jdfuller
asked on
Exchange 2010 Won't Send to WAN
Exchange 2010 on Server 2008 ::: New install ::: Domain pointed and mail is being received but cannot send to WAN; only LAN. Accepted domain(s) are in. Ports 80, 443, 25, and 110 are open and running in service (Sonicwall) set up by Public Service Wizard (then modified to include these, by the way!) ::: Connector has been created. ::: 12 clients.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Subject: Test from iPod Exch to nctv
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.
This message hasn't been delivered yet. Delivery will continue to be attempted.
The server will keep trying to deliver this message for the next 1 days, 19 hours and 57 minutes. You'll be notified if the message can't be delivered by that time.
ASKER
These messages just time out. I get a further message saying it couldn't be delivered. Sounds like the firewall won't let it out. It'll go internal, no problem. Seems like Exchange isn't the problem.
ASKER
CORRECTION ::: Mail does NOT go in either. I just tried it.
user@mail.domain.org
SMTP error from remote mail server after RCPT TO:<user@mail.domain.org>:
host mail.domain.org [x.x.111.196]: 550 5.7.1 Unable to relay
user@mail.domain.org
SMTP error from remote mail server after RCPT TO:<user@mail.domain.org>:
host mail.domain.org [x.x.111.196]: 550 5.7.1 Unable to relay
When the messages are not delivered are they stuck in the SMTP queue of exchange?
ASKER
I just tried telnet on 25, 110, 443, 80 and 587. No connect. These were connecting last week. I have email fron the outside. It was working. I did plug in a Barracuda Spam/Email filter appliance about that time but the router is NOT pointed to it yet. Could it be stopping the incoming and outgoing. I had it configured and unplugged from the network while I was getting exchange working. I had planned to repoint the Exchange Service on the SOnicwall to the Barracuda remotely so I plugged it in and left that chore for another time. I specifically set it up to ignore outgoing mail.
ASKER
Let me check. Where in the EMC is it? I see a Queue Length (Copy and Replay), both columns are 0.
I think you have a barracuda/sonicwall configuration issue. I've been involved in a couple of these conversations here on EE and they can get quite hairy. Here are the links to those...hope they help.
https://www.experts-exchange.com/viewQuestion.jsp?qid=26264949
https://www.experts-exchange.com/viewQuestion.jsp?qid=26282994
https://www.experts-exchange.com/viewQuestion.jsp?qid=26264949
https://www.experts-exchange.com/viewQuestion.jsp?qid=26282994
ASKER
Maybe my receive connector isn't set right. I had to correct it once already. I had an address range 0.0.0.0-255.255.255.255 and had to set it to * in some other properties box. I do want to receive on port 25, yes?
yes...port 25 is smtp.
ASKER
I do have an SMTP send connector. Telnet used to connect on 25. I am curious why it has stopped listening.
ASKER
This I found in the event log after sending the email from OWA. I have installed this certificate per the instructions and it exists in the proper folder.
Microsoft Exchange could not find a certificate that contains the domain name mail.domain.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector domain.org with a FQDN parameter of mail.domain.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
Where is the Enable-ExchangeCertificate -Services SMTP ?
Microsoft Exchange could not find a certificate that contains the domain name mail.domain.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector domain.org with a FQDN parameter of mail.domain.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
Where is the Enable-ExchangeCertificate
they are talking about running it in the powershell for exchange. you'll find that under Exchange Program Group under the start menu.
http://technet.microsoft.com/en-us/library/aa997231.aspx
http://technet.microsoft.com/en-us/library/aa997231.aspx
Did you create a ceritificate through Powershell?
Example code below.
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=SomeOrganization, cn=mail1.yourompany.com" -DomainName yourcompanydomainname.com, example.com -PrivateKeyExportable
Also if you could telnet before and can't now did you install recent AV software? Sometimes that is the culprit.
Example code below.
New-ExchangeCertificate -GenerateRequest -SubjectName "c=US, o=SomeOrganization, cn=mail1.yourompany.com" -DomainName yourcompanydomainname.com,
Also if you could telnet before and can't now did you install recent AV software? Sometimes that is the culprit.
ASKER
Yeah. Checked that. Have Trend installed but way before problem started. Copied the cert from the personal folder to the trusted root cert. auth like the technet told me to. I notice, however, that the domain.org isn't there only the server.domain.local cert and the server name cert. Should i have a domain.org cert?
ASKER
Enable-ExchangeCertificate -Services SMTP wants a Thumbprint. I know where that is but which one do I use?
The error should indicate the thumbprint it's looking for. You'll want to compare with the existing certificates and match up the thumbprint.
ASKER
Digi ::: We have met in another rhealm. I am barracude guy. Its not in yet so this is just exchange problem (or me) right now. I'll check the error log. I don't see a thumbprint. I went through that procedure before to get the cert I needed but then I had the thumbprint as you say and I kept looking until I found it then copied it into the Root Trust Folder. I did it for the .local domain, though. I don't have one i nthere for the mail.domain.org name. Is that necessary, too? If so, I don't have one to copy.
Ochom's Razor ::: I feel like I am making this too difficult - or it just is.
Ochom's Razor ::: I feel like I am making this too difficult - or it just is.
Yes, I remember you...barracuda guy...>GRIN<. Here are steps for getting the thumbprint. Once you have the cert installed on the local server, then you should be able to run the command in the steps to reveal the thumbprint.
Hi,
Are you getting the error with event id 12014 if yes than follow these steps.
1. Open "Exchange Management Shell ".
2. Write "get-ExchangeCertificate " and press on "Enter " button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and each certificate function.
5. EXAMPLE: Write "Enable-ExchangeCertificat e -Thumbprint 2afd26617915932ad096c48eb3 b847fc7457 662 -Services "SMTP"
and press on 'Enter " button.
* The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
I hope this will work for you.
Regards.
Shafaquat Ali.
Ref: http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/c3552359-dfa5-42b3-bdc4-085741760e23
Hi,
Are you getting the error with event id 12014 if yes than follow these steps.
1. Open "Exchange Management Shell ".
2. Write "get-ExchangeCertificate " and press on "Enter " button.
3. Write down the Thumbprint of the certificate that reflect the required FQDN name of the server.
4. Review the current certificate that use by the Exchange server and each certificate function.
5. EXAMPLE: Write "Enable-ExchangeCertificat
and press on 'Enter " button.
* The value of -Thumbprint obtained in stage 3.
6. Restart the Exchange server.
I hope this will work for you.
Regards.
Shafaquat Ali.
Ref: http://social.technet.microsoft.com/Forums/en/exchangesvrdeploy/thread/c3552359-dfa5-42b3-bdc4-085741760e23
ASKER
Digi ::: I get the following. No restart made because of error. What does this tell us?
[PS] C:\Windows\system32>get-Ex changeCert ificate
Thumbprint Services Subject
---------- -------- -------
2FA7135918D40F2A787FE504E0 92B9B3C723 3E83 IP.WS. CN=WPBCDC01
[PS] C:\Windows\system32>Enable -ExchangeC ertificate -Thumbprint 2FA7135918d40f2a787fe504e0 92b9b3c723 3e38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918d40f2a787fe504e0 92b9b3c723 3e38 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificat e], InvalidOperationException
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableExchan geCertific at
e
[PS] C:\Windows\system32>Enable -ExchangeC ertificate -Thumbprint 2FA7135918D40F2A787fE504E0 92B9B3C723 3E38 -Services "SMTP
"
The certificate with thumbprint 2FA7135918D40F2A787fE504E0 92B9B3C723 3E38 was not found.
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificat e], InvalidOperationException
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchang e.Manageme nt.SystemC onfigurati onTasks.En ableExchan geCertific at
e
[PS] C:\Windows\system32>
[PS] C:\Windows\system32>get-Ex
Thumbprint Services Subject
---------- -------- -------
2FA7135918D40F2A787FE504E0
[PS] C:\Windows\system32>Enable
"
The certificate with thumbprint 2FA7135918d40f2a787fe504e0
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchang
e
[PS] C:\Windows\system32>Enable
"
The certificate with thumbprint 2FA7135918D40F2A787fE504E0
+ CategoryInfo : ObjectNotFound: (:) [Enable-ExchangeCertificat
+ FullyQualifiedErrorId : 78D09DD3,Microsoft.Exchang
e
[PS] C:\Windows\system32>
Maybe the cert hasn't been imported properly. Review this and let me know what you think.
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
http://technet.microsoft.com/en-us/library/bb124424.aspx
http://technet.microsoft.com/en-us/library/dd351183.aspx
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
http://technet.microsoft.com/en-us/library/bb124424.aspx
http://technet.microsoft.com/en-us/library/dd351183.aspx
ASKER
The article shows a cert I don't have. I don't have a digital cert to download or in a zip file, only what exchange installs. We don't require the clients to use one either. There is a setting in the OL client for that under options but we don't use it. I did refresh the cert I do have and it replaced the thumbprint I put in the past post with a new one and said it completed successfully. I cannot send out from exchange, still, however.
ASKER
I am able to telnet 25 now. I'll try the exchange analyzer again. I couldn't before because port 25 was not listening before. I don't know what fixed or when since last Friday.
thinking the refresh probably did it...looking foreward to the analyzer results.
ASKER
Digi ::: Check this out. Insufficient system storage? We have tons of space. I'll check again. This is a new server.
Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
Delivery of the test message failed.
Additional Details
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Type: System.Net.Mail.SmtpExcept ion
Stack trace:
at System.Net.Mail.MailComman d.CheckRes ponse(Smtp StatusCode statusCode, String response)
at System.Net.Mail.SmtpTransp ort.SendMa il(MailAdd ress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientExcepti on& exception)
at System.Net.Mail.SmtpClient .Send(Mail Message message)
at Microsoft.Exchange.Tools.E xRca.Tests .SmtpMessa geTest.Per formTestRe ally()
Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
Delivery of the test message failed.
Additional Details
Server returned status code 452 - Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Exception details:
Message: Insufficient system storage. The server response was: 4.3.1 Insufficient system resources
Type: System.Net.Mail.SmtpExcept
Stack trace:
at System.Net.Mail.MailComman
at System.Net.Mail.SmtpTransp
at System.Net.Mail.SmtpClient
at Microsoft.Exchange.Tools.E
ASKER
4 of 8 G B Ram in use. 50% of 500GB HDD Used.
ASKER
Port 25 not available again.
hi jdfuller
on exchange system manager
go to toolbox > Best Practices Analyzer
please run a health scan and save the report (.html)
Please upload the report here.
thanks
on exchange system manager
go to toolbox > Best Practices Analyzer
please run a health scan and save the report (.html)
Please upload the report here.
thanks
ASKER
Roger that. Stand by...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
File attached. Had trouble w export then cut & paste to local screen. Sent .doc. Standing by.
Exchange-Analyzer-Best-Practices.doc
Exchange-Analyzer-Best-Practices.doc
ok.
Let me know about verizon and ExRCA test connectivity.
thanks
Let me know about verizon and ExRCA test connectivity.
thanks
Also
Go to your DC
start > run > type
cmd
type this
dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt
Upload the dcdiagdns.txt file here.
thanks
Go to your DC
start > run > type
cmd
type this
dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt
Upload the dcdiagdns.txt file here.
thanks
hi.
I think you uploaded the run-time log. I was talking about BPA reports.
After you view the report - it displays an option to Export the report as .HTM.
Please select that.
Also you can just copy paste it here.
thanks
I think you uploaded the run-time log. I was talking about BPA reports.
After you view the report - it displays an option to Export the report as .HTM.
Please select that.
Also you can just copy paste it here.
thanks
I am going to step out for 45 mins. Will check back here for updates.
thanks
thanks
hi jdfuller
let me know if you tried those steps. Please post back updates.
thanks
let me know if you tried those steps. Please post back updates.
thanks
ASKER
Experts. Appreciate the patience. This is a primary effort however I must do it after hours so time does pass before the next post.
Sunnyc7::: I ran the bpa scan as requested and saw the export tab to which you refer. I saw a lot of dns errors. Is that the file you saw? I will cut and paste this time. I exported from the scan but I suppose I could have attached the wrong file. I will post again shortly. It is 10:16pm PST.
Sunnyc7::: I ran the bpa scan as requested and saw the export tab to which you refer. I saw a lot of dns errors. Is that the file you saw? I will cut and paste this time. I exported from the scan but I suppose I could have attached the wrong file. I will post again shortly. It is 10:16pm PST.
ASKER
Btw ::: we are AT&T connected and have the famous Comcast 2wire modem. Speeds are excellent.
ASKER
MXToolbox gets same message in previous scan. SBCGLOBAL.NET is AT&T for us here in Fresno, CA
Not an open relay.
0 seconds - Good on Connection time
10.327 seconds - Not good! on Transaction time
OK - 99.3.111.196 resolves to 99-3-111-196.lightspeed.fr snca.sbcgl obal.net
Warning - Reverse DNS does not match SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb ox.com
250 WPBCDC01.WPBC.local Hello [64.20.227.133] [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
452 4.3.1 Insufficient system resources [5086 ms]
RCPT TO: <test@example.com>
503 5.5.2 Need mail command [5086 ms]
QUIT
221 2.0.0 Service closing transmission channel [78 ms]
Not an open relay.
0 seconds - Good on Connection time
10.327 seconds - Not good! on Transaction time
OK - 99.3.111.196 resolves to 99-3-111-196.lightspeed.fr
Warning - Reverse DNS does not match SMTP Banner
Session Transcript:
HELO please-read-policy.mxtoolb
250 WPBCDC01.WPBC.local Hello [64.20.227.133] [78 ms]
MAIL FROM: <supertool@mxtoolbox.com>
452 4.3.1 Insufficient system resources [5086 ms]
RCPT TO: <test@example.com>
503 5.5.2 Need mail command [5086 ms]
QUIT
221 2.0.0 Service closing transmission channel [78 ms]
ASKER
Health Check returns this. The TechNet page on how to resolve it says to run the DOmain Prep. Doesn't that run on install for Exch 2010?
