Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Replication errors on new Windows 2008 RC DC's
Hello,
I added two new Windows Server 2008 RC domain controllers into our single forest, single domain AD environment last night. The other two DC’s are running Windows 2003.
The dcpromo process and initial replication seemed to go OK, but since then, I am getting replication errors on the new Windows 2008 domain controllers.
I have two sites in AD. The Windows 2003 servers are set to replicate across the sites, and each Windows 2008 server is shown having a replication link with its local Windows 2003 server.
Running dcdiag on one of the new Windows 2008 DC’s shows the following errors:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Ldap search capabality attribute search failed on server WEGDC2, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC3, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC002, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Advertising
......................... WEGDC001 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC001 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC001 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC001 passed test SysVolCheck
Starting test: KccEvent
......................... WEGDC001 passed test KccEvent
Starting test: KnowsOfRoleHolders
[WEGDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: WEGDC2 is the Schema Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the Schema Owner, but is not responding to LDAP
Bind.
[WEGDC3] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: WEGDC3 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC3 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: WEGDC2 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the PDC Owner, but is not responding to LDAP Bind.
Warning: WEGDC2 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the Rid Owner, but is not responding to LDAP Bind.
Warning: WEGDC3 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: WEGDC3 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... WEGDC001 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC001 passed test MachineAccount
Starting test: NCSecDesc
......................... WEGDC001 passed test NCSecDesc
Starting test: NetLogons
[WEGDC001] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... WEGDC001 failed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC001 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC001 failed test Replications
Starting test: RidManager
......................... WEGDC001 failed test RidManager
Starting test: Services
Could not open NTDS Service on WEGDC001, error 0x5
"Access is denied."
......................... WEGDC001 failed test Services
Starting test: SystemLog
......................... WEGDC001 passed test SystemLog
Starting test: VerifyReferences
......................... WEGDC001 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
DNS zones are also not replicating to the new Windows 2008 DC’s.
Please help.
Thanks!
WEG_IS
I added two new Windows Server 2008 RC domain controllers into our single forest, single domain AD environment last night. The other two DC’s are running Windows 2003.
The dcpromo process and initial replication seemed to go OK, but since then, I am getting replication errors on the new Windows 2008 domain controllers.
I have two sites in AD. The Windows 2003 servers are set to replicate across the sites, and each Windows 2008 server is shown having a replication link with its local Windows 2003 server.
Running dcdiag on one of the new Windows 2008 DC’s shows the following errors:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Ldap search capabality attribute search failed on server WEGDC2, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC3, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC002, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Advertising
......................... WEGDC001 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC001 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC001 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC001 passed test SysVolCheck
Starting test: KccEvent
......................... WEGDC001 passed test KccEvent
Starting test: KnowsOfRoleHolders
[WEGDC2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: WEGDC2 is the Schema Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the Schema Owner, but is not responding to LDAP
Bind.
[WEGDC3] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Warning: WEGDC3 is the Domain Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC3 is the Domain Owner, but is not responding to LDAP
Bind.
Warning: WEGDC2 is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the PDC Owner, but is not responding to LDAP Bind.
Warning: WEGDC2 is the Rid Owner, but is not responding to DS RPC
Bind.
Warning: WEGDC2 is the Rid Owner, but is not responding to LDAP Bind.
Warning: WEGDC3 is the Infrastructure Update Owner, but is not
responding to DS RPC Bind.
Warning: WEGDC3 is the Infrastructure Update Owner, but is not
responding to LDAP Bind.
......................... WEGDC001 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC001 passed test MachineAccount
Starting test: NCSecDesc
......................... WEGDC001 passed test NCSecDesc
Starting test: NetLogons
[WEGDC001] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... WEGDC001 failed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC001 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC001 failed test Replications
Starting test: RidManager
......................... WEGDC001 failed test RidManager
Starting test: Services
Could not open NTDS Service on WEGDC001, error 0x5
"Access is denied."
......................... WEGDC001 failed test Services
Starting test: SystemLog
......................... WEGDC001 passed test SystemLog
Starting test: VerifyReferences
......................... WEGDC001 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
DNS zones are also not replicating to the new Windows 2008 DC’s.
Please help.
Thanks!
WEG_IS
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Make sure you are using the proper dcdiag version on the servers. Windows 2008 server has a different dcdiag
Also, make sure the user you are running the command with has domain admin permissions.
Also, make sure the user you are running the command with has domain admin permissions.
I am running the dcdiag on the Windows 2008 servers, not on the Win2003 servers. I am also a domain admin.
Where did you get the dcdiag from?
Make sure you are pointing to internal DNS servers only. There should not be pointing to external DNS servers.
Make sure you are pointing to internal DNS servers only. There should not be pointing to external DNS servers.
