,DC=t v
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv er
s,CN=Default-First-Site-Na me,CN=Site s,CN=Confi guration,D C=x,DC=tv
......................... MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6605 to 1073741823
* GLOBAL.x.tv is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 5605 to 6104
* rIDPreviousAllocationPool is 5605 to 6104
* rIDNextRID: 5684
......................... MAIL passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MAIL on DC MAIL.
* SPN found :LDAP/mail.x.tv/x.tv
* SPN found :LDAP/mail.x.tv
* SPN found :LDAP/MAIL
* SPN found :LDAP/mail.x.tv/X
* SPN found :LDAP/febee1b4-c188-4389-8 b4b-fb561a 2deceb._ms dcs.x
.tv
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/febee1b4 -c188-4389 -8b
4b-fb561a2deceb/x.tv
* SPN found :HOST/mail.x.tv/x.tv
* SPN found :HOST/mail.x.tv
* SPN found :HOST/MAIL
* SPN found :HOST/mail.x.tv/X
* SPN found :GC/mail.x.tv/x.tv
......................... MAIL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MAIL passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MAIL is in domain DC=x,DC=tv
Checking for CN=MAIL,OU=Domain Controllers,DC=x,DC=tv in domain
DC=x,DC=tv on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MAIL,CN=Server s,CN=Defau lt-First-S ite-
Name,CN=Sites,CN=Configura tion,DC=x, DC=tv in domain CN=Configuration,DC=
x,DC=tv on 1 servers
Object is up-to-date on all servers.
......................... MAIL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MAIL passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... MAIL passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... MAIL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MAIL passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MAIL,OU=Domain Controllers,DC=x,DC=tv and backlink on
CN=MAIL,CN=Servers,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation
,DC=x,DC=tv
are correct.
The system object reference (frsComputerReferenceBL)
CN=MAIL,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=x,DC=tv
and backlink on CN=MAIL,OU=Domain Controllers,DC=x,DC=tv are
correct.
The system object reference (serverReferenceBL)
CN=MAIL,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=x,DC=tv
and backlink on
CN=NTDS Settings,CN=MAIL,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites
,CN=Configuration,DC=x,DC= tv
are correct.
......................... MAIL passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : x
Starting test: CrossRefValidation
......................... x passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... x passed test CheckSDRefDom
Running enterprise tests on : x.tv
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... x.tv passed test Intersite
Starting test: FsmoCheck
GC Name: \\mail.x.tv
Locator Flags: 0xe00001fc
PDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Time Server Name: \\mail.x.tv
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
KDC Name: \\mail.x.tv
Locator Flags: 0xe00001fc
......................... x.tv passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Everything passed -
GLOBAL
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GLOBAL, is a DC.
* Connecting to directory service on server GLOBAL.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GL OBAL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... GLOBAL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GL OBAL
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=x,DC= tv
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=x,DC= tv
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=x,DC=t v
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=x,DC=t v
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=x,DC=tv
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... GLOBAL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GLOBAL.
* Security Permissions Check for
DC=ForestDnsZones,DC=x,DC= tv
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=x,DC= tv
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=x,DC=t v
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=x,DC=t v
(Configuration,Version 2)
* Security Permissions Check for
DC=x,DC=tv
(Domain,Version 2)
......................... GLOBAL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GLOBAL\netlogon
Verified share \\GLOBAL\sysvol
......................... GLOBAL passed test NetLogons
Starting test: Advertising
The DC GLOBAL is advertising itself as a DC and having a DS.
The DC GLOBAL is advertising as an LDAP server
The DC GLOBAL is advertising as having a writeable directory
The DC GLOBAL is advertising as a Key Distribution Center
The DC GLOBAL is advertising as a time server
The DS GLOBAL is advertising as a GC.
......................... GLOBAL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-Fi
rst-Site-Name,CN=Sites,CN= Configurat ion,DC=x,D C=tv
Role Domain Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-Fi
rst-Site-Name,CN=Sites,CN= Configurat ion,DC=x,D C=tv
Role PDC Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First
-Site-Name,CN=Sites,CN=Con figuration ,DC=x,DC=t v
Role Rid Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First
-Site-Name,CN=Sites,CN=Con figuration ,DC=x,DC=t v
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv er
s,CN=Default-First-Site-Na me,CN=Site s,CN=Confi guration,D C=x,DC=tv
......................... GLOBAL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6605 to 1073741823
* GLOBAL.x.tv is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6105 to 6604
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1895
......................... GLOBAL passed test RidManager
Starting test: MachineAccount
Checking machine account for DC GLOBAL on DC GLOBAL.
* SPN found :LDAP/GLOBAL.x.tv/x.tv
* SPN found :LDAP/GLOBAL.x.tv
* SPN found :LDAP/GLOBAL
* SPN found :LDAP/GLOBAL.x.tv/X
* SPN found :LDAP/1118bba7-c165-4f1b-a 976-eb2e9f 9bc5aa._ms dcs.x
.tv
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1118bba7 -c165-4f1b -a9
76-eb2e9f9bc5aa/x.tv
* SPN found :HOST/GLOBAL.x.tv/x.tv
* SPN found :HOST/GLOBAL.x.tv
* SPN found :HOST/GLOBAL
* SPN found :HOST/GLOBAL.x.tv/X
* SPN found :GC/GLOBAL.x.tv/x.tv
......................... GLOBAL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GLOBAL passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GLOBAL is in domain DC=x,DC=tv
Checking for CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv in doma
in DC=x,DC=tv on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First -Sit
e-Name,CN=Sites,CN=Configu ration,DC= x,DC=tv in domain CN=Configuration,D
C=x,DC=tv on 1 servers
Object is up-to-date on all servers.
......................... GLOBAL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GLOBAL passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... GLOBAL passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GLOBAL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... GLOBAL passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv and backlink on
CN=GLOBAL,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config urati
on,DC=x,DC=tv
are correct.
The system object reference (frsComputerReferenceBL)
CN=GLOBAL,CN=Domain System Volume (SYSVOL share),CN=File Replication Se
rvice,CN=System,DC=x,DC=tv
and backlink on CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv are
correct.
The system object reference (serverReferenceBL)
CN=GLOBAL,CN=Domain System Volume (SYSVOL share),CN=File Replication Se
rvice,CN=System,DC=x,DC=tv
and backlink on
CN=NTDS Settings,CN=GLOBAL,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sit
es,CN=Configuration,DC=x,D C=tv
are correct.
......................... GLOBAL passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : x
Starting test: CrossRefValidation
......................... x passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... x passed test CheckSDRefDom
Running enterprise tests on : x.tv
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... x.tv passed test Intersite
Starting test: FsmoCheck
GC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
PDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
KDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
......................... x.tv passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
I have found no discrepencies..
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine mail, is a DC.
* Connecting to directory service on server mail.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MAIL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=x,DC=
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=x,DC=
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=x,DC=t
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=x,DC=tv
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... MAIL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MAIL.
* Security Permissions Check for
DC=ForestDnsZones,DC=x,DC=
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=x,DC=
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=x,DC=t
(Configuration,Version 2)
* Security Permissions Check for
DC=x,DC=tv
(Domain,Version 2)
......................... MAIL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MAIL\netlogon
Verified share \\MAIL\sysvol
......................... MAIL passed test NetLogons
Starting test: Advertising
The DC MAIL is advertising itself as a DC and having a DS.
The DC MAIL is advertising as an LDAP server
The DC MAIL is advertising as having a writeable directory
The DC MAIL is advertising as a Key Distribution Center
The DC MAIL is advertising as a time server
The DS MAIL is advertising as a GC.
......................... MAIL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
rst-Site-Name,CN=Sites,CN=
Role Domain Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
rst-Site-Name,CN=Sites,CN=
Role PDC Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
-Site-Name,CN=Sites,CN=Con
Role Rid Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
-Site-Name,CN=Sites,CN=Con
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
s,CN=Default-First-Site-Na
......................... MAIL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6605 to 1073741823
* GLOBAL.x.tv is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 5605 to 6104
* rIDPreviousAllocationPool is 5605 to 6104
* rIDNextRID: 5684
......................... MAIL passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MAIL on DC MAIL.
* SPN found :LDAP/mail.x.tv/x.tv
* SPN found :LDAP/mail.x.tv
* SPN found :LDAP/MAIL
* SPN found :LDAP/mail.x.tv/X
* SPN found :LDAP/febee1b4-c188-4389-8
.tv
* SPN found :E3514235-4B06-11D1-AB04-0
4b-fb561a2deceb/x.tv
* SPN found :HOST/mail.x.tv/x.tv
* SPN found :HOST/mail.x.tv
* SPN found :HOST/MAIL
* SPN found :HOST/mail.x.tv/X
* SPN found :GC/mail.x.tv/x.tv
......................... MAIL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MAIL passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MAIL is in domain DC=x,DC=tv
Checking for CN=MAIL,OU=Domain Controllers,DC=x,DC=tv in domain
DC=x,DC=tv on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MAIL,CN=Server
Name,CN=Sites,CN=Configura
x,DC=tv on 1 servers
Object is up-to-date on all servers.
......................... MAIL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MAIL passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... MAIL passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... MAIL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... MAIL passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MAIL,OU=Domain Controllers,DC=x,DC=tv and backlink on
CN=MAIL,CN=Servers,CN=Defa
,DC=x,DC=tv
are correct.
The system object reference (frsComputerReferenceBL)
CN=MAIL,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=x,DC=tv
and backlink on CN=MAIL,OU=Domain Controllers,DC=x,DC=tv are
correct.
The system object reference (serverReferenceBL)
CN=MAIL,CN=Domain System Volume (SYSVOL share),CN=File Replication Serv
ice,CN=System,DC=x,DC=tv
and backlink on
CN=NTDS Settings,CN=MAIL,CN=Server
,CN=Configuration,DC=x,DC=
are correct.
......................... MAIL passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : x
Starting test: CrossRefValidation
......................... x passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... x passed test CheckSDRefDom
Running enterprise tests on : x.tv
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... x.tv passed test Intersite
Starting test: FsmoCheck
GC Name: \\mail.x.tv
Locator Flags: 0xe00001fc
PDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Time Server Name: \\mail.x.tv
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
KDC Name: \\mail.x.tv
Locator Flags: 0xe00001fc
......................... x.tv passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Everything passed -
GLOBAL
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GLOBAL, is a DC.
* Connecting to directory service on server GLOBAL.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GL
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... GLOBAL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GL
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=x,DC=
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=DomainDnsZones,DC=x,DC=
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
CN=Configuration,DC=x,DC=t
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
DC=x,DC=tv
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0 had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... GLOBAL passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GLOBAL.
* Security Permissions Check for
DC=ForestDnsZones,DC=x,DC=
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=x,DC=
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=x,DC=t
(Configuration,Version 2)
* Security Permissions Check for
DC=x,DC=tv
(Domain,Version 2)
......................... GLOBAL passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GLOBAL\netlogon
Verified share \\GLOBAL\sysvol
......................... GLOBAL passed test NetLogons
Starting test: Advertising
The DC GLOBAL is advertising itself as a DC and having a DS.
The DC GLOBAL is advertising as an LDAP server
The DC GLOBAL is advertising as having a writeable directory
The DC GLOBAL is advertising as a Key Distribution Center
The DC GLOBAL is advertising as a time server
The DS GLOBAL is advertising as a GC.
......................... GLOBAL passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
rst-Site-Name,CN=Sites,CN=
Role Domain Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
rst-Site-Name,CN=Sites,CN=
Role PDC Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
-Site-Name,CN=Sites,CN=Con
Role Rid Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
-Site-Name,CN=Sites,CN=Con
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GLOBAL,CN=Serv
s,CN=Default-First-Site-Na
......................... GLOBAL passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6605 to 1073741823
* GLOBAL.x.tv is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6105 to 6604
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1895
......................... GLOBAL passed test RidManager
Starting test: MachineAccount
Checking machine account for DC GLOBAL on DC GLOBAL.
* SPN found :LDAP/GLOBAL.x.tv/x.tv
* SPN found :LDAP/GLOBAL.x.tv
* SPN found :LDAP/GLOBAL
* SPN found :LDAP/GLOBAL.x.tv/X
* SPN found :LDAP/1118bba7-c165-4f1b-a
.tv
* SPN found :E3514235-4B06-11D1-AB04-0
76-eb2e9f9bc5aa/x.tv
* SPN found :HOST/GLOBAL.x.tv/x.tv
* SPN found :HOST/GLOBAL.x.tv
* SPN found :HOST/GLOBAL
* SPN found :HOST/GLOBAL.x.tv/X
* SPN found :GC/GLOBAL.x.tv/x.tv
......................... GLOBAL passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GLOBAL passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GLOBAL is in domain DC=x,DC=tv
Checking for CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv in doma
in DC=x,DC=tv on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GLOBAL,CN=Serv
e-Name,CN=Sites,CN=Configu
C=x,DC=tv on 1 servers
Object is up-to-date on all servers.
......................... GLOBAL passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GLOBAL passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... GLOBAL passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GLOBAL passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... GLOBAL passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv and backlink on
CN=GLOBAL,CN=Servers,CN=De
on,DC=x,DC=tv
are correct.
The system object reference (frsComputerReferenceBL)
CN=GLOBAL,CN=Domain System Volume (SYSVOL share),CN=File Replication Se
rvice,CN=System,DC=x,DC=tv
and backlink on CN=GLOBAL,OU=Domain Controllers,DC=x,DC=tv are
correct.
The system object reference (serverReferenceBL)
CN=GLOBAL,CN=Domain System Volume (SYSVOL share),CN=File Replication Se
rvice,CN=System,DC=x,DC=tv
and backlink on
CN=NTDS Settings,CN=GLOBAL,CN=Serv
es,CN=Configuration,DC=x,D
are correct.
......................... GLOBAL passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : x
Starting test: CrossRefValidation
......................... x passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... x passed test CheckSDRefDom
Running enterprise tests on : x.tv
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... x.tv passed test Intersite
Starting test: FsmoCheck
GC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
PDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
KDC Name: \\GLOBAL.x.tv
Locator Flags: 0xe00003fd
......................... x.tv passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
I have found no discrepencies..
Now, let's check DNS:
DCDiag /test:DNS
is the command.
DCDiag /test:DNS
is the command.
ASKER
ChiefIT
This server has a separate Ethernet card because it is also used on the "DMZ"
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GL OBAL
Starting test: Connectivity
......................... GLOBAL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GL OBAL
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : x
Running enterprise tests on : x.tv
Starting test: DNS
Test results for domain controllers:
DC: GLOBAL.x.tv
Domain: x.tv
TEST: Basic (Basc)
Warning: adapter [00000007] Intel(R) PRO/1000 MT Network Conne
ction has invalid DNS server: 64.52.70.15 (<name unavailable>)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 64.52.70.15 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 64.52.70.15
Name resolution is not functional. _ldap._tcp.x.tv. faile
d on the DNS server 64.52.70.15
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: x.tv
GLOBAL PASS WARN PASS PASS PASS PASS n/a
......................... x.tv passed test DNS
This server has a separate Ethernet card because it is also used on the "DMZ"
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GL
Starting test: Connectivity
......................... GLOBAL passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GL
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : x
Running enterprise tests on : x.tv
Starting test: DNS
Test results for domain controllers:
DC: GLOBAL.x.tv
Domain: x.tv
TEST: Basic (Basc)
Warning: adapter [00000007] Intel(R) PRO/1000 MT Network Conne
ction has invalid DNS server: 64.52.70.15 (<name unavailable>)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 64.52.70.15 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 64.52.70.15
Name resolution is not functional. _ldap._tcp.x.tv. faile
d on the DNS server 64.52.70.15
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: x.tv
GLOBAL PASS WARN PASS PASS PASS PASS n/a
......................... x.tv passed test DNS
>>>Name resolution is not functional. _ldap._tcp.x.tv. failed on the DNS server 64.52.70.15
It appears that this domain controller does not have a full set of SRV records registered in DNS. It is looking for the LDAP server (authentication server). Because of this discrepancy. You will get KCC errors and problems with replications, Do you know of this server? If not, you have FRS metadata to clean up and that should unlock FRS replications.
Since this says (IN ADDRESS ARPA, that problem exists in the REVERSE LOOKUP of your DNS server)
How do remove FRS metadata:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Also check for AD and DNS metadata.
That answer above assumes you don't want that server as a domain server. If you know of this server and want it on as a domain server go to the server's command prompt and type:
Net stop Netlogon
Net start Netlogon
DCdiag /fix:DNS (to make sure all is good)
Once done force replicate to all other servers.
If replication does not work, you will have to use the Burflag method as MKline described to reset the replication process. Just remember that authoritative is for your PDCe, Non-authoritative is for your other DCs.
It appears that this domain controller does not have a full set of SRV records registered in DNS. It is looking for the LDAP server (authentication server). Because of this discrepancy. You will get KCC errors and problems with replications, Do you know of this server? If not, you have FRS metadata to clean up and that should unlock FRS replications.
Since this says (IN ADDRESS ARPA, that problem exists in the REVERSE LOOKUP of your DNS server)
How do remove FRS metadata:
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
Also check for AD and DNS metadata.
That answer above assumes you don't want that server as a domain server. If you know of this server and want it on as a domain server go to the server's command prompt and type:
Net stop Netlogon
Net start Netlogon
DCdiag /fix:DNS (to make sure all is good)
Once done force replicate to all other servers.
If replication does not work, you will have to use the Burflag method as MKline described to reset the replication process. Just remember that authoritative is for your PDCe, Non-authoritative is for your other DCs.
ASKER
Fixed the DCDiag DNS test, but the ntfrs problem still exists
This is something that was done fairly recently, so I do not think it's a factor in the issue because I've been experiencing it for some time before this.
This is something that was done fairly recently, so I do not think it's a factor in the issue because I've been experiencing it for some time before this.
It appears that Sysvol on the mail server hasn't initialized because of the DNS discrepancy. With that fixed, Try rebooting the Mail server and see if it initializes, (hence making it a real DC).
ASKER
That issue was on GLOBAL, does that matter?
Like i said, the DNS issue is newer than the Ntfrs issue
Like i said, the DNS issue is newer than the Ntfrs issue
That's hard to fathom that the Sysvol hasn't initialized. I assume GLOBAL is your PDCe, that holds the roles. You might have a little corrupt data within Sysvol.
Any 1030 and 1058 Events? 1058 events will help us locate the corrupt or missing data in Sysvol.
You might also check the permissions on the sysvol by going to the command prompt on Global and typing.
DCdiag /test:netlogons
Any 1030 and 1058 Events? 1058 events will help us locate the corrupt or missing data in Sysvol.
You might also check the permissions on the sysvol by going to the command prompt on Global and typing.
DCdiag /test:netlogons
Are you aware about Auth (D4) and Non-auth (D2) restore,if yes go ahead with it.
-Prior to that please make sure that sysvol is backed up(copy and paste) on each DC.
http://support.microsoft.com/kb/290762
ASKER
Need to continue working on this
Working on a few projects but will keep everyone posted on whats up
Working on a few projects but will keep everyone posted on whats up
Exclude Sysvol & netlogon from antivirus scan & also disable indexing search on drive containing sysvol & netlogon share on dc.