Domain: WPBC
Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.
Domain: WPBC
Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.
ASKER
Does this help? See image...
DNS-Settings.jpg
DNS-Settings.jpg
hi
a) Can you post the whole BPA file.
b) also from dos prompt run these 2 commands and upload the files here.
go to start > run
type
dcdiag /v /e > c:\dcdiag1.txt
dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt
thanks
a) Can you post the whole BPA file.
b) also from dos prompt run these 2 commands and upload the files here.
go to start > run
type
dcdiag /v /e > c:\dcdiag1.txt
dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt
thanks
ASKER
sunnyc7 ::: Please excuse me for my ignorance but that is all the file returned. Looks like it ran into a snag and didn't proceed. Let me run the other commands and get them up here pronto.
hey dude thats fine.
I think you posted the wrong BPA file
Can you run it again and copy paste the output here.
thanks
I think you posted the wrong BPA file
Can you run it again and copy paste the output here.
thanks
ASKER
I'm giving up! Now I export it again from the same scan I ran last night - left the session open even - and I get much more. Here you go.
::: REPORT :::
All Issues
Domain: WPBC
Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.
Organization: WPBC
Offline address book site public folder missing Organization: WPBC
The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=Public Folder Database 1308425847,CN=Databases,CN =Exchange Administrative Group (FYDIBOHF23SPDLT),CN=Admin istrative Groups,CN=WPBC,CN=Microsof t Exchange,CN=Services,CN=Co nfiguratio n,DC=WPBC, DC=local.
Tell me more about this issue and how to resolve it.
Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)
Server: WPBCDC01
DNS 'Host' record appears to be missing Server: WPBCDC01
The 'Host' (A) record for server WPBCDC01.WPBC.local cannot be retrieved from DNS server '68.94.156.1'. This can cause message routing delays and other service failures. Verify that the DNS server is online and that the 'Host' record is present.
Tell me more about this issue and how to resolve it.
Application log size Server: WPBCDC01
As a best practice, the size of the 'Application' log on server WPBCDC01.WPBC.local should be increased. The current size is 20MB. For servers running Microsoft Exchange, a size of 40MB or more is recommended.
Tell me more about this setting.
Exchange resident on global catalog server Server: WPBCDC01
Exchange server WPBCDC01.WPBC.local is also a global catalog server. This is a supported configuration, but is not recommended.
Tell me more about this setting.
::: REPORT :::
All Issues
Domain: WPBC
Unrecognized Exchange signature Domain: WPBC
Active Directory domain 'WPBC' has an unrecognized Exchange signature. Current DomainPrep version: 12639.
Tell me more about this issue and how to resolve it.
Organization: WPBC
Offline address book site public folder missing Organization: WPBC
The public folder store where the site offline address book is hosted was not detected. The hosting server may be unreachable or the public folder store does not exist. Public folder store: CN=Public Folder Database 1308425847,CN=Databases,CN
Tell me more about this issue and how to resolve it.
Admin Group: Exchange Administrative Group (FYDIBOHF23SPDLT)
Server: WPBCDC01
DNS 'Host' record appears to be missing Server: WPBCDC01
The 'Host' (A) record for server WPBCDC01.WPBC.local cannot be retrieved from DNS server '68.94.156.1'. This can cause message routing delays and other service failures. Verify that the DNS server is online and that the 'Host' record is present.
Tell me more about this issue and how to resolve it.
Application log size Server: WPBCDC01
As a best practice, the size of the 'Application' log on server WPBCDC01.WPBC.local should be increased. The current size is 20MB. For servers running Microsoft Exchange, a size of 40MB or more is recommended.
Tell me more about this setting.
Exchange resident on global catalog server Server: WPBCDC01
Exchange server WPBCDC01.WPBC.local is also a global catalog server. This is a supported configuration, but is not recommended.
Tell me more about this setting.
ASKER
DNS Record Missing ::: This is why I posted the snapshot last night of the DNS seeting from the CMC.
ASKER
::: dcdiag /v /e > c:\dcdiag1.txt :::
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... WPBCDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
This is interesting:
a) How did you install Exchange 2010 on this server.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx
b) Run dcdiag command i gave you above. there are more errors on your way.
I think your exchange is incorrectly setup.
Please provide details on what guides you used to setup exchange.
thanks
a) How did you install Exchange 2010 on this server.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx
b) Run dcdiag command i gave you above. there are more errors on your way.
I think your exchange is incorrectly setup.
Please provide details on what guides you used to setup exchange.
thanks
ASKER
::: dcdiag /v /e /TEST:DNS > c:\dcdiag2.txt :::
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC ategory=nt DSSiteSett ings),.... ...
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC lass=ntDSD sa),...... .
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... WPBCDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP BCDC01
Skipping all tests, because server WPBCDC01 is not responding to
directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition (DC=ForestDnsZones,DC=WPBC ,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=1e20e2d8-fcbe-4d28-907 2-49449061 3fa6,CN=Pa rtitions,C N=Configur ation,DC=W PBC,DC=loc al)
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=ForestDnsZones,DC=WPBC ,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=1e20e2d8-fcbe-4d28-907 2-49449061 3fa6,CN=Pa rtitions,C N=Configur ation,DC=W PBC,DC=loc al)
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition (DC=DomainDnsZones,DC=WPBC ,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=87d4280f-8a0e-46ab-884 e-24f0721c fb11,CN=Pa rtitions,C N=Configur ation,DC=W PBC,DC=loc al)
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=DomainDnsZones,DC=WPBC ,DC=local) we
encountered the following error retrieving the cross-ref's
(CN=87d4280f-8a0e-46ab-884 e-24f0721c fb11,CN=Pa rtitions,C N=Configur ation,DC=W PBC,DC=loc al)
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Schema,CN=Configuratio n,DC=WPBC, DC=local) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Co nfiguratio n,DC=WPBC, DC=local)
information:
LDAP Error 0x3a (58).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Configuration,DC=WPBC, DC=local) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partition s,CN=Confi guration,D C=WPBC,DC= local)
information:
LDAP Error 0x3a (58).
......................... Configuration failed test CrossRefValidation
Running partition tests on : WPBC
Starting test: CheckSDRefDom
......................... WPBC passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=WPBC,DC=local) we encountered the following
error retrieving the cross-ref's
(CN=WPBC,CN=Partitions,CN= Configurat ion,DC=WPB C,DC=local )
information:
LDAP Error 0x3a (58).
......................... WPBC failed test CrossRefValidation
Running enterprise tests on : WPBC.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... WPBC.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... WPBCDC01 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Skipping all tests, because server WPBCDC01 is not responding to
directory service requests.
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition (DC=ForestDnsZones,DC=WPBC
encountered the following error retrieving the cross-ref's
(CN=1e20e2d8-fcbe-4d28-907
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=ForestDnsZones,DC=WPBC
encountered the following error retrieving the cross-ref's
(CN=1e20e2d8-fcbe-4d28-907
information:
LDAP Error 0x3a (58).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition (DC=DomainDnsZones,DC=WPBC
encountered the following error retrieving the cross-ref's
(CN=87d4280f-8a0e-46ab-884
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=DomainDnsZones,DC=WPBC
encountered the following error retrieving the cross-ref's
(CN=87d4280f-8a0e-46ab-884
information:
LDAP Error 0x3a (58).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Schema,CN=Configuratio
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Co
information:
LDAP Error 0x3a (58).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (CN=Configuration,DC=WPBC,
encountered the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partition
information:
LDAP Error 0x3a (58).
......................... Configuration failed test CrossRefValidation
Running partition tests on : WPBC
Starting test: CheckSDRefDom
......................... WPBC passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=WPBC,DC=local) we encountered the following
error retrieving the cross-ref's
(CN=WPBC,CN=Partitions,CN=
information:
LDAP Error 0x3a (58).
......................... WPBC failed test CrossRefValidation
Running enterprise tests on : WPBC.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... WPBC.local passed test Intersite
let me go through this.
i think there is some fundamental problem in which your Exchange was setup. Please reply to my prior post.
thanks
i think there is some fundamental problem in which your Exchange was setup. Please reply to my prior post.
thanks
ASKER
NOTE ::: The tests above are reversed. The frist post is dcdiag2.txt and the second post is actually dcdiag1.txt.
Sorry for the confusion. Trying to do it too fast.
Sorry for the confusion. Trying to do it too fast.
Your DNS is not setup.
Your AD is not integrated with DNS
a) How did you install Windows Server 2008 and setup Active Directory.
Was this a fresh install, or is this a new setup, where you buy hardware and setup everything from scratch.
we've a long way to go my friend.
Your AD is not integrated with DNS
a) How did you install Windows Server 2008 and setup Active Directory.
Was this a fresh install, or is this a new setup, where you buy hardware and setup everything from scratch.
we've a long way to go my friend.
Both tests failed. see my prior posts and let me know.
thanks
digitap @ I hope you are still here and following this.
thanks
digitap @ I hope you are still here and following this.
ASKER
I looked throught the report and saw the DNS resolution error so tried the nslookup on the server. :::
C:\Users\Administrator>nsl ookup WPBCDC01
Server: UnKnown
Address: 192.168.1.210
Name: WPBCDC01.WPBC.local
Address: 192.168.1.210
C:\Users\Administrator>
C:\Users\Administrator>nsl
Server: UnKnown
Address: 192.168.1.210
Name: WPBCDC01.WPBC.local
Address: 192.168.1.210
C:\Users\Administrator>
ASKER
Setup was done by dell. All I did was define rolls. Set it up as primary AD and DHCP and DNS server using wizards. Added File Services after that then added Exchange. All using the setup.exe's.
This was a clean box. New install.
This was a clean box. New install.
ASKER
DNS errors abound in the event log. News flash! Says I should reset it up. You think?
ok.
do you mean dell came in remotely at $250/hr to set-up your AD / DNS and Exchange ?
If it came pre-installed with windows - that doesnt mean setup was done by dell.
Please see this post.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx
Let me think about how to best proceede with this. Give me a day or so.
do you mean dell came in remotely at $250/hr to set-up your AD / DNS and Exchange ?
If it came pre-installed with windows - that doesnt mean setup was done by dell.
Please see this post.
Did you follow these steps.
http://technet.microsoft.com/en-us/library/bb125224.aspx
Let me think about how to best proceede with this. Give me a day or so.
JD
a) Put the Windows 2008 DVD in the drive and run adprep
This will run through the process of installing a domain etc.
check this step-by step guide
http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/
MS REF
http://technet.microsoft.com/en-us/library/cc725611(WS.10).aspx
b) Step by step guide to install Exchange by Amit Tank MVP
http://www.messagingtalk.org/exchange-2010-rc-quick-installation-guide
MS REF
http://technet.microsoft.com/en-us/library/dd351084.aspx
Hope this helps.
a) Put the Windows 2008 DVD in the drive and run adprep
This will run through the process of installing a domain etc.
check this step-by step guide
http://www.windowsreference.com/windows-server-2008/step-by-step-guide-for-windows-server-2008-domain-controller-and-dns-server-setup/
MS REF
http://technet.microsoft.com/en-us/library/cc725611(WS.10).aspx
b) Step by step guide to install Exchange by Amit Tank MVP
http://www.messagingtalk.org/exchange-2010-rc-quick-installation-guide
MS REF
http://technet.microsoft.com/en-us/library/dd351084.aspx
Hope this helps.
ASKER
No the system was installed without any services. I added the roles, AD, DNS, DHCP, Print Services, Files Services. Then installed Exchange 2010 when I was done with the role additions.
ASKER
What will reinstalling the domain, on top of what is there already, do?
ASKER
I did those steps exactly. I have installed three Server 2008's w ADS and associated services. Never on with Exchange 2010. I feel comfortable that ADS was installed with DNS properly but the report says otherwise, I realize.
Let me ask you this.
a) if there is nothing on the server - no data / no mails, you aint risking anything.
b) If there is --> take a backup and start with adprep.
Your AD/DNS will not work without it anyway.
a) if there is nothing on the server - no data / no mails, you aint risking anything.
b) If there is --> take a backup and start with adprep.
Your AD/DNS will not work without it anyway.
ASKER
I followed the Exchange install to the letter and got a perfect install, no errors.
ok. And your DNS is showing blanks ?
this is strange.
ASKER
There is all their data and their POP mail which has been migrated into (mostly) their Exchange mailboxes. I hear you loud and clear. Not what I want to hear but I get it.
Is there a chance that a DNS fix would do it since that is the error I am receiving in the ADS Server Manager Console
Is there a chance that a DNS fix would do it since that is the error I am receiving in the ADS Server Manager Console
@JD :: sunny is doing a good job of flushing out some pre-existing DNS issues. The error that grabs my attention is here:
* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
Sounds like DNS needs to be repaired. Check out this link and run DCDiag again to see if the error above goes away. If DNS isn't getting updated properly, then key Exchange functions aren't going to work.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
* Active Directory LDAP Services Check
The host 9184da82-a434-45f1-b221-f3
Sounds like DNS needs to be repaired. Check out this link and run DCDiag again to see if the error above goes away. If DNS isn't getting updated properly, then key Exchange functions aren't going to work.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
I am going to be in a meeting till 3/4 EST. Will post back after that.
ASKER
Digi ::: Sunny
sorry this taking so long. I'm sure there are not enough points to make this worthwhile. I am almost certain you are dedicated to the cause by this point. I will have more time tomorrow, Saturday, to try and flush this out. Thanks for staying in the fight.
sorry this taking so long. I'm sure there are not enough points to make this worthwhile. I am almost certain you are dedicated to the cause by this point. I will have more time tomorrow, Saturday, to try and flush this out. Thanks for staying in the fight.
Screenshots
How to install Windows 2008 DNS
http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
MS REF
http://technet.microsoft.com/en-us/library/cc816891(WS.10).aspx
How to install Windows 2008 DNS
http://www.zdnetasia.com/install-a-dns-server-in-windows-server-2008-62040433.htm
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
MS REF
http://technet.microsoft.com/en-us/library/cc816891(WS.10).aspx
ASKER
Sunny ::: DNS is already installed. Obviously not working for exchange. Can I safely remove and reinstall it w AD integration without tearing anything else up in the process?