I'm just running dcdiag on the new Windows 2008 R2 servers. I have not copied over another one from anywhere.
Windows 2008 servers are pointed at only internal DNS servers - the 2 Windows 2003 domain controllers are our DNS servers.
Windows 2008 servers are pointed at only internal DNS servers - the 2 Windows 2003 domain controllers are our DNS servers.
Post ipconfig /all.
Remove any AV that has been installed.
Run dcdiag /test:dns then post
Here is why I'm asking about dcdiag and domain admin cause of this error:
User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
Remove any AV that has been installed.
Run dcdiag /test:dns then post
Here is why I'm asking about dcdiag and domain admin cause of this error:
User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
Here is the IPCONFIG:
Windows IP Configuration
Host Name . . . . . . . . . . . . : wegdc001
Primary Dns Suffix . . . . . . . : weg-online.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : weg-online.com
Ethernet adapter Corporate Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-E3-78-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd81:b17f:b9a4:e60e%
IPv4 Address. . . . . . . . . . . : 10.1.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 234887609
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C6-75-30-00
DNS Servers . . . . . . . . . . . : ::1
10.1.1.10
10.1.18.10
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
(NOTE: I went in after this and removed the loopback from the DNS servers)
Tunnel adapter isatap.{C5BC95A4-AF42-4BFE
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
- Uninstalled McAfee from the server and rebooted.
Here is the dcdiag /test:dns output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Ldap search capabality attribute search failed on server WEGDC2, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC3, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC002, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WEGDC001 failed test DNS
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : weg-online
Running enterprise tests on : weg-online.com
Starting test: DNS
Test results for domain controllers:
DC: wegdc001.weg-online.com
Domain: weg-online.com
TEST: Basic (Basc)
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
wegdc001 PASS WARN n/a n/a n/a n/a n/a
......................... weg-online.com passed test DNS
Thanks.
Windows IP Configuration
Host Name . . . . . . . . . . . . : wegdc001
Primary Dns Suffix . . . . . . . : weg-online.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : weg-online.com
Ethernet adapter Corporate Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS
VBD Client)
Physical Address. . . . . . . . . : 00-19-B9-E3-78-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::dd81:b17f:b9a4:e60e%
IPv4 Address. . . . . . . . . . . : 10.1.1.11(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 234887609
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-C6-75-30-00
DNS Servers . . . . . . . . . . . : ::1
10.1.1.10
10.1.18.10
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
(NOTE: I went in after this and removed the loopback from the DNS servers)
Tunnel adapter isatap.{C5BC95A4-AF42-4BFE
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
- Uninstalled McAfee from the server and rebooted.
Here is the dcdiag /test:dns output:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Ldap search capabality attribute search failed on server WEGDC2, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC3, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Ldap search capabality attribute search failed on server WEGDC002, return
value = 81
Got error while checking if the DC is using FRS or DFSR. Error:
Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail
because of this error.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WEGDC001 failed test DNS
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : weg-online
Running enterprise tests on : weg-online.com
Starting test: DNS
Test results for domain controllers:
DC: wegdc001.weg-online.com
Domain: weg-online.com
TEST: Basic (Basc)
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
wegdc001 PASS WARN n/a n/a n/a n/a n/a
......................... weg-online.com passed test DNS
Thanks.
Logged in with the Domain Admin account instead of my own and ran dcdiag again:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Advertising
......................... WEGDC001 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC001 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC001 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC001 passed test SysVolCheck
Starting test: KccEvent
......................... WEGDC001 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WEGDC001 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC001 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=weg-o
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=weg-o
......................... WEGDC001 failed test NCSecDesc
Starting test: NetLogons
......................... WEGDC001 passed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC001 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC001 passed test Replications
Starting test: RidManager
......................... WEGDC001 passed test RidManager
Starting test: Services
......................... WEGDC001 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/09/2010 09:41:45
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000003ED
Time Generated: 07/09/2010 09:42:05
Event String: SMBIOS data is absent
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:22
Event String:
The dynamic registration of the DNS record '_ldap._tcp.weg-online.com
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.gc._msdcs.weg-
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/09/2010 09:42:22
Event String:
Name resolution for the name weg-online.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.733fb17e-c6c5-
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record 'gc._msdcs.weg-online.com.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '2040cbf1-ea4d-4e97-9d79-8
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.dc._msdcs.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.WEG-ColoAn
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.weg-
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_gc._tcp.weg-online.com. 600 IN SRV 0 100 3268 wegdc001.weg-online.com.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_gc._tcp.WEG-ColoAndBranc
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.WEG-ColoAn
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._udp.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kpasswd._tcp.weg-online.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kpasswd._udp.weg-online.