You have to configure it as per the article above.
configure forward and reverse look-up zones and forwarders.
configure forward and reverse look-up zones and forwarders.
Check out my post here, http:#a33221687, to fix DNS.
I would second digitap's DNS repair steps.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
You have to do this on the DC.
dcdiag /fix
netdiag /fix
ipconfig /flushdns
ipconfig /registerdns
net stop server
net start server
--
If these dont work then you can go ahead and reinstall DNS and configure it with FW and RV lookup zones.
http://www.bhcblog.com/2009/04/23/fixing-active-directory-dns-_msdcs-_sites-_tcp-_udp/
You have to do this on the DC.
dcdiag /fix
netdiag /fix
ipconfig /flushdns
ipconfig /registerdns
net stop server
net start server
--
If these dont work then you can go ahead and reinstall DNS and configure it with FW and RV lookup zones.
ASKER
Ok guys. I'll give it a whirl Monday PST.
ASKER
I have reinstalled DNS. I went with the existing certs and integration of AD was implied by the role advisor when I added it back in. This test was quite a bit more successful than before.
=========================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC ategory=nt DSSiteSett ings),.... ...
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC lass=ntDSD sa),...... .
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Advertising
The DC WPBCDC01 is advertising itself as a DC and having a DS.
The DC WPBCDC01 is advertising as an LDAP server
The DC WPBCDC01 is advertising as having a writeable directory
The DC WPBCDC01 is advertising as a Key Distribution Center
The DC WPBCDC01 is advertising as a time server
The DS WPBCDC01 is advertising as a GC.
......................... WPBCDC01 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... WPBCDC01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... WPBCDC01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... WPBCDC01 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... WPBCDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
Role Domain Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
Role PDC Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
Role Rid Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
......................... WPBCDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC WPBCDC01 on DC WPBCDC01.
* SPN found :LDAP/WPBCDC01.WPBC.local/ WPBC.local
* SPN found :LDAP/WPBCDC01.WPBC.local
* SPN found :LDAP/WPBCDC01
* SPN found :LDAP/WPBCDC01.WPBC.local/ WPBC
* SPN found :LDAP/9184da82-a434-45f1-b 221-f3d63e 346628._ms dcs.WPBC.l ocal
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/9184da82 -a434-45f1 -b221-f3d6 3e346628/W PBC.local
* SPN found :HOST/WPBCDC01.WPBC.local/ WPBC.local
* SPN found :HOST/WPBCDC01.WPBC.local
* SPN found :HOST/WPBCDC01
* SPN found :HOST/WPBCDC01.WPBC.local/ WPBC
* SPN found :GC/WPBCDC01.WPBC.local/WP BC.local
......................... WPBCDC01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC WPBCDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=WPBC, DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=WPBC, DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=WPBC,D C=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=WPBC,D C=local
(Configuration,Version 3)
* Security Permissions Check for
DC=WPBC,DC=local
(Domain,Version 3)
......................... WPBCDC01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\WPBCDC01\netlogon
Verified share \\WPBCDC01\sysvol
......................... WPBCDC01 passed test NetLogons
Starting test: ObjectsReplicated
WPBCDC01 is in domain DC=WPBC,DC=local
Checking for CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc al in domain DC=WPBC,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local in domain CN=Configuration,DC=WPBC,D C=local on 1 servers
Object is up-to-date on all servers.
......................... WPBCDC01 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... WPBCDC01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* WPBCDC01.WPBC.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1159
......................... WPBCDC01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... WPBCDC01 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:44
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:55
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local .' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:57
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local .' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x80050004
Time Generated: 07/20/2010 12:38:14
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x80050004
Time Generated: 07/20/2010 12:38:14
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/20/2010 12:38:37
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/20/2010 12:38:44
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.WPBC. local timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x00000420
Time Generated: 07/20/2010 12:39:13
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:16
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00002724
Time Generated: 07/20/2010 12:39:17
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:27
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local .' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:30
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local .' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x0000000C
Time Generated: 07/20/2010 12:39:34
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x000727AA
Time Generated: 07/20/2010 12:41:59
Event String:
The WinRM service failed to create the following SPNs: WSMAN/WPBCDC01.WPBC.local; WSMAN/WPBCDC01.
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:10
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:11
Event String:
Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:16
Event String:
Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:17
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:18
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:18
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:19
Event String:
Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:20
Event String:
Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:20
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:21
Event String:
Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:22
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:22
Event String:
Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:23
Event String:
Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:24
Event String:
Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:24
Event String:
Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:25
Event String:
Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:17
Event String:
Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:18
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:22
Event String:
Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:23
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:24
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:24
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:25
Event String:
Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:26
Event String:
Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:26
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:27
Event String:
Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:28
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:28
Event String:
Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:29
Event String:
Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:30
Event String:
Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:31
Event String:
Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:31
Event String:
Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.
......................... WPBCDC01 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc al and backlink on
CN=WPBCDC01,CN=Servers,CN= Default-Fi rst-Site-N ame,CN=Sit es,CN=Conf iguration, DC=WPBC,DC =local
are correct.
The system object reference (serverReferenceBL)
CN=WPBCDC01,CN=Topology,CN =Domain System Volume,CN=DFSR-GlobalSetti ngs,CN=Sys tem,DC=WPB C,DC=local
and backlink on
CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
are correct.
The system object reference (msDFSR-ComputerReferenceB L)
CN=WPBCDC01,CN=Topology,CN =Domain System Volume,CN=DFSR-GlobalSetti ngs,CN=Sys tem,DC=WPB C,DC=local
and backlink on CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc al are
correct.
......................... WPBCDC01 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : WPBC
Starting test: CheckSDRefDom
......................... WPBC passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... WPBC passed test CrossRefValidation
Running enterprise tests on : WPBC.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... WPBC.local passed test Intersite
=========================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Starting test: Advertising
The DC WPBCDC01 is advertising itself as a DC and having a DS.
The DC WPBCDC01 is advertising as an LDAP server
The DC WPBCDC01 is advertising as having a writeable directory
The DC WPBCDC01 is advertising as a Key Distribution Center
The DC WPBCDC01 is advertising as a time server
The DS WPBCDC01 is advertising as a GC.
......................... WPBCDC01 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... WPBCDC01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... WPBCDC01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... WPBCDC01 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... WPBCDC01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se
Role Domain Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se
Role PDC Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se
Role Rid Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WPBCDC01,CN=Se
......................... WPBCDC01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC WPBCDC01 on DC WPBCDC01.
* SPN found :LDAP/WPBCDC01.WPBC.local/
* SPN found :LDAP/WPBCDC01.WPBC.local
* SPN found :LDAP/WPBCDC01
* SPN found :LDAP/WPBCDC01.WPBC.local/
* SPN found :LDAP/9184da82-a434-45f1-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/WPBCDC01.WPBC.local/
* SPN found :HOST/WPBCDC01.WPBC.local
* SPN found :HOST/WPBCDC01
* SPN found :HOST/WPBCDC01.WPBC.local/
* SPN found :GC/WPBCDC01.WPBC.local/WP
......................... WPBCDC01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC WPBCDC01.
* Security Permissions Check for
DC=ForestDnsZones,DC=WPBC,
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=WPBC,
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=WPBC,D
(Configuration,Version 3)
* Security Permissions Check for
DC=WPBC,DC=local
(Domain,Version 3)
......................... WPBCDC01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\WPBCDC01\netlogon
Verified share \\WPBCDC01\sysvol
......................... WPBCDC01 passed test NetLogons
Starting test: ObjectsReplicated
WPBCDC01 is in domain DC=WPBC,DC=local
Checking for CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WPBCDC01,CN=Se
Object is up-to-date on all servers.
......................... WPBCDC01 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... WPBCDC01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* WPBCDC01.WPBC.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1159
......................... WPBCDC01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... WPBCDC01 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:44
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:55
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:25:57
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x80050004
Time Generated: 07/20/2010 12:38:14
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x80050004
Time Generated: 07/20/2010 12:38:14
Event String:
Broadcom BCM5709C: The network link is down. Check to make sure the network cable is properly connected.
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/20/2010 12:38:37
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/20/2010 12:38:44
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.WPBC.
A warning event occurred. EventID: 0x00000420
Time Generated: 07/20/2010 12:39:13
Event String:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:16
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'WPBC.local.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00002724
Time Generated: 07/20/2010 12:39:17
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:27
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WPBC.local
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x00001695
Time Generated: 07/20/2010 12:39:30
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.WPBC.local
Possible causes of failure include:
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration
USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.
A warning event occurred. EventID: 0x0000000C
Time Generated: 07/20/2010 12:39:34
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x000727AA
Time Generated: 07/20/2010 12:41:59
Event String:
The WinRM service failed to create the following SPNs: WSMAN/WPBCDC01.WPBC.local;
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:10
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:11
Event String:
Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:16
Event String:
Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:17
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:18
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:18
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:19
Event String:
Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:20
Event String:
Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:20
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:21
Event String:
Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:22
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:22
Event String:
Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:23
Event String:
Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:24
Event String:
Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:24
Event String:
Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 12:42:25
Event String:
Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:17
Event String:
Driver LANIER LD160c PCL 6 required for printer !!TOSVR01!Copy Room (LANIER LD160c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:18
Event String:
Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:22
Event String:
Driver Snagit 10 Printer required for printer Snagit 10 is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:23
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TDP (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:24
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!TDP (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:24
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!TA Office (HP Color LaserJet 4700) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:25
Event String:
Driver LANIER MP 4500/LD345 PCL 6 required for printer !!TOSVR01!Reception Area (LANIER MP 4500/LD345) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:26
Event String:
Driver Dell Color Laser 3010cn required for printer !!TOSVR01!PreSchool (Dell 3010cn) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:26
Event String:
Driver HP Color LaserJet 4700 PCL 6 required for printer !!TOSVR01!HR HP Color LaserJet 4700dn is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:27
Event String:
Driver HP Color LaserJet CP4520 Series PCL6 required for printer !!TOSVR01!Grant Dept (HP CP4525) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:28
Event String:
Driver HP Color LaserJet 3600 required for printer !!TOSVR01!Fiscal Dept (HP Color LaserJet 3600) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:28
Event String:
Driver LANIER MP C4500/LD445c PCL 6 required for printer !!TOSVR01!Enrollment (LANIER MP C4500/LD445c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:29
Event String:
Driver PCL6 Driver for Universal Print required for printer !!TOSVR01!Enrichment Center (LANIER LD540c) is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:30
Event String:
Driver Canon MX850 series Printer required for printer !!TOSVR01!Canon MX850 series Printer is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:31
Event String:
Driver Canon MX850 series FAX required for printer !!TOSVR01!Canon MX850 series FAX is unknown. Contact the administrator to install the driver before you log in again.
An error event occurred. EventID: 0x00000457
Time Generated: 07/20/2010 13:06:31
Event String:
Driver Brother MFC-9440CN Printer required for printer !!tosvr01!A2-Brother MFC-9440CN Printer is unknown. Contact the administrator to install the driver before you log in again.
......................... WPBCDC01 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc
CN=WPBCDC01,CN=Servers,CN=
are correct.
The system object reference (serverReferenceBL)
CN=WPBCDC01,CN=Topology,CN
and backlink on
CN=NTDS Settings,CN=WPBCDC01,CN=Se
are correct.
The system object reference (msDFSR-ComputerReferenceB
CN=WPBCDC01,CN=Topology,CN
and backlink on CN=WPBCDC01,OU=Domain Controllers,DC=WPBC,DC=loc
correct.
......................... WPBCDC01 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : WPBC
Starting test: CheckSDRefDom
......................... WPBC passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... WPBC passed test CrossRefValidation
Running enterprise tests on : WPBC.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
PDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
KDC Name: \\WPBCDC01.WPBC.local
Locator Flags: 0xe00033fd
......................... WPBC.local passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... WPBC.local passed test Intersite
lets run this
dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt
Please copy the entire file after the command executes @ with status's in the end PASS / FAIL
dcdiag /v /e /TEST:DNS > C:\dcdiagdns.txt
Please copy the entire file after the command executes @ with status's in the end PASS / FAIL
ASKER
I thought that was the one I posted but here it is. Not sure what PASS/FAIL means other than what is already contained in the file.
NOTE: I have no Reverse lookup entries and the implication that the DNS server is not running because it cannot find the server. I don't understand DNS enough to understand this since I know the DNS server is running.
========================== ========== ========== =======
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC ategory=nt DSSiteSett ings),.... ...
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC lass=ntDSD sa),...... .
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP BCDC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
has invalid DNS server: 68.94.156.1
(<name unavailable>)
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4 32d-8726-b 7ee89bb9fe d.domains. _msdcs.WPB C.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W PBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC. local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC. local
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit e-Name._si tes.WPBC.l ocal
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC .local
Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-4 32d-8726-b 7ee89bb9fe d.domains. _msdcs.WPB C.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.W PBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC. local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC. local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Sit e-Name._si tes.WPBC.l ocal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:1::803f:235 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:2f::f [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:3::42 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:503:ba3e::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:503:c27::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:7fd::1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:7fe::53 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:dc3::35 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 68.94.156.1 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: WPBC.local
WPBCDC01 PASS WARN PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
NOTE: I have no Reverse lookup entries and the implication that the DNS server is not running because it cannot find the server. I don't understand DNS enough to understand this since I know the DNS server is running.
==========================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
has invalid DNS server: 68.94.156.1
(<name unavailable>)
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC
Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.W
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Sit
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 68.94.156.1 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: WPBC.local
WPBCDC01 PASS WARN PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
You need to configure Forwarders in DNS. You have it configured using Root-hints.
Here's how to do it
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
Restart DNS
Run the above test again after you do this.
dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt
Here's how to do it
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
Restart DNS
Run the above test again after you do this.
dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt
ASKER
sunny ::: Thanks. I'll work it right now. Stay tuned - Oh loyal one!
hey man. I am here :-)
ASKER
sunny ::: Mailbox store cannot be started.
copy paste the error from event log
Are all services running ?
Are all services running ?
Also
Open Exchange Management console
Tools > Best Practices Analyzer
Run a health scan and upload the report here.
lets see what comes up.
thanks
Open Exchange Management console
Tools > Best Practices Analyzer
Run a health scan and upload the report here.
lets see what comes up.
thanks
Also run this one please
dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt
dcdiag /v /e /TES:DNS > c:\dcdiagdns2.txt
ASKER
Can I reinstall Exchange on top of an existing install - in a repair mode - so to speak?
I see two things happening;
1) their needs to be a certificate in the personal store and
2) the DNS is missing somehting. There are no Reverse lookup entries.
There are several Forward lookups. I added a 'www' and pointed it to the router.
I see two things happening;
1) their needs to be a certificate in the personal store and
2) the DNS is missing somehting. There are no Reverse lookup entries.
There are several Forward lookups. I added a 'www' and pointed it to the router.
Can you upload the dcdiag file.
About your queries:
1) You need to buy a UCC/SAN certificate to work with exchange, otherwise you will be getting a lot of errors
Here's how to do it.
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
You can also buy it from there
2) DNS - we need to figure out through Dcdiag
Forward lookup zone should forward to your ISP's DNS.
Check the ISP's DNS from your router / firewall.
You can always reinstall Exchange.
I need to check the repair mode part..
thanks
1) You need to buy a UCC/SAN certificate to work with exchange, otherwise you will be getting a lot of errors
Here's how to do it.
http://www.digicert.com/ssl-certificate-installation-microsoft-exchange-2010.htm
You can also buy it from there
2) DNS - we need to figure out through Dcdiag
Forward lookup zone should forward to your ISP's DNS.
Check the ISP's DNS from your router / firewall.
You can always reinstall Exchange.
I need to check the repair mode part..
thanks
ASKER
Back on it. Stand by for posts.
ASKER
sunny ::: This mornings test ::: dcdiag /v /e /TEST:DNS > c:\dcdiaDNS.txt
It passes everywhere except Reg and Basic. It is looking for some missing entry. I'll bet that between the cert and the Forward we can get this done.
========================== ========== ========== ========== ======
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: WPBC.local
WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC ategory=nt DSSiteSett ings),.... ...
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC lass=ntDSD sa),...... .
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP BCDC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
NETLOGON Service is stopped on [WPBCDC01]
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
Error: NETLOGON service is not running
[Error details: 1062 (Type: Win32 - Description: The service has not been started.)]
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
has invalid DNS server: 68.94.156.1
(<name unavailable>)
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4 32d-8726-b 7ee89bb9fe d.domains. _msdcs.WPB C.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W PBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC. local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC. local
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit e-Name._si tes.WPBC.l ocal
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC .local
Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-4 32d-8726-b 7ee89bb9fe d.domains. _msdcs.WPB C.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.W PBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC. local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC. local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Sit e-Name._si tes.WPBC.l ocal
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC .local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:1::803f:235 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:2f::f [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:500:3::42 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:503:ba3e::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:503:c27::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:7fd::1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:7fe::53 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.0. 0.0.0.0.ip 6.arpa failed on the DNS server 2001:dc3::35 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 68.94.156.1 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: WPBC.local
WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
It passes everywhere except Reg and Basic. It is looking for some missing entry. I'll bet that between the cert and the Forward we can get this done.
==========================
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: WPBC.local
WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
NETLOGON Service is stopped on [WPBCDC01]
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
Error: NETLOGON service is not running
[Error details: 1062 (Type: Win32 - Description: The service has not been started.)]
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
Warning:
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
has invalid DNS server: 68.94.156.1
(<name unavailable>)
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC
Warning:
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
WPBCDC01.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.a91dd835-980f-4
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.dc._msdcs.W
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.dc._msdcs.WPBC.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._udp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kpasswd._tcp.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_kerberos._tcp.Default-Fir
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.gc._msdcs.WPBC.
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Warning:
Missing A record at DNS server 68.94.156.1:
gc._msdcs.WPBC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_gc._tcp.Default-First-Sit
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.Default-First-S
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error:
Missing SRV record at DNS server 68.94.156.1:
_ldap._tcp.pdc._msdcs.WPBC
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 68.94.156.1 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.WPBC.local. failed on the DNS server 68.94.156.1
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: WPBC.local
WPBCDC01 PASS FAIL PASS PASS PASS FAIL n/a
......................... WPBC.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
a) Start > run > services.msc
Start this service NETLOGON
b) On your NIC Card
Just use the SBS as DNS - remove this 68.94.156.1
c) Configure DNS Forwarders.
Get your ISP's DNS servers. you can also get this from your router /firewall.
Add your ISP's DNS servers.
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
d) Missing CNAME record at DNS server 68.94.156.1:
This error will go away if you remove this from your NIC card.
Errors;
--------------
Error: NETLOGON service is not running
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
No forwarders configured
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Lets try this - and run dcdiag again.
Please post back results.
Start this service NETLOGON
b) On your NIC Card
Just use the SBS as DNS - remove this 68.94.156.1
c) Configure DNS Forwarders.
Get your ISP's DNS servers. you can also get this from your router /firewall.
Add your ISP's DNS servers.
Configure Forwarders
http://www.windowsnetworking.com/articles_tutorials/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
(article is for 2003, but still applies to 2008)
d) Missing CNAME record at DNS server 68.94.156.1:
This error will go away if you remove this from your NIC card.
Errors;
--------------
Error: NETLOGON service is not running
68.94.156.1 (<name unavailable>) [Invalid]
Warning: adapter
No forwarders configured
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Missing CNAME record at DNS server 68.94.156.1:
9184da82-a434-45f1-b221-f3
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
Lets try this - and run dcdiag again.
Please post back results.
ASKER
sunny ::: OK. I removed Certificate Services from AD. I have no idea how that got started, probably from the DNS reinstall. Clients went from bad to worse this morning but after removing AD Cert Services everything started working again. I mean, OWA works from the outside again. Port 25 telenet is not returning any listener.
I configured the forwarders. AT&T's DNS servers returned an error so I used another friendly ISP I knew and they came up fine. Then tried AT&T (sbcglobal.net) again and both worked. Go figure. I left all four in the forwarders - saw no harm in that.
Your comment - "just use SBS as DNS" we are using Server 2008R2 w Exchange 2010. You mena jsut use the server as DNS?
I configured the forwarders. AT&T's DNS servers returned an error so I used another friendly ISP I knew and they came up fine. Then tried AT&T (sbcglobal.net) again and both worked. Go figure. I left all four in the forwarders - saw no harm in that.
Your comment - "just use SBS as DNS" we are using Server 2008R2 w Exchange 2010. You mena jsut use the server as DNS?
yes @ use the server as DNS
You'd need to install Cert's - I will get you a simple way to do this (have it in some bookmark...)
If you dont install the cert's the iPhones will fail.
After mailflow starts working test your exchange
www.testexchangeconnectivity.com/
Do inbound / outbound
EAS / EAS Autdiscover tests
let me know
thanks
You'd need to install Cert's - I will get you a simple way to do this (have it in some bookmark...)
If you dont install the cert's the iPhones will fail.
After mailflow starts working test your exchange
www.testexchangeconnectivity.com/
Do inbound / outbound
EAS / EAS Autdiscover tests
let me know
thanks
ASKER
OK. All PASS on dcdiag DNS test!! We have to making some headway now.
My iTouch from home is connecting to the Exchange Server now and I can send internal mail to all users (they all replied OK to my OWA mail sent from remote login) but not outbound. Exchange just delays the send until it times out. NOW we are back at the original question. :o)
Connectivity test next post.
JDF
=============== Summary - Detail -scroll down ========================
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 64.192.0.7 (<name unavailable>)
All tests passed on this DNS server
DNS server: 64.192.0.8 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.156.1 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.157.1 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: WPBC.local
WPBCDC01 PASS PASS PASS PASS PASS PASS n/a
......................... WPBC.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
========================== ========== ========== ========== =======
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC ategory=nt DSSiteSett ings),.... ...
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=W PBC,DC=loc al,LDAP_SC OPE_SUBTRE E,(objectC lass=ntDSD sa),...... .
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se rvers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=WPBC,DC= local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP BCDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP BCDC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
64.192.0.7 (<name unavailable>) [Valid]
64.192.0.8 (<name unavailable>) [Valid]
68.94.156.1 (<name unavailable>) [Valid]
68.94.157.1 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3 d63e346628 ._msdcs.WP BC.local
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4 32d-8726-b 7ee89bb9fe d.domains. _msdcs.WPB C.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W PBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC. local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC. local
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit e-Name._si tes.WPBC.l ocal
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.WPBC .local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC .local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 64.192.0.7 (<name unavailable>)
All tests passed on this DNS server
DNS server: 64.192.0.8 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.156.1 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.157.1 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: WPBC.local
WPBCDC01 PASS PASS PASS PASS PASS PASS n/a
......................... WPBC.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
My iTouch from home is connecting to the Exchange Server now and I can send internal mail to all users (they all replied OK to my OWA mail sent from remote login) but not outbound. Exchange just delays the send until it times out. NOW we are back at the original question. :o)
Connectivity test next post.
JDF
=============== Summary - Detail -scroll down ========================
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 64.192.0.7 (<name unavailable>)
All tests passed on this DNS server
DNS server: 64.192.0.8 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.156.1 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.157.1 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: WPBC.local
WPBCDC01 PASS PASS PASS PASS PASS PASS n/a
......................... WPBC.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
==========================
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WPBCDC01, is a Directory Server.
Home Server = WPBCDC01
* Connecting to directory service on server WPBCDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WPBCDC01,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WP
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WPBCDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WP
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WPBCDC01 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : WPBC
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : WPBC.local
Starting test: DNS
Test results for domain controllers:
DC: WPBCDC01.WPBC.local
Domain: WPBC.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is A4:BA:DB:11:A1:A6
IP Address is static
IP address: 192.168.1.210, fe80::41af:6a6c:b98c:5397
DNS servers:
192.168.1.210 (wpbcdc01.wpbc.local.) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
64.192.0.7 (<name unavailable>) [Valid]
64.192.0.8 (<name unavailable>) [Valid]
68.94.156.1 (<name unavailable>) [Valid]
68.94.157.1 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: WPBC.local.
Delegated domain name: _msdcs.WPBC.local.
DNS server: wpbcdc01.wpbc.local. IP:192.168.1.210 [Valid]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone WPBC.local
Test record dcdiag-test-record deleted successfully in zone WPBC.local
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.210:
9184da82-a434-45f1-b221-f3
Matching A record found at DNS server 192.168.1.210:
WPBCDC01.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.a91dd835-980f-4
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.dc._msdcs.W
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.dc._msdcs.WPBC.
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._udp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_kpasswd._tcp.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.gc._msdcs.WPBC.
Matching A record found at DNS server 192.168.1.210:
gc._msdcs.WPBC.local
Matching SRV record found at DNS server 192.168.1.210:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.210:
_ldap._tcp.pdc._msdcs.WPBC
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.1.210 (wpbcdc01.wpbc.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.WPBC.local. is operational on IP 192.168.1.210
DNS server: 64.192.0.7 (<name unavailable>)
All tests passed on this DNS server
DNS server: 64.192.0.8 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.156.1 (<name unavailable>)
All tests passed on this DNS server
DNS server: 68.94.157.1 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: WPBC.local
WPBCDC01 PASS PASS PASS PASS PASS PASS n/a
......................... WPBC.local passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
ASKER
I received an inbound mail from Exchange COnnect Test - on my iPod Touch no less!! This is getting good.
ASKER
Inbound/Outbound Exch Conn Tests were successful...
========================== ========== ========== =======
========================== ========== ========== ========== ========== =======
INBOUND 9:45 PM 7/21/2010
========================== ========== ========== ========== ========== =======
Testing Inbound SMTP Mail flow for domain jfuller@woodwardpark.org
Inbound SMTP mail flow was verified successfully.
Test Steps
Attempting to retrieve DNS MX records for domain woodwardpark.org
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.woodwardpark.org, Preference 0
Testing Mail Exchanger mail.woodwardpark.org.
This Mail Exchanger was tested successfully.
Test Steps
Attempting to resolve the host name mail.woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.3.111.196
Testing TCP Port 25 on host mail.woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 WPBCDC01.WPBC.local Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 21:42:07 -0700
Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
The test message was delivered successfully.
Testing the MX mail.woodwardpark.org for open relay by trying to relay to user Admin@TestExchangeConnecti vity.com
The Open Relay test passed. This mx isn't an open relay.
Additional Details
The open relay test message delivery failed (a good thing).
The exception detail is:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailed RecipientE xception
Stack trace:
at System.Net.Mail.SmtpTransp ort.SendMa il(MailAdd ress sender, MailAddressCollection recipients, String deliveryNotify, SmtpFailedRecipientExcepti on& exception)
at System.Net.Mail.SmtpClient .Send(Mail Message message)
at Microsoft.Exchange.Tools.E xRca.Tests .SmtpOpenR elayTest.P erformTest Really()
========================== ========== ========== ========== ========== =======
OUTBOUND 9:51 PM 7/21/2010
========================== ========== ========== ========== ========== =======
Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.fr snca.sbcgl obal.net
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
==========================
==========================
INBOUND 9:45 PM 7/21/2010
==========================
Testing Inbound SMTP Mail flow for domain jfuller@woodwardpark.org
Inbound SMTP mail flow was verified successfully.
Test Steps
Attempting to retrieve DNS MX records for domain woodwardpark.org
One or more MX records were successfully retrieved from DNS.
Additional Details
MX Records Host mail.woodwardpark.org, Preference 0
Testing Mail Exchanger mail.woodwardpark.org.
This Mail Exchanger was tested successfully.
Test Steps
Attempting to resolve the host name mail.woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 99.3.111.196
Testing TCP Port 25 on host mail.woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
Additional Details
Banner Received: 220 WPBCDC01.WPBC.local Microsoft ESMTP MAIL Service ready at Wed, 21 Jul 2010 21:42:07 -0700
Attempting to send test email message to jfuller@woodwardpark.org using MX mail.woodwardpark.org.
The test message was delivered successfully.
Testing the MX mail.woodwardpark.org for open relay by trying to relay to user Admin@TestExchangeConnecti
The Open Relay test passed. This mx isn't an open relay.
Additional Details
The open relay test message delivery failed (a good thing).
The exception detail is:
Exception details:
Message: Mailbox unavailable. The server response was: 5.7.1 Unable to relay
Type: System.Net.Mail.SmtpFailed
Stack trace:
at System.Net.Mail.SmtpTransp
at System.Net.Mail.SmtpClient
at Microsoft.Exchange.Tools.E
==========================
OUTBOUND 9:51 PM 7/21/2010
==========================
Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.fr
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
ASKER
Exchange Active Sync Tests - Not so good but I am pretty sure I didn't set that up anyway.
========================== ========== ========== ========== ========== ======
Exchange Active Sync Test 9:54 PM 7/21/2010
========================== ========== ========== ========== ========== ======
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129
Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US
Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark. org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark. org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE xception
Stack trace:
at System.Net.Dns.GetAddrInfo (String name)
at System.Net.Dns.InternalGet HostByName (String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddr esses(Stri ng hostNameOrAddress)
at Microsoft.Exchange.Tools.E xRca.Tests .ResolveHo stTest.Per formTestRe ally()
ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark. org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark. org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE xception
Stack trace:
at System.Net.Dns.GetAddrInfo (String name)
at System.Net.Dns.InternalGet HostByName (String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddr esses(Stri ng hostNameOrAddress)
at Microsoft.Exchange.Tools.E xRca.Tests .ResolveHo stTest.Per formTestRe ally()
ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwar dpark.org in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
========================== ========== ========== ========== ========== ======
Exchange Active Sync AUTODISCOVER Test 9:54 PM 7/21/2010
========================== ========== ========== ========== ========== ======
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129
Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US
Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark. org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark. org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE xception
Stack trace:
at System.Net.Dns.GetAddrInfo (String name)
at System.Net.Dns.InternalGet HostByName (String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddr esses(Stri ng hostNameOrAddress)
at Microsoft.Exchange.Tools.E xRca.Tests .ResolveHo stTest.Per formTestRe ally()
ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark. org in DNS.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark. org could not be resolved in DNS Exception details:
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE xception
Stack trace:
at System.Net.Dns.GetAddrInfo (String name)
at System.Net.Dns.InternalGet HostByName (String hostName, Boolean includeIPv6)
at System.Net.Dns.GetHostAddr esses(Stri ng hostNameOrAddress)
at Microsoft.Exchange.Tools.E xRca.Tests .ResolveHo stTest.Per formTestRe ally()
ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwar dpark.org in DNS.
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
==========================
Exchange Active Sync Test 9:54 PM 7/21/2010
==========================
ExRCA is testing Exchange ActiveSync.
The Exchange ActiveSync test failed.
Test Steps
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129
Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US
Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE
Stack trace:
at System.Net.Dns.GetAddrInfo
at System.Net.Dns.InternalGet
at System.Net.Dns.GetHostAddr
at Microsoft.Exchange.Tools.E
ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE
Stack trace:
at System.Net.Dns.GetAddrInfo
at System.Net.Dns.InternalGet
at System.Net.Dns.GetHostAddr
at Microsoft.Exchange.Tools.E
ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwar
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
==========================
Exchange Active Sync AUTODISCOVER Test 9:54 PM 7/21/2010
==========================
ExRCA is attempting the Autodiscover and Exchange ActiveSync test (if requested).
Testing of Autodiscover for Exchange ActiveSync failed.
Test Steps
ExRCA is attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.
Test Steps
Attempting to test potential AutoDiscover URL https://woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name woodwardpark.org in DNS.
Host successfully resolved
Additional Details
IP(s) returned: 65.254.248.129
Testing TCP Port 443 on host woodwardpark.org to ensure it is listening and open.
The port was opened successfully.
ExRCA is testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
The certificate name is being validated.
Certificate name validation failed.
Tell me more about this issue and how to resolve it
Additional Details
Host name woodwardpark.org does not match any name found on the server certificate CN=*.fatcow.com, OU=Domain Control Validated - Power Server ID(TM), OU=See www.geotrust.com/resources/cps (c)09, OU=GT80608078, O=*.fatcow.com, C=US
Attempting to test potential AutoDiscover URL https://autodiscover.woodwardpark.org/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE
Stack trace:
at System.Net.Dns.GetAddrInfo
at System.Net.Dns.InternalGet
at System.Net.Dns.GetHostAddr
at Microsoft.Exchange.Tools.E
ExRCA is attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.
Test Steps
Attempting to resolve the host name autodiscover.woodwardpark.
The Host could not be resolved.
Tell me more about this issue and how to resolve it
Additional Details
Host autodiscover.woodwardpark.
Message: The requested name is valid, but no data of the requested type was found
Type: System.Net.Sockets.SocketE
Stack trace:
at System.Net.Dns.GetAddrInfo
at System.Net.Dns.InternalGet
at System.Net.Dns.GetHostAddr
at Microsoft.Exchange.Tools.E
ExRCA is attempting to contact the Autodiscover service using the DNS SRV redirect method.
Failed to contact AutoDiscover using the DNS SRV redirect method.
Test Steps
Attempting to locate SRV record _autodiscover._tcp.woodwar
The Autodiscover SRV record wasn't found in DNS.
Tell me more about this issue and how to resolve it
ASKER
sunny ::: Can you explain this? This error says I don't have a scope defined. I beg to differ. The leases are good, too.
JDF
SCOPE.jpg
JDF
SCOPE.jpg
ASKER
Cancel that last post ::: I reran the Scan This Role and all is well.
hey - was sleeping. just woke up and went through all your posts.
so to summarize.
a) Inbound / outbound working ok. ExRCA pass.
b) Autodiscovery Errors on EAS from ExRCA
We need to fix that.
Did you get a UCC/SAN certificate for Exchange SSL.
http://www.digicert.com/ssl-support/exchange-2010-san-names.htm
I will go through all the ExRCA results and post back if I see something odd.
so to summarize.
a) Inbound / outbound working ok. ExRCA pass.
b) Autodiscovery Errors on EAS from ExRCA
We need to fix that.
Did you get a UCC/SAN certificate for Exchange SSL.
http://www.digicert.com/ssl-support/exchange-2010-san-names.htm
I will go through all the ExRCA results and post back if I see something odd.
ASKER
No cert yet. I have ssl off on iPhones and they do connect. I can see sent, drafts etc. Can even make appointments. Do I need cert to send mail? Going tones now and will check back in morning.
ASKER
sunny ::: I have been sucked into the vortex of ful time employment. This is not a bad thing it just leaves little time for two growing boys a wife and some computer magic. (note the time of the post - as do I when I read yours!)
Even though the ExRCA passed, we cannot send out from this exchange server. It times out. It seems to send OK but the message never gets delivered - if that makes sense.
I am connecting well with my iTouch remotley and sending internally with exchange. I can receive on this domain to the exchange server as well. No send.
jdfuller
Even though the ExRCA passed, we cannot send out from this exchange server. It times out. It seems to send OK but the message never gets delivered - if that makes sense.
I am connecting well with my iTouch remotley and sending internally with exchange. I can receive on this domain to the exchange server as well. No send.
jdfuller
jdf - props for load balancing your life :-)
a) Are you saying that when you test for Outbound here - it passes, and it still doesnt deliver emails ?
www.testexchangeconnectivity.com/
Please run that test one more time. @ outbound mail.
Please verify this before we go to step b)
b) I think we can create a send connector.
First Verify if there is something here
EMC
: Organization Configuration > Hub Transport > Send Connectors
Let me know if there's a send connector already there
If it's not there then you can create a new one
New-SendConnector –Name ‘External’ –Usage ‘Internet’ –AddressSpaces ‘SMTP:*;1’
–DNSRoutingEnabled $true –UseExternalDNSServersEnab led $false –Fqdn ‘mail.woodwardpark.
Will wait for your reply.
thanks
a) Are you saying that when you test for Outbound here - it passes, and it still doesnt deliver emails ?
www.testexchangeconnectivity.com/
Please run that test one more time. @ outbound mail.
Please verify this before we go to step b)
b) I think we can create a send connector.
First Verify if there is something here
EMC
: Organization Configuration > Hub Transport > Send Connectors
Let me know if there's a send connector already there
If it's not there then you can create a new one
New-SendConnector –Name ‘External’ –Usage ‘Internet’ –AddressSpaces ‘SMTP:*;1’
–DNSRoutingEnabled $true –UseExternalDNSServersEnab
Will wait for your reply.
thanks
ASKER
Performing Outbound SMTP Test
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.fr snca.sbcgl obal.net
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
Outbound SMTP Test Successful
Test Steps
Attempting reverse DNS lookup for IP 99.3.111.196
Successfully resolved IP 99.3.111.196 via Reverse-DNS lookup
Additional Details
Resolved IP address 99.3.111.196 to host 99-3-111-196.lightspeed.fr
Performing Real-Time Blackhole List (RBL) Test
Your IP address wasn't found on any of the block lists selected.
Test Steps
Checking Block List "SpamHaus Block List (SBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Exploits Block List (XBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamHaus Policy Block List (PBL)"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SpamCop Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "NJABL.ORG Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "SORBS Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "MSRBL Combined Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "UCEPROTECT Level 1 Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Checking Block List "AHBL Block List"
The address isn't on the block list.
Additional Details
IP 99.3.111.196 was not found on RBL
Performing Sender ID validation
Sender ID validation performed successfully
Test Steps
ExRCA is attempting to find the SPF record using a DNS TEXT record query.
ExRCA wasn't able to find the SPF record.
Additional Details
No records were found.
Did you try sending emails. Looks like your outbound test worked out ok ?
Let me know.
Let me know.
Try sending from OWA instead of outlook first.
ASKER
sunny ::: This is a typical response i copied from the queue. Try, try, try then fail.
Identity: WPBCDC01\242\513
Subject: Delivered: RE: Good job/Encouragement needed
Internet Message ID: <63225b67-1d0d-4767-90c4-b d4a50fabe7 7@woodward park.org>
From Address: <>
Status: Ready
Size (KB): 3
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/27/2010 11:36:38 AM
Expiration Time: 7/29/2010 11:36:38 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\242
Recipients: wgross@waterboards.ca.gov
Identity: WPBCDC01\242\513
Subject: Delivered: RE: Good job/Encouragement needed
Internet Message ID: <63225b67-1d0d-4767-90c4-b
From Address: <>
Status: Ready
Size (KB): 3
Message Source Name: DSN
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/27/2010 11:36:38 AM
Expiration Time: 7/29/2010 11:36:38 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\242
Recipients: wgross@waterboards.ca.gov
Open Exch Shell > toolbox
Message Tracking Center
Enter sender/ recipient and try to track down this message there.
4.4.7 - I will get you something on that. Give me sometime.
I saw a case in EE 2/3 days ago where 4.4.7 was traced down to a faulty ISP router (definitely outside your scope of troubleshooting).
thanks
Message Tracking Center
Enter sender/ recipient and try to track down this message there.
4.4.7 - I will get you something on that. Give me sometime.
I saw a case in EE 2/3 days ago where 4.4.7 was traced down to a faulty ISP router (definitely outside your scope of troubleshooting).
thanks
ASKER
suny ::: Here's the one I just sent from OWA per your request; it is sitting in the queue. It has not timed out yet.
Identity: WPBCDC01\250\528
Subject: Test From OWA at WPBC
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F 5F9F5E8A94 049@WPBCDC 01.WPBC.lo cal>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 2
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/28/2010 10:11:32 AM
Expiration Time: 7/30/2010 10:11:32 AM
Last Error:
Queue ID: WPBCDC01\250
Recipients: jfuller@chukchansi.net
Identity: WPBCDC01\250\528
Subject: Test From OWA at WPBC
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 2
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/28/2010 10:11:32 AM
Expiration Time: 7/30/2010 10:11:32 AM
Last Error:
Queue ID: WPBCDC01\250
Recipients: jfuller@chukchansi.net
Can you remove any Sender Filtering on Hub Transport.
ASKER
Oh! You don't suppose the ISP is blocking port 25 do you? I have seen that with SBC. I'd better check. I had forgotten that one!
ASKER
DSL Reports says SBC has been blocking 25 to reduce spam. That may be the culprit.
ASKER
No filtering that I am aware of. I'll check but I didn't set any.
DAMN @ SBC
Can you telnet from outside to the server and see if there's any issue.
(should have caught that earlier..)
Can you telnet from outside to the server and see if there's any issue.
(should have caught that earlier..)
ASKER
Yes. Telnet from where I sit says the port is not open. I am guessing that it reached the server and the server replied. I don't think it was blocked internally. I am outside the server's network but I can remote to it.
I am inside a pretty well controlled environment. The server I am having issues with (Server 2008R2) doesn't recognize 'telnet' as a command. What is up with that!
I am inside a pretty well controlled environment. The server I am having issues with (Server 2008R2) doesn't recognize 'telnet' as a command. What is up with that!
Telnet is not installed by default you have to enable it from server roles -- check this >> http://windowsarchitecture.spaces.live.com/blog/cns!C8EE0FE9E055C129!273.entry
ASKER
Sunny ::: I was able to telnet once I was home from work. Port 25 is listening.
ok
Did you try sending emails out after that ?
Did you try sending emails out after that ?
ASKER
Yes. They are in the queue waiting to be timed out. I'm checking the Sonicwall log to see what it has to say.
What ports are open in sonicwall ?
25 80 443
25 80 443
a) start > run > services.msc
check all exchange services are running.
Nothing is disabled / stopped etc.
All services are set to automatic and started.
b) Open Exchange
Go to toolbox > message tracking center.
enter the email addresses there and see what is the status code for these emails ? Is it NDR'ing it out.
check all exchange services are running.
Nothing is disabled / stopped etc.
All services are set to automatic and started.
b) Open Exchange
Go to toolbox > message tracking center.
enter the email addresses there and see what is the status code for these emails ? Is it NDR'ing it out.
Also on exchange
try this
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL
And see if the queue clears up ?
try this
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL
And see if the queue clears up ?
Also
EMS
toolbox > queue viewer
What is the status of the queue - is it ready ?
I am trying to isolate it from queue perspective.
DNS issues resolved
ExRCA done
Send Connector Done.
Firewall > ongoing.
And we are working on
Services
Queue itself
That leaves us with Bad queue
> Change queue directory (next step maybe ?)
let me know.
EMS
toolbox > queue viewer
What is the status of the queue - is it ready ?
I am trying to isolate it from queue perspective.
DNS issues resolved
ExRCA done
Send Connector Done.
Firewall > ongoing.
And we are working on
Services
Queue itself
That leaves us with Bad queue
> Change queue directory (next step maybe ?)
let me know.
ASKER
25, 80, 443 all open. SMTP, HTTP, HTTPS respectively.
Exchange Services are all running except POP (we are not using this), Monitoring for cmdlets, and Extensions for Backup.
I went to the TollBox and double clicked the MEssage Tracking and ended up with the Outlook Web Access login (?) Anyway, the message I sent to myself from my webmail showed up. So it is recieveing mail on the new domain.
I will reply and check the queue for transport errors. Stand by.. :o)
Exchange Services are all running except POP (we are not using this), Monitoring for cmdlets, and Extensions for Backup.
I went to the TollBox and double clicked the MEssage Tracking and ended up with the Outlook Web Access login (?) Anyway, the message I sent to myself from my webmail showed up. So it is recieveing mail on the new domain.
I will reply and check the queue for transport errors. Stand by.. :o)
really ? message tracking goes to OWA login.
***ghost in your machine
let me know about queue and transport errors.
I am guessing queue is suspended or something.
***ghost in your machine
let me know about queue and transport errors.
I am guessing queue is suspended or something.
BTW - how many send connectors are there ?
Org config > hub transport > Send connectors.
How many are enabled ?
Right click properties
On General
See if FQDN mail.woodwardpark.org is there
Check Address Space tab
SMTP *
Cost =1
Network
first box is checked - use DNSMX to route emails
TLS is checked.
Source Server
Yourserver name is the associated server.
Let me know.
Org config > hub transport > Send connectors.
How many are enabled ?
Right click properties
On General
See if FQDN mail.woodwardpark.org is there
Check Address Space tab
SMTP *
Cost =1
Network
first box is checked - use DNSMX to route emails
TLS is checked.
Source Server
Yourserver name is the associated server.
Let me know.
ASKER
sunny ::: From last post..everything is as you said except TLS DOmain Authentication was unchecked. FQDN was as stated and network space is good. Source server is good. TLS only thing unchecked.
ok.
Did you check if the queues were suspended from toolbox > queue viewer ?
Did you check if the queues were suspended from toolbox > queue viewer ?
Please check TLS
thanks
thanks
Are you using a smarthost to deliver emails ? (I guess not - since you didnt mention it till now...)
Can you call the ISP and check if they are blocking port 25.
(Your telnet test was for connecting TO > port 25)
We are testing Exchange > Outside - FROM
Can you call the ISP and check if they are blocking port 25.
(Your telnet test was for connecting TO > port 25)
We are testing Exchange > Outside - FROM
ASKER
TLS is now checked and I sent a test message to myself. I'll post back asap.
ok.
ASKER
Msg stuck in queue. Exchange will try to send this message for blah blah hours is the error ( not really an error yet). I see no activity on the router saying that the server is trying to do anything. No event logs saying that Exchange is having a problem.
Is the queue suspended
Run this on exch shell
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL
See if that clears the queue.
Run this on exch shell
Resume-Queue -Server YOURSERVER.DOMAIN.LOCAL
See if that clears the queue.
ASKER
It wants a filter value.
Yes, that is because we didnt specify which queue
try this
Resume-Queue -Server YOURSERVER -Filter {status eq "suspended"}
OR
Open Exchange Management console
toolbox > Queue Viewer
Right click on queue and Retry
try this
Resume-Queue -Server YOURSERVER -Filter {status eq "suspended"}
OR
Open Exchange Management console
toolbox > Queue Viewer
Right click on queue and Retry
ASKER
This is the message I received from my POP end then just replied. Colpied from the Queue - Status "Retry"
========================== ========== ========== ========== ========== ===
Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F 5F9F5E8A94 197@WPBCDC 01.WPBC.lo cal>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com
==========================
Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com
Is mail flow working after you resume the queue ??
ok. ignore the last one.
I am going to recommend some MTU troubleshooting...let me get the case for my. brb
I am going to recommend some MTU troubleshooting...let me get the case for my. brb
ok. you still have the reverse DNS doesnt match SMTP banner error
go to Org Config > hub transport > send Connector
Right click
Change it from WPBCDC01.WPBC.local
To
mail.woodwardpark.org
Also check with your ISP if they setup an RDNS for you for mail.woodpark.org
--
Please give this a read
https://www.experts-exchange.com/questions/26355695/exchange-cannot-send-receive-from-certain-address.html
They resolved the 4.4.7 error to a faulty router somewhere ahead of them.
Please call your ISP and check.
thanks
go to Org Config > hub transport > send Connector
Right click
Change it from WPBCDC01.WPBC.local
To
mail.woodwardpark.org
Also check with your ISP if they setup an RDNS for you for mail.woodpark.org
--
Please give this a read
https://www.experts-exchange.com/questions/26355695/exchange-cannot-send-receive-from-certain-address.html
They resolved the 4.4.7 error to a faulty router somewhere ahead of them.
Please call your ISP and check.
thanks
Can you upload the log files for last 2 days from here
c:\windows\system32\logfil es\smtpsvc 1
c:\windows\system32\logfil
ASKER
The FQDN in the General tab of the Properties for the Hub Transport Send COnnector is already mail.woodwardpark.org.
An RDNS record does not appear to be working as the nslookup does not work for our Exchg IP. It returns Unknown from the server itself.
No such directory exists for the logfiles. I find that odd.
An RDNS record does not appear to be working as the nslookup does not work for our Exchg IP. It returns Unknown from the server itself.
No such directory exists for the logfiles. I find that odd.
i thought we just fixed dns above ?
Can you do a full virus scan on the server
ASKER
Running tonight... 7/30/10. Stay tuned... Thanks. We are supposedly protected. We'll see.
ASKER
sunny ::: Are you out there? I'm back.
Here's what MXTOOLBOX returned. THere is a proper MX and A record for the domain at GoDaddy.
I called AT&T today (45 min wait for a US tech guy!) and got the form filled out for the RDNS request.
========================== ========== ========== ========== ========== ======
SuperTool Beta
Command:
a:mail.woodwardpark.org a
Type Domain Name IP Address TTL
A mail.woodwardpark.org 99.3.111.196 60 min
reverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 5:19:06 PM (GMT-5)
Error
ptr requires an IP Address and www.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:24:11 PM (GMT-5)
a:www.woodwardpark.org a
Type Domain Name Canonical Name TTL
CNAME www.woodwardpark.org woodwardpark.org 60 min
Type Domain Name IP Address TTL
A woodwardpark.org 65.254.248.129 60 min
reverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:24:03 PM (GMT-5)
Error
ptr requires an IP Address and mail.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:23:20 PM (GMT-5)
mx:mail.woodwardpark.org mx
No records foundreverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:23:07 PM (GMT-5)
Here's what MXTOOLBOX returned. THere is a proper MX and A record for the domain at GoDaddy.
I called AT&T today (45 min wait for a US tech guy!) and got the form filled out for the RDNS request.
==========================
SuperTool Beta
Command:
a:mail.woodwardpark.org a
Type Domain Name IP Address TTL
A mail.woodwardpark.org 99.3.111.196 60 min
reverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 5:19:06 PM (GMT-5)
Error
ptr requires an IP Address and www.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:24:11 PM (GMT-5)
a:www.woodwardpark.org a
Type Domain Name Canonical Name TTL
CNAME www.woodwardpark.org woodwardpark.org 60 min
Type Domain Name IP Address TTL
A woodwardpark.org 65.254.248.129 60 min
reverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:24:03 PM (GMT-5)
Error
ptr requires an IP Address and mail.woodwardpark.org is not a valid IP.
Invalid Inputreverse lookup smtp diag port scan blacklist
Reported by mxtoolbox.com on Tuesday, August 10, 2010 at 4:23:20 PM (GMT-5)
mx:mail.woodwardpark.org mx
No records foundreverse lookup smtp diag port scan blacklist
Reported by ns33.domaincontrol.com on Tuesday, August 10, 2010 at 4:23:07 PM (GMT-5)
ASKER
NOTE ::: The www is the web host and it is at a different IP than the Exchange Server.
I am still here... I keep checking this case for updates.
will check mxtoolbox and post back.
will check mxtoolbox and post back.
Server Configuration > Hub Transport > Receive Connector
Right click your default receive connector > properties
Under General Tab - enter
mail.woodwardpark.org
Check settings here
http://www.shudnow.net/2008/11/08/exchange-2007-mail-flow-dns-records-connectors-and-tls/
thanks
Right click your default receive connector > properties
Under General Tab - enter
mail.woodwardpark.org
Check settings here
http://www.shudnow.net/2008/11/08/exchange-2007-mail-flow-dns-records-connectors-and-tls/
thanks
ASKER
Thanks for hangin'
Done. I actually did this today because I noticed there were two - one default the other Client but neither had the FQDN on it so I created a new one with the wizard becasue the other two I could not edit. Was that a bad idea?
jdfuller
P.S. Can we get this info sanitized after we're done wreaking havoc on the site?
Done. I actually did this today because I noticed there were two - one default the other Client but neither had the FQDN on it so I created a new one with the wizard becasue the other two I could not edit. Was that a bad idea?
jdfuller
P.S. Can we get this info sanitized after we're done wreaking havoc on the site?
yes we will. you can click on Request attention on top and say please remove all IP and domain details. some mod will do it.
Let me know if your send receive works.
Let me know if your send receive works.
ASKER
Wow! Feeling pretty proud of myself right now. I read that article and that was exactly what I did this afternoon; made a connector to the Internet. OK. So far it seems like progress is being made. I am still baffled as to why Exchange wizardry would not walk someone throught these steps IN CASE they wanted to receive mail from the outside - ya think?
JDF
JDF
ASKER
I cannot test telnet from inside this domain. I have to get home to do it so it won't be until later. I also have an exchange account set up on my iTouch that works for testing this domain. It receives alright, just can't send.
BTW ::: AT&T cost me 45 minutes of my life and I had to fill out a form to get a RDNS record put on their servers.
JDF
BTW ::: AT&T cost me 45 minutes of my life and I had to fill out a form to get a RDNS record put on their servers.
JDF
AT&T - Rethink Possible.......NOT !
ASKER
sunny ::: I have tested the telenet from home and the "banner" has the WPBCDC01.wpbc.local in it instead of mail.woodwardpark.org. I see messages waiting in the queue that are delayed and not leaving the server.
I have an smtp Host (A) and a mail Host (A) in the Forward Lookup zones. PTRs are not being created it says because we have no Reverse Lookup defined.
I have a hunch I need at least the mail.woowardpark.org reverse on the local server, don't you? I wish I understood this a little better. I guess I am getting there!
JDF
I have an smtp Host (A) and a mail Host (A) in the Forward Lookup zones. PTRs are not being created it says because we have no Reverse Lookup defined.
I have a hunch I need at least the mail.woowardpark.org reverse on the local server, don't you? I wish I understood this a little better. I guess I am getting there!
JDF
I am going to read the whole case one more time later tonight. At this point I am really not sure what steps we took earlier and what is the present configuration.
will post back later.
will post back later.
ASKER
Standing by. Will have a look during day tomorrow.
need some more time. @ been hectic.
Will post back tomorrow @ its 3:40 AM here... :)
Will post back tomorrow @ its 3:40 AM here... :)
ASKER
No prob.
ASKER
sunny ::: This is the latest error. I ran the Mail Flow utility i nthe Toolbox in EMC and was told that IPv6 was not supported by Exchange 2010. I do not have that configured on the NIC, only IPv4. I disabled IPv6 by unchecking in the NIC properties and instantly froze the machine. I had to drive 35 miles to restart it and it did not go past Applying computer settings... until I re-enabled IPv6 in Safe Mode. Everything is back to where it was now before the IPv6 was disabled. More fun. I thought this might be helpful.
I do NOT have a certificate with the smtp.woodwardpark.org domain named. Is this a real error or a result of a configuration problem. Can I create the cert myself through the Exchange Shell?
Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
I do NOT have a certificate with the smtp.woodwardpark.org domain named. Is this a real error or a result of a configuration problem. Can I create the cert myself through the Exchange Shell?
Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
a) Somethings you learn @ never disable IPV6 in Windows 2008 / ex 2007 / 2010 or anything higher.
sorry you had to learn it that way :(
b) One option is self signed cert for mail.woordwardpark.org - but that will fail if you are connecting windows Phones and Droids.
iPhones / Blackberry will pass with self signed Cert.
It's a good idea to get a UCC/SAN Cert. Costs about $329
https://www.digicert.com/easy-csr/exchange2010.htm
http://www.digicert.com/exchange-2010-ssl.htm
You need to add these names
mail.woordwardpark.org (your first MX)
autodiscover.woordwardpark .org (you need to create it in your DNS)
WPBCDC01.WPBC.local
WPBCDC01
I was scrolling through the case today. I saw that you created some cert's with digitap earlier. Were they self signed or UCC/SAN from godaddy / digicert.
thanks
sorry you had to learn it that way :(
b) One option is self signed cert for mail.woordwardpark.org - but that will fail if you are connecting windows Phones and Droids.
iPhones / Blackberry will pass with self signed Cert.
It's a good idea to get a UCC/SAN Cert. Costs about $329
https://www.digicert.com/easy-csr/exchange2010.htm
http://www.digicert.com/exchange-2010-ssl.htm
You need to add these names
mail.woordwardpark.org (your first MX)
autodiscover.woordwardpark
WPBCDC01.WPBC.local
WPBCDC01
I was scrolling through the case today. I saw that you created some cert's with digitap earlier. Were they self signed or UCC/SAN from godaddy / digicert.
thanks
Hi,
Sunny flicked me an email asking me to review this question. I have some ideas but I am a little unclear of what the current status of the server is. To mix some metaphores... So much has gone on I cannot see the wood for the trees, and I don't want to muddy the waters any further. If you could clearly state your current status I'll see what I can do to help
Can you recieve mail?
Can you send mail?
What other problems do you have?
Ta
Andy
Sunny flicked me an email asking me to review this question. I have some ideas but I am a little unclear of what the current status of the server is. To mix some metaphores... So much has gone on I cannot see the wood for the trees, and I don't want to muddy the waters any further. If you could clearly state your current status I'll see what I can do to help
Can you recieve mail?
Can you send mail?
What other problems do you have?
Ta
Andy
ASKER
sunny ::: The current certs are all created at install however, I made one - I think - using the Exchange Shell back a while ago from a post. It said it did successfully and I verified that it was indeed where it needed to be. Screen shot enclosed.
andy ::: welcome to my world...and thanks for taking a brave step. sometimes when too much happens...its too much! (Corrallary to Ocham's Razor). Here's the deal
::: Recently - two days ago - I had AT&T put an RDNS record in their servers. At one point we thought the reverse DNS was non-existent and using MXToolbox and nslookup kind of proved that correct. It does not seem to be effective yet or its not the problem. On my Exchange Server I see NO Reverse DNS records at all. This seems strange as well.
::: The DNS Event Log shows no errors except continuous INFORMATION errors - encountered a bad packet from 64.192.0.8 - which I beleive is AT&T.
::: I can received mail sent to the domain mail.woodwardpark.org. This is hosted by GoDaddy.
::: GoDaddy help me setup the A and MX records.
::: I can connect to OutlookWebAccess with my iTouch and check mail from outside the domain (at home). In other words, Exchange is happy to see my iTouch. NO SSL.
::: I can connect to OWA through a broswer - no problem.
::: I can send mail through any of the user accounts from anywhere with no error EXCEPT they sit in the queue until they time out; issuing the proper - "Your mail ain't going anywhere fast but I'll keep-a-tryin'..." message. Then after the alloted time, another message saying it didn't go at all.
::: The Mail Flow Tool in the Exchange Management Console says everything is fine except threw up a CAUTION = IPv6 is NOT ALLOWED WITH 2010 - at which point - yesterday - I disabled it on the NIC and proceeded to incapacitate the server. It's back to normal now - it is where it was before I did that. I just ran it again and exported the CSV. Two entries - IPv6 not supported..that's it.
::: The event logs have this continual error about not being able to find a certificate for mail,woodwardpark.org to be able to start the verb ... (from a couple of posts ago ... Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate -Services SMTP to make sure that the Microsoft Exchange Transport service has access to the certificate key.
::: The server is behind a Sonicwall with the proper services created for Exchange using the wizard. I see no hinderence of the transport.
::: The SMTP Banner does not say mail.woodwardpark.org when telnet is used. It says WPBCDC01.WPBC.local. That seems strange. It may have somehting to do with the SMTP verb thingy.
Attached is a screen shot of the Cert Library. Appreciate any help I can get.
CertsPersonalStore081310.jpg
andy ::: welcome to my world...and thanks for taking a brave step. sometimes when too much happens...its too much! (Corrallary to Ocham's Razor). Here's the deal
::: Recently - two days ago - I had AT&T put an RDNS record in their servers. At one point we thought the reverse DNS was non-existent and using MXToolbox and nslookup kind of proved that correct. It does not seem to be effective yet or its not the problem. On my Exchange Server I see NO Reverse DNS records at all. This seems strange as well.
::: The DNS Event Log shows no errors except continuous INFORMATION errors - encountered a bad packet from 64.192.0.8 - which I beleive is AT&T.
::: I can received mail sent to the domain mail.woodwardpark.org. This is hosted by GoDaddy.
::: GoDaddy help me setup the A and MX records.
::: I can connect to OutlookWebAccess with my iTouch and check mail from outside the domain (at home). In other words, Exchange is happy to see my iTouch. NO SSL.
::: I can connect to OWA through a broswer - no problem.
::: I can send mail through any of the user accounts from anywhere with no error EXCEPT they sit in the queue until they time out; issuing the proper - "Your mail ain't going anywhere fast but I'll keep-a-tryin'..." message. Then after the alloted time, another message saying it didn't go at all.
::: The Mail Flow Tool in the Exchange Management Console says everything is fine except threw up a CAUTION = IPv6 is NOT ALLOWED WITH 2010 - at which point - yesterday - I disabled it on the NIC and proceeded to incapacitate the server. It's back to normal now - it is where it was before I did that. I just ran it again and exported the CSV. Two entries - IPv6 not supported..that's it.
::: The event logs have this continual error about not being able to find a certificate for mail,woodwardpark.org to be able to start the verb ... (from a couple of posts ago ... Microsoft Exchange could not find a certificate that contains the domain name smtp.woodwardpark.org in the personal store on the local computer. Therefore, it is unable to support the STARTTLS SMTP verb for the connector Internet Connector with a FQDN parameter of smtp.woodwardpark.org. If the connector's FQDN is not specified, the computer's FQDN is used. Verify the connector configuration and the installed certificates to make sure that there is a certificate with a domain name for that FQDN. If this certificate exists, run Enable-ExchangeCertificate
::: The server is behind a Sonicwall with the proper services created for Exchange using the wizard. I see no hinderence of the transport.
::: The SMTP Banner does not say mail.woodwardpark.org when telnet is used. It says WPBCDC01.WPBC.local. That seems strange. It may have somehting to do with the SMTP verb thingy.
Attached is a screen shot of the Cert Library. Appreciate any help I can get.
CertsPersonalStore081310.jpg
ASKER
Another Screen shot of the DNS Foward Lookups. Nothing contained in the Reverese Lookups.
FwdLookupZones081310.jpg
FwdLookupZones081310.jpg
Can you please do 2 things for me:
1. Screenshot all the properties pages of your receive and send connectors. Probably best to put in a word doc and then post the doc
2. From your server install telnet then
#> telnet mail.messaging.microsoft.c om 25
And post the result
1. Screenshot all the properties pages of your receive and send connectors. Probably best to put in a word doc and then post the doc
2. From your server install telnet then
#> telnet mail.messaging.microsoft.c
And post the result
Also. Please post output from
#> ipconfig /all
#> ipconfig /all
JDF
You had posted the dns config earlier also - I dont know why I didnt see it.
http:#33438855
Your internal DNS has
- 2 MX records
- one A record called SMTP
- one A record called WWW
> i think all your issues will be resolved if you delete these 3 records in DNS and restart DNS server and Exchange hub Transport.
--
*****Before you do that:*****
a) Take a full system state backup of This Server.
b) Take a backup of C:\windpws\sytem32\DNS - directory.
c) wait for comments from andy / digitap.
this qn. has taken 170+ posts. I think we can wait for a few more before we edit DNS records.
you wont have to drive 35 miles for this ;)
You had posted the dns config earlier also - I dont know why I didnt see it.
http:#33438855
Your internal DNS has
- 2 MX records
- one A record called SMTP
- one A record called WWW
> i think all your issues will be resolved if you delete these 3 records in DNS and restart DNS server and Exchange hub Transport.
--
*****Before you do that:*****
a) Take a full system state backup of This Server.
b) Take a backup of C:\windpws\sytem32\DNS - directory.
c) wait for comments from andy / digitap.
this qn. has taken 170+ posts. I think we can wait for a few more before we edit DNS records.
you wont have to drive 35 miles for this ;)
ASKER
Hey Gang! ::: Take a look. I was getting ready top install the Server backup feature and noticed the SMTP server "feature" was not installed. Is this bad? Does Exchange have its own? Is it a bad idea to install this service? Could that explain the lack of Send Functionality? Not being sarcastic, although I really could, why isn't this installed with Exchange? (Image attached).
features.jpg
features.jpg
ASKER
Andy ::: Telnet installed. Result below. Connector screen shots forthcoming...next post.
220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000
Sunny ::: Cold Metal Backup in process. DNS still intact as shown in previous post. In an effort to "cure" my problem I created the smtp and www entries. Probably safe to remove since I put them in. No change was realized for the better but might have gummed up things going forward. This was a recent addition - last month sometime.
220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000
Sunny ::: Cold Metal Backup in process. DNS still intact as shown in previous post. In an effort to "cure" my problem I created the smtp and www entries. Probably safe to remove since I put them in. No change was realized for the better but might have gummed up things going forward. This was a recent addition - last month sometime.
ASKER
Andy ::: PDF was smaller. Let me know if this fits the bill. JDF
Exchange-Connectors-081410.pdf
Exchange-Connectors-081410.pdf
ASKER
sunny ::: ALmost there. Going to bed. Will check in the morning for comments. Thanks. I hope I don't sound like a broken record - I know I do - but my integrity is at stake and the best chance I have is the Experts here.
ServerBackup.jpg
ServerBackup.jpg
ASKER
Gentlemen ::: It is finished! The backup that is. I can't resist removing those pesky DNS records I added just to see if that solves it so I am going to try. I have to satisfy my brain before I go to sleep or I'll just lay thinking about it until tomorrow anyway.
ASKER
::: IPCONFIG /ALL with NSLOOKUP on both www and mail
========================== ========== ========== =
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>ipc onfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WPBCDC01
Primary Dns Suffix . . . . . . . : WPBC.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WPBC.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-A6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::41af:6a6c:b98c:5397% 11(Preferr ed)
IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.253
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6C-5E-34-A4 -BA-DB-11- A1-A6
DNS Servers . . . . . . . . . . . : 192.168.1.210
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #3
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #4
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{96953B46-B8D1-4159 -B17A-F7C4 35B5EB5F}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8D97248D-F70B-4B00 -9AE8-73A4 36BBC1DF}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{ED08BBEA-4326-45AA -8CF8-3C76 01AF8E3C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>nsl ookup mail.woodwardpark.org
Server: UnKnown
Address: 192.168.1.210
Non-authoritative answer:
Name: mail.woodwardpark.org
Address: 99.3.111.196
C:\Users\Administrator>nsl ookup www.woodwardpark.org
Server: UnKnown
Address: 192.168.1.210
Non-authoritative answer:
Name: woodwardpark.org
Address: 65.254.248.129
Aliases: www.woodwardpark.org
C:\Users\Administrator>
==========================
Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\Administrator>ipc
Windows IP Configuration
Host Name . . . . . . . . . . . . : WPBCDC01
Primary Dns Suffix . . . . . . . : WPBC.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : WPBC.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-A6
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::41af:6a6c:b98c:5397%
IPv4 Address. . . . . . . . . . . : 192.168.1.210(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.253
DHCPv6 IAID . . . . . . . . . . . : 245676763
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6C-5E-34-A4
DNS Servers . . . . . . . . . . . : 192.168.1.210
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #3
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AA
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Local Area Connection 4:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS
VBD Client) #4
Physical Address. . . . . . . . . : A4-BA-DB-11-A1-AC
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{96953B46-B8D1-4159
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8D97248D-F70B-4B00
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{ED08BBEA-4326-45AA
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Administrator>nsl
Server: UnKnown
Address: 192.168.1.210
Non-authoritative answer:
Name: mail.woodwardpark.org
Address: 99.3.111.196
C:\Users\Administrator>nsl
Server: UnKnown
Address: 192.168.1.210
Non-authoritative answer:
Name: woodwardpark.org
Address: 65.254.248.129
Aliases: www.woodwardpark.org
C:\Users\Administrator>
ASKER
sunny ::: DNS records as indicated in your post were removed and DNS restarted. Ipconfig - flushed dns. Connected remotely using OWA and sent more mail - stuck in queue. Essentially, no chnage.
ATTACHED is MXToolbox on the domain for SMTP. The banner is an issue. Maybe you guys can see something in the screen shots of the connectors.
MXToolbox-Report.jpg
ATTACHED is MXToolbox on the domain for SMTP. The banner is an issue. Maybe you guys can see something in the screen shots of the connectors.
MXToolbox-Report.jpg
Have a good sleep. I will review when I get home and post for you later
ASKER
::: OK. Just for kicks. Had to do an Exchange Connectivity Analyzer Test from the server just to see what it thinks. It thinks everything is fine except the SPF record. ??? Goodnight!
ExRemConnAnalyzer---SEND-Test-08.jpg
ExRemConnAnalyzer---SEND-Test-08.jpg
No worries. I am pretty sure I will find the final key in the info you have posted, unless sunny is nearer a computer and beats me to it!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Andy ::: PROGRESS ::: Performed all the changes as requested. SMTP banner is now correct. I signed on to OWA and sent a new mail (after cleaning out the queue) and the message is stuck in the queue. I saw it go in (from an RDP session to the server on another screen) but it is just sitting there.
I don't know the SMTP server of the domain's ISP but I could rig to use my ISP's just to test it. I'll do that a little later. Gotta go for an hour or two. Attached is the screen shot of the Network tab of the Client Connector.
::: The Authentication tab has on it TLS checked but Mutual Auth. is NOT checked.
::: Basic Auth - Yes AND Offer basic only after starting TLS.
::: Integrated Windows Auth checked.
Client-Connector.jpg
I don't know the SMTP server of the domain's ISP but I could rig to use my ISP's just to test it. I'll do that a little later. Gotta go for an hour or two. Attached is the screen shot of the Network tab of the Client Connector.
::: The Authentication tab has on it TLS checked but Mutual Auth. is NOT checked.
::: Basic Auth - Yes AND Offer basic only after starting TLS.
::: Integrated Windows Auth checked.
Client-Connector.jpg
Flat out monday here. Did not even have a chance to check on EE Mobile.
Yes please use ISP SMTP serevr as smart host and I think that will finish this off. Though by all accounts it should actually be working now.If it is not working after you make this change we need to pay close attentin to the send connector properties. I will review again after you have tested with ISP SMTP Server, do not try to use the SMTP server of the domain host, this will almost certainly NOT work.
The CLIENT recieve connector can stay as is as it is listening on port 587, and will not interfere with anything we are doing.
Yes please use ISP SMTP serevr as smart host and I think that will finish this off. Though by all accounts it should actually be working now.If it is not working after you make this change we need to pay close attentin to the send connector properties. I will review again after you have tested with ISP SMTP Server, do not try to use the SMTP server of the domain host, this will almost certainly NOT work.
The CLIENT recieve connector can stay as is as it is listening on port 587, and will not interfere with anything we are doing.
IF using the ISP as smart host does not work, then :
1. post image of what you are seeing in the queue
2. delete and recreate the send connector (You can either wait for me to post back, or just give it a crack if I am too long in responding)
Official MS: http://technet.microsoft.com/en-us/library/aa997285.aspx
Same thing, but with pictures so easier to follow: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm
1. post image of what you are seeing in the queue
2. delete and recreate the send connector (You can either wait for me to post back, or just give it a crack if I am too long in responding)
Official MS: http://technet.microsoft.com/en-us/library/aa997285.aspx
Same thing, but with pictures so easier to follow: http://www.petri.co.il/configuring-exchange-2007-send-external-email.htm
Guys
I was out of action this weekend. Visiting friends etc.
Will check andy's recommendations and post back.
I was out of action this weekend. Visiting friends etc.
Will check andy's recommendations and post back.
no sweat sunny. I was out most of the weekend also, we did not do much.
ASKER
Thanks for posting, guys. Will advise after changes.
JDFuller
JDFuller
Jdfuller
Let us know how andy's thing works out.
Can you post another screenshot of the DNS please.
Server roles required for Exchange 2010
Part of pre-reqs
http://technet.microsoft.com/en-us/library/bb691354.aspx
Add-WindowsFeature NET-Framework,RSAT-ADDS,We b-Server,W eb-Basic-A uth,Web-Wi ndows-Auth ,Web-Metab ase,Web-Ne t-Ext,Web- Lgcy-Mgmt- Console,WA S-Process- Model,RSAT -Web-Serve r,Web-ISAP I-Ext,Web- Digest-Aut h,Web-Dyn- Compressio n,NET-HTTP -Activatio n,RPC-Over -HTTP-Prox y -Restart
Let us know how andy's thing works out.
Can you post another screenshot of the DNS please.
Server roles required for Exchange 2010
Part of pre-reqs
http://technet.microsoft.com/en-us/library/bb691354.aspx
Add-WindowsFeature NET-Framework,RSAT-ADDS,We
ASKER
I have prep'd the system with the only reccommendation that came with Exchange pre-req install and that was the patch. I see the link (sunny's post) has Windows Power Shell installing several things. Can I invoke the command to install these things wihtout "over" installing - or - can I install even if some of them are already installed. I am pretty sure .NET is in there but not sure how to check everything on the list. Can I just go ahead and run this command and not worry if some parts are already in there.
Current DNS - Attached screen shot(s) First - Forward DNS, Second - Reverse DNS
jdfuller
DNS-Forward-081610.jpg
Current DNS - Attached screen shot(s) First - Forward DNS, Second - Reverse DNS
jdfuller
DNS-Forward-081610.jpg
ASKER
delete the mail entry for now @ DNS
let it be wpbcdc01.wpbc.local with 192.168.1.210
-
Are you saying you missed some of the pre-req steps ? Let me know which one ?
let it be wpbcdc01.wpbc.local with 192.168.1.210
-
Are you saying you missed some of the pre-req steps ? Let me know which one ?
ASKER
I put in the "microsoft filter pack". I have not used the elevated shell and installed all the things outlined in your post. I started with a fully patched WIndows 2008 R2 then installed the FIlter Pack then installed Exchange 2010. All the pre-requisites were "Green Light" according to the Exchange installation Wizard after that. Then I proceeded w the install of 2010.
ASKER
Did you understand my question reagarding "Features" to be installed. When I was installing "telnet" I noticed that the SMTP "feature" was NOT installed. See the screen shot from ID:33439289. Is that needed...cuz, it ain't in there.
No exchange has its own SMTP, you do not need to install the windows SMTP.
How did you go with the smart host and/or recreating the connector?
Andy
How did you go with the smart host and/or recreating the connector?
Andy
ASKER
sunny ::: Link didn't take me anywhere.
I tried the Smart Host. I'm fairly certain I set it up correctly - same as I would in an Outlook Account except I'm not sure of the TLS mode, needed or not. I was able to add it in the COnnector as indicated. The messages stay in the queue, though, regardless of either setting. I'm going to try the SMTP for the GoDaddy account and see what happens. They seem a bit more helpful than AT&T.
I tried the Smart Host. I'm fairly certain I set it up correctly - same as I would in an Outlook Account except I'm not sure of the TLS mode, needed or not. I was able to add it in the COnnector as indicated. The messages stay in the queue, though, regardless of either setting. I'm going to try the SMTP for the GoDaddy account and see what happens. They seem a bit more helpful than AT&T.
ASKER
sunny ::: Missing a '3' :-) I found it.
Can you screenshot the queues when mail stuck in them?
Also turn on verbose logging on send connector and email log.
I will review the link to bpa report report sunny posted.
Also turn on verbose logging on send connector and email log.
I will review the link to bpa report report sunny posted.
ASKER
Queue shot attached. Looks like a peice of rougue mail in there, also. The queue was empty except for mine this afternoon.
P.S. It might be time for new bPA report. We've done a lot since.
P.P.S. Should the FQDN of the Send COnnector be smtp.woodwardpark.org or mail.woodwardpark.org?
Queue-081610-2300.jpg
P.S. It might be time for new bPA report. We've done a lot since.
P.P.S. Should the FQDN of the Send COnnector be smtp.woodwardpark.org or mail.woodwardpark.org?
Queue-081610-2300.jpg
ASKER
LAST SEND ATTEMPT 2300 hrs ::: 451 4.4.0 Primary target address responded with: "421 4.2.1. Unable to connect." Attempted failover to alternate host, but that did not succeed.
I removed the smart host restated the Transport service and tried the DNSConnectorDelivery method and got the above response.
I removed the smart host restated the Transport service and tried the DNSConnectorDelivery method and got the above response.
Set to mail.xxxx so it matches your forward DNS. But should not matter
The rogue mail is probably an NDR response to some incoming spam.
Did you delete and re-create the Send Connector as per instructions sent earlier?
Unless we had proven otherwise by telnet to remote host on port 25 I would be completely convniced that this was a firewall issue with outbound SMTP. Now I just want to know why it is ending up in outbound queues but not actually sending.
Sunny - what are the rules in here about offering to connect to someones computer remote to just fix it?
The rogue mail is probably an NDR response to some incoming spam.
Did you delete and re-create the Send Connector as per instructions sent earlier?
Unless we had proven otherwise by telnet to remote host on port 25 I would be completely convniced that this was a firewall issue with outbound SMTP. Now I just want to know why it is ending up in outbound queues but not actually sending.
Sunny - what are the rules in here about offering to connect to someones computer remote to just fix it?
ASKER
Recreated Send Connector - Same response as above re: Primary target....
ASKER
This is a benign environment. All users (<10) are using POP until this is fixed. I am the IT for the org....which...right now, ain't saying much. I'm in a "no lose situation" and you guys have too much to risk screwing it up intentionally. You have the IP. I would bet no one would say this was for money in any court. jfuller at the domain in question. It will receive. :-)
ASKER
As long as we can post this answer - mod allowing - I think it would be extremely enlightening.
Ok - at a client now - but will be in touch later..
Just scrolling back through the posts and noticed this one (see line in bold)
Please confirm you have the reply to address on the users set to the FQDN @woodwardpark.org
Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F 5F9F5E8A94 197@WPBCDC 01.WPBC.lo cal>
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com
Just scrolling back through the posts and noticed this one (see line in bold)
Please confirm you have the reply to address on the users set to the FQDN @woodwardpark.org
Identity: WPBCDC01\259\548
Subject: Reply to TEST From NCTV Webmail
Internet Message ID: <76DB426DA0A9EC4E8F47FF93F
From Address: jfuller@wpbc.local
Status: Ready
Size (KB): 3
Message Source Name: FromLocal
Source IP: 255.255.255.255
SCL: -1
Date Received: 7/29/2010 11:29:43 AM
Expiration Time: 7/31/2010 11:29:43 AM
Last Error: 400 4.4.7 Message delayed
Queue ID: WPBCDC01\259
Recipients: jdfuller@nctv.com
ASKER
On their Outlook client config's...Yes. In ExchMgmntConsole - see attached screen shot.
Mailbox-in-EMC.jpg
Mailbox-in-EMC.jpg
ASKER
Since day one I have tried to set the woodwardpark.org as the Reply but it just stays greyed out and won't let me change it to the proper "Set as Reply" . I hope that isn't aggregiously wrong I'd fel really stupid. In their client config's they have the POP return now xxxx@wwpbc.org until this domain kicks in.
It will *definately* not let you send as .local
On that same "Email address" tab there is a tick box for "automatically update based on policy" or something like that.
untick that - apply - and then you can change the reply address to a real domain.
On that same "Email address" tab there is a tick box for "automatically update based on policy" or something like that.
untick that - apply - and then you can change the reply address to a real domain.
ASKER
Feeling a bit sheepish right now! Should have gone with that hunch and posed that Q first. I'm changin right now. Will retry an OWA message. Stand by.
ASKER
Bummer. Stuck in queue with Primary target message like before but was able to reset outgoing reply as you noted. Will change on all mbx's ... cuz its the right thing to do regardless.
The correct way to change is with recipient policy, not individually on each mailbox. But if server does not have policy for that emails address that could also be issues.... firing off emails a bit half arsed ATM coz meant to be doing something else... give me an hour if you can hang around. we are very close.
ASKER
Closed dialog and restarted Transport Service. Trying again. .... Same-o'. 451 4.4.0
ASKER
Do you know CrossLoop? We could connect that way - no harm no foul - if rules allow. We both have to be at machines to do it. Its free.
ASKER
Gotta be somewhere in 4.5 hrs. Need sleep. You guys are the bomb for sticking it out. Thanks. Will monitor tomorrow.
ASKER
Sorry. Posts are not chrono. I missed the last one until I posted and updated. I do have to ZZZZ. I feel like a flake cuz ur helping and I'm out of gas. I'll hang till I fall asleep in this stupid chair waiting for the queue to empty. Kidding. I empty it before I send anything so I have a clean space to work in.
ok get some sleep - touch base tomorrow
ASKER
Got a bowl of cereal. I'll hang. If this will work, it'll be well worth calling sick tomorrow. :-) I know your busy. I'll stand by.. I'll watch a Netflix or something till I hear from you again.
ASKER
Are u still there? I got a second wind.
goto my profile, get my email address, flick me an email
ASKER
It has been determined through much effort and discipline that the cause of the failure to reach the WAN is caused by AT&T blocking port 25.
My hat is off to you who have read this far just to find this out. Many hours of anguish were spent to bring you this information. Thanks you sunnyc7, aoakeley and digitap who unselfishly contributed to this nightmare just to get a few points.
You guys are animals!! Thank you.
My hat is off to you who have read this far just to find this out. Many hours of anguish were spent to bring you this information. Thanks you sunnyc7, aoakeley and digitap who unselfishly contributed to this nightmare just to get a few points.
You guys are animals!! Thank you.
after 170 posts - ATT blocking port 25. :(
I am pretty sure we checked with ATT earlier about port 25 ?
Andy thanks a lot man. You fixed it.
I am pretty sure we checked with ATT earlier about port 25 ?
Andy thanks a lot man. You fixed it.
I reckon you fixed a lot of other stuff along the way before I got here. I just could not get my head around why email was not getting out the queue, but kept coming back to SMTP being blocked but JD had stated
> Andy ::: Telnet installed. Result below. Connector screen shots forthcoming...next post.
> 220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000
Turns out this was done on local machine not on the server......
> Andy ::: Telnet installed. Result below. Connector screen shots forthcoming...next post.
> 220 am1ehsmhs003.bigfish.com Microsoft ESMTP MAIL Service ready at Sun, 15 Aug 2010 04:46:56 +0000
Turns out this was done on local machine not on the server......
I am pretty sure we checked with ISP earlier
http:#33251680
JDF checked here too.
http:#33309371
Anyway - Alls well that ends Well :)
I am really happy that JDF managed to stick with it for such a long time while doing his fulltime job and managed to bring this to a closure.
http:#33251680
JDF checked here too.
http:#33309371
Anyway - Alls well that ends Well :)
I am really happy that JDF managed to stick with it for such a long time while doing his fulltime job and managed to bring this to a closure.
ASKER
There was just no fair way to parse out points. I know you guys were not in this Q for the points. Its a matter of Man Over Machine (pardon the lack of Political Correctness). I am humbled by your collective expertise. But, hey, I learned a few (a lot) of things. Kudos, all of you. Much appreciated. Again - Occam's razor (or Ockham's razor) is the principle that "entities must not be multiplied beyond necessity" G-day!!
JDF.
Have a great day :)
Have a great day :)
i don't know if i quite contributed as much as the other two, but i do appreciate the points!
i'm sorry that the issue ended up being the ISP.
i'm sorry that the issue ended up being the ISP.
I know you guys were not in this Q for the points.
>> We Were (I was)
Ha ha..
>> We Were (I was)
Ha ha..
ASKER