A warning event occurred. EventID: 0x000727AA
Time Generated: 07/09/2010 09:44:22
Event String:
The WinRM service failed to create the following SPNs: WSMAN/wegdc001.weg-online.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:24
Event String:
The dynamic registration of the DNS record 'weg-online.com. 600 IN A 10.1.1.11' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:26
Event String:
The dynamic registration of the DNS record '2040cbf1-ea4d-4e97-9d79-8
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:30
Event String:
The dynamic registration of the DNS record 'DomainDnsZones.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:30
Event String:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record 'ForestDnsZones.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZones
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:32
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/09/2010 09:48:23
Event String:
Name resolution for the name weg-online.com timed out after none of the configured DNS servers responded.
......................... WEGDC001 failed test SystemLog
Starting test: VerifyReferences
......................... WEGDC001 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
Here is the output from dcdiag /test:dns under the Domain Admin account:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WEGDC001 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : weg-online
Running enterprise tests on : weg-online.com
Starting test: DNS
Test results for domain controllers:
DC: wegdc001.weg-online.com
Domain: weg-online.com
TEST: Delegations (Del)
Error: DNS server: wegdc1.weg-online.com. IP:<Unavailable>
[Missing glue A record]
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone weg-online.com
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: weg-online.com
wegdc001 PASS PASS PASS FAIL WARN PASS n/a
......................... weg-online.com failed test DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Advertising
......................... WEGDC001 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC001 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC001 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC001 passed test SysVolCheck
Starting test: KccEvent
......................... WEGDC001 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WEGDC001 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC001 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=weg-o
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=weg-o
......................... WEGDC001 failed test NCSecDesc
Starting test: NetLogons
......................... WEGDC001 passed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC001 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC001 passed test Replications
Starting test: RidManager
......................... WEGDC001 passed test RidManager
Starting test: Services
......................... WEGDC001 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/09/2010 09:41:45
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x000003ED
Time Generated: 07/09/2010 09:42:05
Event String: SMBIOS data is absent
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:22
Event String:
The dynamic registration of the DNS record '_ldap._tcp.weg-online.com
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.gc._msdcs.weg-
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/09/2010 09:42:22
Event String:
Name resolution for the name weg-online.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record '_ldap._tcp.733fb17e-c6c5-
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:23
Event String:
The dynamic registration of the DNS record 'gc._msdcs.weg-online.com.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '2040cbf1-ea4d-4e97-9d79-8
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.dc._msdcs.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:24
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.WEG-ColoAn
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.weg-
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_gc._tcp.weg-online.com. 600 IN SRV 0 100 3268 wegdc001.weg-online.com.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:25
Event String:
The dynamic registration of the DNS record '_gc._tcp.WEG-ColoAndBranc
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.WEG-ColoAn
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kerberos._udp.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kpasswd._tcp.weg-online.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:42:26
Event String:
The dynamic registration of the DNS record '_kpasswd._udp.weg-online.
A warning event occurred. EventID: 0x000727AA
Time Generated: 07/09/2010 09:44:22
Event String:
The WinRM service failed to create the following SPNs: WSMAN/wegdc001.weg-online.
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:24
Event String:
The dynamic registration of the DNS record 'weg-online.com. 600 IN A 10.1.1.11' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:26
Event String:
The dynamic registration of the DNS record '2040cbf1-ea4d-4e97-9d79-8
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:30
Event String:
The dynamic registration of the DNS record 'DomainDnsZones.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:30
Event String:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record 'ForestDnsZones.weg-online
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:31
Event String:
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZones
An error event occurred. EventID: 0x0000168E
Time Generated: 07/09/2010 09:47:32
Event String:
The dynamic registration of the DNS record '_ldap._tcp.WEG-ColoAndBra
A warning event occurred. EventID: 0x000003F6
Time Generated: 07/09/2010 09:48:23
Event String:
Name resolution for the name weg-online.com timed out after none of the configured DNS servers responded.
......................... WEGDC001 failed test SystemLog
Starting test: VerifyReferences
......................... WEGDC001 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
Here is the output from dcdiag /test:dns under the Domain Admin account:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: Connectivity
......................... WEGDC001 passed test Connectivity
Doing primary tests
Testing server: WEG-ColoAndBranchOffices\W
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WEGDC001 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : weg-online
Running enterprise tests on : weg-online.com
Starting test: DNS
Test results for domain controllers:
DC: wegdc001.weg-online.com
Domain: weg-online.com
TEST: Delegations (Del)
Error: DNS server: wegdc1.weg-online.com. IP:<Unavailable>
[Missing glue A record]
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record dcdiag-test-record in zone weg-online.com
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: weg-online.com
wegdc001 PASS PASS PASS FAIL WARN PASS n/a
......................... weg-online.com failed test DNS
OK, so digging deeper into this, it looks like replication is working on one of the new Windows 2008 DC's, but not on the other one. The second server is not able to replication correctly with its site partner. Here is the repadmin output on that server:
C:\Users\cdady>repadmin /showreps
WEG-Plymouth\WEGDC002
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: df3973d9-f783-4f11-8335-36
DSA invocationID: d2ee363d-976e-4b4a-ac04-7d
==== INBOUND NEIGHBORS ==========================
DC=weg-online,DC=com
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 10:19:27 was successful.
CN=Configuration,DC=weg-on
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 10:16:05 was successful.
CN=Schema,CN=Configuration
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 09:45:36 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
Please help.
Thanks!
C:\Users\cdady>repadmin /showreps
WEG-Plymouth\WEGDC002
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: df3973d9-f783-4f11-8335-36
DSA invocationID: d2ee363d-976e-4b4a-ac04-7d
==== INBOUND NEIGHBORS ==========================
DC=weg-online,DC=com
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 10:19:27 was successful.
CN=Configuration,DC=weg-on
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 10:16:05 was successful.
CN=Schema,CN=Configuration
WEG-Plymouth\WEGDC3 via RPC
DSA object GUID: 1b4ce3a4-8c6e-40d9-9e77-b5
Last attempt @ 2010-07-09 09:45:36 was successful.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
DsReplicaGetInfo() failed with status 8453 (0x2105):
Replication access was denied.
Please help.
Thanks!
Disable IPv6.
http://support.microsoft.com/kb/929852
Remove 127.0.0.1
Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.
After running with the domain admin account you passed the critical tests now.
Give me a dcdiag from the failing DC.
When you look in DNS do you have msdcs folder? Is it grayed out? Do you have a msdcs.domain.com zone?
http://support.microsoft.com/kb/929852
Remove 127.0.0.1
Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.
After running with the domain admin account you passed the critical tests now.
Give me a dcdiag from the failing DC.
When you look in DNS do you have msdcs folder? Is it grayed out? Do you have a msdcs.domain.com zone?
Here is the output from DCDIAG /FIX. Still a couple of errors. Not sure if they are critical or not:
C:\Users\admin>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc002
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-Plymouth\WEGDC002
Starting test: Connectivity
......................... WEGDC002 passed test Connectivity
Doing primary tests
Testing server: WEG-Plymouth\WEGDC002
Starting test: Advertising
......................... WEGDC002 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC002 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC002 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC002 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 07/09/2010 11:41:05
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
......................... WEGDC002 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WEGDC002 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC002 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=weg-o
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=weg-o
......................... WEGDC002 failed test NCSecDesc
Starting test: NetLogons
......................... WEGDC002 passed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC002 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC002 passed test Replications
Starting test: RidManager
......................... WEGDC002 passed test RidManager
Starting test: Services
......................... WEGDC002 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/09/2010 11:40:59
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
......................... WEGDC002 passed test SystemLog
Starting test: VerifyReferences
......................... WEGDC002 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
_msdcs zone is showing up correctly on all 4 DNS servers.
C:\Users\admin>dcdiag /fix
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wegdc002
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: WEG-Plymouth\WEGDC002
Starting test: Connectivity
......................... WEGDC002 passed test Connectivity
Doing primary tests
Testing server: WEG-Plymouth\WEGDC002
Starting test: Advertising
......................... WEGDC002 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... WEGDC002 passed test FrsEvent
Starting test: DFSREvent
......................... WEGDC002 passed test DFSREvent
Starting test: SysVolCheck
......................... WEGDC002 passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000B46
Time Generated: 07/09/2010 11:41:05
Event String:
The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest)
LDAP binds that do not request signing (integrity verification) and LDAP simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
......................... WEGDC002 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... WEGDC002 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... WEGDC002 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=weg-o
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=weg-o
......................... WEGDC002 failed test NCSecDesc
Starting test: NetLogons
......................... WEGDC002 passed test NetLogons
Starting test: ObjectsReplicated
......................... WEGDC002 passed test ObjectsReplicated
Starting test: Replications
......................... WEGDC002 passed test Replications
Starting test: RidManager
......................... WEGDC002 passed test RidManager
Starting test: Services
......................... WEGDC002 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 07/09/2010 11:40:59
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate
to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
or enroll for a new KDC certificate.
......................... WEGDC002 passed test SystemLog
Starting test: VerifyReferences
......................... WEGDC002 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : weg-online
Starting test: CheckSDRefDom
......................... weg-online passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... weg-online passed test CrossRefValidation
Running enterprise tests on : weg-online.com
Starting test: LocatorCheck
......................... weg-online.com passed test LocatorCheck
Starting test: Intersite
......................... weg-online.com passed test Intersite
_msdcs zone is showing up correctly on all 4 DNS servers.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial