rj831
asked on
DNS not working and AD users can't login. Any DNS experts out there??
Ok, so my original plan was to demote this server and promote it but it won't let me demote!! It says it can''t find the domain. I have 3 dc all on one domain. Everything was working fine until the primary domain controller ran out of space on the C: drive and that's where all my problems started. I made some room so now there's plenty of free space. After running a DCDIAG /TEST:DNS, I confirmed that i'm have DNS issues. My forward zones disappeared and i can't recreate them. Here is the results to that test:
C:\Documents and Settings\administrator.GUS D>dcdiag /test:dns
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU SD1
Starting test: Connectivity
The host 2b37136e-a92f-429b-9928-21 a06a481062 ._msdcs.go nzales.k12 .ca.us
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2 1a06a48106 2._msdcs.g onzales.k1 2.ca.us)
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU SD1
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : gonzales
Running enterprise tests on : gonzales.k12.ca.us
Starting test: DNS
Test results for domain controllers:
DC: GUSD1.gonzales.k12.ca.us
Domain: gonzales.k12.ca.us
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter [00000007] Broadcom BCM5708C NetXtreme II Gig
E (NDIS VBD Client) has invalid DNS server: 172.16.47.8 (<name unavailable>)
Error: all DNS servers are invalid
Error: The A record for this DC was not found
Warning: The Active Directory zone on this DC/DNS server was n
ot found (probably a misconfiguration)
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network a
dapters
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 172.16.47.8 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.gonzales.k12.ca .us.
failed on the DNS server 172.16.47.8
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: gonzales.k12.ca.us
GUSD1 PASS FAIL PASS n/a PASS FAIL n/a
......................... gonzales.k12.ca.us failed test DNS
PLEASE help, i'm desperate!!! The kids just started school and they can't login :(
C:\Documents and Settings\administrator.GUS
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU
Starting test: Connectivity
The host 2b37136e-a92f-429b-9928-21
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : gonzales
Running enterprise tests on : gonzales.k12.ca.us
Starting test: DNS
Test results for domain controllers:
DC: GUSD1.gonzales.k12.ca.us
Domain: gonzales.k12.ca.us
TEST: Basic (Basc)
Error: No LDAP connectivity
Warning: adapter [00000007] Broadcom BCM5708C NetXtreme II Gig
E (NDIS VBD Client) has invalid DNS server: 172.16.47.8 (<name unavailable>)
Error: all DNS servers are invalid
Error: The A record for this DC was not found
Warning: The Active Directory zone on this DC/DNS server was n
ot found (probably a misconfiguration)
TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the network a
dapters
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 172.16.47.8 (<name unavailable>)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.gonzales.k12.ca
failed on the DNS server 172.16.47.8
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: gonzales.k12.ca.us
GUSD1 PASS FAIL PASS n/a PASS FAIL n/a
......................... gonzales.k12.ca.us failed test DNS
PLEASE help, i'm desperate!!! The kids just started school and they can't login :(
Do you have a dns suffix set on the connection?
ASKER
DNS suffix? Well, when it was working, it was set as GUSD1.gonzales.k12.ca.us.
okay, check the replication between domain controllers, repadmin /replsum, install from the resource kit, lets see what's happening here, it looks like one DC is causing issues.
anything in the event logs of the DC's? Replication issues?
i'd also like to understand the toplogy, three DC's, what roles are on each etc
Until the Primary Domain Controller? do you mean the DC holding the PDC emulator role?
Until the Primary Domain Controller? do you mean the DC holding the PDC emulator role?
what the state of disk on the server now? do you have system state backups?
Try repadmin /showrepl * /csv > c:\repadmin.csv
Open this up in Excel and hopefully you will find some error info
ASKER
hanccocka, it is just one server that's causing the issue and it's the primary. the other two are fine ( i can see the zones on those servers). The primary doesn't look like it's replicating with the other two. The other two are talking just fine between themselves. I'll run that tool right now! Yes, event logs are giving me errors : 4000, 4007, 4015 (all DNS errors).
ASKER
I ran that DNSlint test and it came up with: "DNSLint will attempt to verify the
DNS entries used in AD replication
Using 169.254.32.1 for LDAP
Starting with 169.254.10.22 for DNS
This process may take several minutes to complete.........
LDAP query to speficied LDAP server on TCP port 389 failed
Server Down
LDAP query to speficied LDAP server on TCP port 389 failed
LDAP server specified appears to be down
Specify a different LDAP server and run the command again"
DNS entries used in AD replication
Using 169.254.32.1 for LDAP
Starting with 169.254.10.22 for DNS
This process may take several minutes to complete.........
LDAP query to speficied LDAP server on TCP port 389 failed
Server Down
LDAP query to speficied LDAP server on TCP port 389 failed
LDAP server specified appears to be down
Specify a different LDAP server and run the command again"
there is no primary domain controller in an AD environment, do you mean the DC which holds the PDC emulator role?
does the BAD DC contain any data or other network roles, because if it's not working correctly or replcating, I'd seize the roles and transfer them to the other DCs, and then turn off that DC.
does the BAD DC contain any data or other network roles, because if it's not working correctly or replcating, I'd seize the roles and transfer them to the other DCs, and then turn off that DC.
and make sure you do not connect back to network.
ASKER
Also ran that tool you talked about and got this: C:\Documents and Settings\administrator.GUS D>repadmin /showrepl * /csv > c:\repa
dmin.csv
[d:\nt\ds\ds\src\util\repa dmin\repbi nd.c, 154] LDAP error 81 (Server Down) Win32
Err 58.
[d:\nt\ds\ds\src\util\repa dmin\repbi nd.c, 154] LDAP error 81 (Server Down) Win32
Err 58.
dmin.csv
[d:\nt\ds\ds\src\util\repa
Err 58.
[d:\nt\ds\ds\src\util\repa
Err 58.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
run it on the other DCs not the bad one.
and post the contents of the CSV here
ASKER
Well, the server with issues is the first I set up on AD which makes it the schema master? if i'm not mistaken. That's what i meant by primary
:)
:)
okay, so it probably has all the roles defined. Okay Primary = First DC in your site!
does it perform any other roles other than DC?
DHCP, DNS (probably does this), File Server, Print Server, ISA etc....
i would transfer ALL the AD roles this server has to other servers.
FSMO, Schema, Domain Naming Master, PDC , RID, Infrastructure, and GC
to other servers.
does it perform any other roles other than DC?
DHCP, DNS (probably does this), File Server, Print Server, ISA etc....
i would transfer ALL the AD roles this server has to other servers.
FSMO, Schema, Domain Naming Master, PDC , RID, Infrastructure, and GC
to other servers.
ASKER
Ran this on my working server: C:\Program Files\Support Tools>repadmin /showrepl * /csv > c:\repadmin.csv
[d:\nt\ds\ds\src\util\repa dmin\repbi nd.c, 154] LDAP error 81 (Server Down) Win32
Err 58.
[d:\nt\ds\ds\src\util\repa dmin\repbi nd.c, 154] LDAP error 81 (Server Down) Win32
Err 58.
[d:\nt\ds\ds\src\util\repa
Err 58.
[d:\nt\ds\ds\src\util\repa
Err 58.
ASKER
AD is brand new at our district and all we had were students authenticating so they can save their stuff to folders. How do I transfer all of that over? So whichever server I transfer all this stuff to would be our new schema master right? So how do i take down the other server? lol...I still cant demote it :/
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
can you do a dcdiag /v on all three DCs and post here, i'd attach them as text files
do you have firewalls enabled ny any chance?
ASKER
Thanks for your help man, i appreciate it!! I already left work but i'll post those text files first thing tomorrow.
ASKER
Also, no firewalls are in place. :)
okay, no problems, we usually work through the night on these issues. he he!
ASKER
I'm back with a vengeance!!!
dcdiag / v for all 3 servers:
GUSD1:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD1, is a DC.
* Connecting to directory service on server GUSD1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU SD1
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 2b37136e-a92f-429b-9928-21 a06a481062 ._msdcs.go nzales.k12 .ca.us
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2 1a06a48106 2._msdcs.g onzales.k1 2.ca.us)
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU SD1
Skipping all tests, because server GUSD1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
PDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
KDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
......................... gonzales.k12.ca.us passed test FsmoCheck
Test omitted by user request: DNS
GUSD2:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD2, is a DC.
* Connecting to directory service on server GUSD2.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU SD2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 1cc4025f-8eee-4211-a01e-0e 8557630489 ._msdcs.go nzales.k12 .ca.us
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(1cc4025f-8eee-4211-a01e-0 e855763048 9._msdcs.g onzales.k1 2.ca.us)
couldn't be resolved, the server name (GUSD2.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.4) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU SD2
Skipping all tests, because server GUSD2 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
KDC Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
GUSD3:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD3, is a DC.
* Connecting to directory service on server GUSD3.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU SD3
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a822b2c4-659c-48d9-9aa8-8a 6bbe194cb4 ._msdcs.go nzales.k12 .ca.us
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a822b2c4-659c-48d9-9aa8-8 a6bbe194cb 4._msdcs.g onzales.k1 2.ca.us)
couldn't be resolved, the server name (GUSD3.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.28) and was pingable. Check
that the IP address is registered correctly with the DNS server.
......................... GUSD3 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU SD3
Skipping all tests, because server GUSD3 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
KDC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
dcdiag / v for all 3 servers:
GUSD1:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD1, is a DC.
* Connecting to directory service on server GUSD1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 2b37136e-a92f-429b-9928-21
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU
Skipping all tests, because server GUSD1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
PDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
KDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
......................... gonzales.k12.ca.us passed test FsmoCheck
Test omitted by user request: DNS
GUSD2:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD2, is a DC.
* Connecting to directory service on server GUSD2.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 1cc4025f-8eee-4211-a01e-0e
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(1cc4025f-8eee-4211-a01e-0
couldn't be resolved, the server name (GUSD2.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.4) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU
Skipping all tests, because server GUSD2 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
KDC Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
GUSD3:
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD3, is a DC.
* Connecting to directory service on server GUSD3.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a822b2c4-659c-48d9-9aa8-8a
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a822b2c4-659c-48d9-9aa8-8
couldn't be resolved, the server name (GUSD3.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.28) and was pingable. Check
that the IP address is registered correctly with the DNS server.
......................... GUSD3 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU
Skipping all tests, because server GUSD3 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
KDC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
ASKER
GUSD1 is the one with all the problems which is the schema master. The student folders are on GUSD3 which is our newest server.
which servers are hosting DNS?
I assume that GUSD1 is a DNS server, and the other servers GUSD2, GUSD3 have it in their config as the Primary DNS?
I assume that GUSD1 is a DNS server, and the other servers GUSD2, GUSD3 have it in their config as the Primary DNS?
ASKER
YES you are correct. GUSD1 is pointing to itself and the other 2 are pointing to GUSD1.
ah, this is not quite correct for an AD install, and I don't set them up like that.
GUSD1 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.28
GUSD2 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.28
GUSD3 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.28 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.8
anyway, each DC should refer it itself in DNS as the primary, whether you need to have a third published (up to you) always good idea to have a spare updating, just in case you need to replace.
but as GUSD1 is foo baa, I think I would be inclined to remove it from the DNS for the moment, get DNS working on GUSD2 and GUSD3, drop GUSD1 DNS.
re-run dcdiag /v test to get DNS working correctly. and then we will proceed with seizure.
DNS is started and running on them ALL?
GUSD1 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.28
GUSD2 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.28
GUSD3 DNS setup
Primary DNS 127.0.0.1 (or 172.16.47.28 172.16.47.8)
Secondary DNS 172.16.47.4
Tietary DNS 172.16.47.8
anyway, each DC should refer it itself in DNS as the primary, whether you need to have a third published (up to you) always good idea to have a spare updating, just in case you need to replace.
but as GUSD1 is foo baa, I think I would be inclined to remove it from the DNS for the moment, get DNS working on GUSD2 and GUSD3, drop GUSD1 DNS.
re-run dcdiag /v test to get DNS working correctly. and then we will proceed with seizure.
DNS is started and running on them ALL?
ASKER
Ok, how do I get DNS going on the other 2? I believe DNS is running on all of them. I attached some screenshots of the of GUSD2 and GUSD3
GUSD2-DNS.JPG
GUSD3-DNS.JPG
GUSD2-DNS.JPG
GUSD3-DNS.JPG
ASKER
So I should remove DNS COMPLETELY from GUSD1?
don't change anything on GUSD1 at present.
DNS is running on GUSD2 and GUSD3, so just change the network settings on GUSD2 and GUSD3, you may want to wait for some downtime to do this, because changing network settings, often blips the network interface, if you've got clients access each server GUSD2 and GUSD3.
DNS is running on GUSD2 and GUSD3, so just change the network settings on GUSD2 and GUSD3, you may want to wait for some downtime to do this, because changing network settings, often blips the network interface, if you've got clients access each server GUSD2 and GUSD3.
ASKER
Ok, yeah I'll to wait for about 1.5 hours for this. What network settings shall I change?
--> DNS <--
ASKER
So since I'm moving everything to GUSD3, GUSD3 should be the new primary DNS and GUSD 2 will be secondary DNS? SOOO GUSD3 will be pointing to itself with GUSD2 as secondary DNS. GUSD2 server will be pointing to GUSD3 as primary and itself as secondary. Right? Sorry i'm a total noobie at this. :/
try to forget primarys secondarys and tietary.
Everything should be master and backup, so all servers AD and DNS, will contain the same information.
Correct in your case.
Everything should be master and backup, so all servers AD and DNS, will contain the same information.
Correct in your case.
ASKER
Ok, so I totally took off DNS off of GUSD1 (removed through Add/Remove Programs). And made the network changes on GUSD2 and GUSD3. Here are the dcdiag /v results.
GUSD1: Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD1, is a DC.
* Connecting to directory service on server GUSD1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU SD1
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 2b37136e-a92f-429b-9928-21 a06a481062 ._msdcs.go nzales.k12 .ca.us
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2 1a06a48106 2._msdcs.g onzales.k1 2.ca.us)
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU SD1
Skipping all tests, because server GUSD1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
PDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
KDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
......................... gonzales.k12.ca.us passed test FsmoCheck
Test omitted by user request: DNS
GUSD2: (couldn't get all results)
NumberOfParameters is 1
Unicode string: 2b37136e-a92f-429b-9928-21 a06a481062 ._msdcs.go nzales
.k12.ca.us
[GUSD3] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3592 (DcDiag)
System Time is: 8/20/2010 19:53:50:693
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 322
Error Record 2, ProcessID is 3592 (DcDiag)
System Time is: 8/20/2010 19:53:50:693
Generating component is 8 (winsock)
Status is 11001: No such host is known.
Detection location is 320
NumberOfParameters is 1
Unicode string: a822b2c4-659c-48d9-9aa8-8a 6bbe194cb4 ._msdcs.go nzales
.k12.ca.us
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
184 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,
DC=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
163 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
165 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: DC=gonzales,DC=k12,DC=ca,D C=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:53:16.
4285 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
GUSD2: Current time is 2010-08-20 12:53:50.
DC=ForestDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,DC=u s
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=gonzales,DC=k12,DC=ca,D C=us
Last replication recieved from GUSD1 at 2010-08-14 04:12:40.
......................... GUSD2 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GUSD2.
* Security Permissions Check for
DC=ForestDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,DC=u s
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
(Configuration,Version 2)
* Security Permissions Check for
DC=gonzales,DC=k12,DC=ca,D C=us
(Domain,Version 2)
......................... GUSD2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GUSD2\netlogon
Verified share \\GUSD2\sysvol
......................... GUSD2 passed test NetLogons
Starting test: Advertising
The DC GUSD2 is advertising itself as a DC and having a DS.
The DC GUSD2 is advertising as an LDAP server
The DC GUSD2 is advertising as having a writeable directory
The DC GUSD2 is advertising as a Key Distribution Center
The DC GUSD2 is advertising as a time server
......................... GUSD2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-Fir
st-Site-Name,CN=Sites,CN=C onfigurati on,DC=gonz ales,DC=k1 2,DC=ca,DC =us
Warning: GUSD1 is the Schema Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
[GUSD1] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: GUSD1 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-Fir
st-Site-Name,CN=Sites,CN=C onfigurati on,DC=gonz ales,DC=k1 2,DC=ca,DC =us
Warning: GUSD1 is the Domain Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-First-
Site-Name,CN=Sites,CN=Conf iguration, DC=gonzale s,DC=k12,D C=ca,DC=us
Warning: GUSD1 is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-First-
Site-Name,CN=Sites,CN=Conf iguration, DC=gonzale s,DC=k12,D C=ca,DC=us
Warning: GUSD1 is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs
,CN=Default-First-Site-Nam e,CN=Sites ,CN=Config uration,DC =gonzales, DC=k12,DC= ca,D
C=us
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... GUSD2 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3613 to 1073741823
* GUSD1.gonzales.k12.ca.us is the RID Master
......................... GUSD2 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC GUSD2 on DC GUSD2.
* SPN found :LDAP/GUSD2.gonzales.k12.c a.us/gonza les.k12.ca .us
* SPN found :LDAP/GUSD2.gonzales.k12.c a.us
* SPN found :LDAP/GUSD2
* SPN found :LDAP/GUSD2.gonzales.k12.c a.us/GUSD
* SPN found :LDAP/1cc4025f-8eee-4211-a 01e-0e8557 630489._ms dcs.gonzal es.
k12.ca.us
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1cc4025f -8eee-4211 -a0
1e-0e8557630489/gonzales.k 12.ca.us
* SPN found :HOST/GUSD2.gonzales.k12.c a.us/gonza les.k12.ca .us
* SPN found :HOST/GUSD2.gonzales.k12.c a.us
* SPN found :HOST/GUSD2
* SPN found :HOST/GUSD2.gonzales.k12.c a.us/GUSD
* SPN found :GC/GUSD2.gonzales.k12.ca. us/gonzale s.k12.ca.u s
......................... GUSD2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GUSD2 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GUSD2 is in domain DC=gonzales,DC=k12,DC=ca,D C=us
Checking for CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC
=us in domain DC=gonzales,DC=k12,DC=ca,D C=us on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GUSD2,CN=Serve rs,CN=Defa ult-First- Site
-Name,CN=Sites,CN=Configur ation,DC=g onzales,DC =k12,DC=ca ,DC=us in domain CN=Conf
iguration,DC=gonzales,DC=k 12,DC=ca,D C=us on 1 servers
Object is up-to-date on all servers.
......................... GUSD2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GUSD2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 12:49:10
(Event String could not be retrieved)
......................... GUSD2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GUSD2 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 08/20/2010 12:51:58
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/gusd1.gonzales.k12.ca .us. The target name
used was . This indicates that the password used
to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(GONZALES.K12.CA.US), and the client realm.
Please contact your system administrator.
......................... GUSD2 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC=us and
backlink on
CN=GUSD2,CN=Servers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ratio
n,DC=gonzales,DC=k12,DC=ca ,DC=us
are correct.
The system object reference (frsComputerReferenceBL)
CN=GUSD2,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales ,DC=k12,DC =ca,DC=us
and backlink on
CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC=us are
correct.
The system object reference (serverReferenceBL)
CN=GUSD2,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales ,DC=k12,DC =ca,DC=us
and backlink on
CN=NTDS Settings,CN=GUSD2,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Site
s,CN=Configuration,DC=gonz ales,DC=k1 2,DC=ca,DC =us
are correct.
......................... GUSD2 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU IRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
KDC Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
GUSD3: (couldn't get all either)
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 5004 (DcDiag)
System Time is: 8/20/2010 19:57:21:452
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 322
Error Record 2, ProcessID is 5004 (DcDiag)
System Time is: 8/20/2010 19:57:21:452
Generating component is 8 (winsock)
Status is 11001: No such host is known.
Detection location is 320
NumberOfParameters is 1
Unicode string: 2b37136e-a92f-429b-9928-21 a06a481062 ._msdcs.go nzales
.k12.ca.us
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
166 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,
DC=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
154 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
155 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: DC=gonzales,DC=k12,DC=ca,D C=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 04:12:40.
4110 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
GUSD3: Current time is 2010-08-20 12:57:21.
DC=ForestDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,DC=u s
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=gonzales,DC=k12,DC=ca,D C=us
Last replication recieved from GUSD1 at 2010-08-14 04:12:40.
......................... GUSD3 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GUSD3.
* Security Permissions Check for
DC=ForestDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=gonza les,DC=k12 ,DC=ca,DC= us
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,DC=u s
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=gonzal es,DC=k12, DC=ca,DC=u s
(Configuration,Version 2)
* Security Permissions Check for
DC=gonzales,DC=k12,DC=ca,D C=us
(Domain,Version 2)
......................... GUSD3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GUSD3\netlogon
Verified share \\GUSD3\sysvol
......................... GUSD3 passed test NetLogons
Starting test: Advertising
The DC GUSD3 is advertising itself as a DC and having a DS.
The DC GUSD3 is advertising as an LDAP server
The DC GUSD3 is advertising as having a writeable directory
The DC GUSD3 is advertising as a Key Distribution Center
The DC GUSD3 is advertising as a time server
The DS GUSD3 is advertising as a GC.
......................... GUSD3 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-Fir
st-Site-Name,CN=Sites,CN=C onfigurati on,DC=gonz ales,DC=k1 2,DC=ca,DC =us
Warning: GUSD1 is the Schema Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
[GUSD1] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: GUSD1 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-Fir
st-Site-Name,CN=Sites,CN=C onfigurati on,DC=gonz ales,DC=k1 2,DC=ca,DC =us
Warning: GUSD1 is the Domain Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-First-
Site-Name,CN=Sites,CN=Conf iguration, DC=gonzale s,DC=k12,D C=ca,DC=us
Warning: GUSD1 is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-First-
Site-Name,CN=Sites,CN=Conf iguration, DC=gonzale s,DC=k12,D C=ca,DC=us
Warning: GUSD1 is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve rs
,CN=Default-First-Site-Nam e,CN=Sites ,CN=Config uration,DC =gonzales, DC=k12,DC= ca,D
C=us
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati ve Templates/System/Remote Procedur
e Call" to enable it.
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... GUSD3 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3613 to 1073741823
* GUSD1.gonzales.k12.ca.us is the RID Master
......................... GUSD3 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC GUSD3 on DC GUSD3.
* SPN found :LDAP/GUSD3.gonzales.k12.c a.us/gonza les.k12.ca .us
* SPN found :LDAP/GUSD3.gonzales.k12.c a.us
* SPN found :LDAP/GUSD3
* SPN found :LDAP/GUSD3.gonzales.k12.c a.us/GUSD
* SPN found :LDAP/a822b2c4-659c-48d9-9 aa8-8a6bbe 194cb4._ms dcs.gonzal es.
k12.ca.us
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/a822b2c4 -659c-48d9 -9a
a8-8a6bbe194cb4/gonzales.k 12.ca.us
* SPN found :HOST/GUSD3.gonzales.k12.c a.us/gonza les.k12.ca .us
* SPN found :HOST/GUSD3.gonzales.k12.c a.us
* SPN found :HOST/GUSD3
* SPN found :HOST/GUSD3.gonzales.k12.c a.us/GUSD
* SPN found :GC/GUSD3.gonzales.k12.ca. us/gonzale s.k12.ca.u s
......................... GUSD3 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GUSD3 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GUSD3 is in domain DC=gonzales,DC=k12,DC=ca,D C=us
Checking for CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC
=us in domain DC=gonzales,DC=k12,DC=ca,D C=us on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site
-Name,CN=Sites,CN=Configur ation,DC=g onzales,DC =k12,DC=ca ,DC=us in domain CN=Conf
iguration,DC=gonzales,DC=k 12,DC=ca,D C=us on 1 servers
Object is up-to-date on all servers.
......................... GUSD3 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GUSD3 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 10:00:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 10:43:22
(Event String could not be retrieved)
......................... GUSD3 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GUSD3 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 08/20/2010 12:50:29
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/gusd1.gonzales.k12.ca .us. The target name
used was . This indicates that the password used
to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(GONZALES.K12.CA.US), and the client realm.
Please contact your system administrator.
......................... GUSD3 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC=us and
backlink on
CN=GUSD3,CN=Servers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ratio
n,DC=gonzales,DC=k12,DC=ca ,DC=us
are correct.
The system object reference (frsComputerReferenceBL)
CN=GUSD3,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales ,DC=k12,DC =ca,DC=us
and backlink on
CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC =k12,DC=ca ,DC=us are
correct.
The system object reference (serverReferenceBL)
CN=GUSD3,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales ,DC=k12,DC =ca,DC=us
and backlink on
CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Site
s,CN=Configuration,DC=gonz ales,DC=k1 2,DC=ca,DC =us
are correct.
......................... GUSD3 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
KDC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
GUSD1: Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine GUSD1, is a DC.
* Connecting to directory service on server GUSD1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\GU
Starting test: Connectivity
* Active Directory LDAP Services Check
The host 2b37136e-a92f-429b-9928-21
could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(2b37136e-a92f-429b-9928-2
couldn't be resolved, the server name (GUSD1.gonzales.k12.ca.us)
resolved to the IP address (172.16.47.8) and was pingable. Check that
the IP address is registered correctly with the DNS server.
......................... GUSD1 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\GU
Skipping all tests, because server GUSD1 is
not responding to directory service requests
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: VerifyReplicas
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
PDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
KDC Name: \\GUSD1.gonzales.k12.ca.us
Locator Flags: 0xe00003fd
......................... gonzales.k12.ca.us passed test FsmoCheck
Test omitted by user request: DNS
GUSD2: (couldn't get all results)
NumberOfParameters is 1
Unicode string: 2b37136e-a92f-429b-9928-21
.k12.ca.us
[GUSD3] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3592 (DcDiag)
System Time is: 8/20/2010 19:53:50:693
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 322
Error Record 2, ProcessID is 3592 (DcDiag)
System Time is: 8/20/2010 19:53:50:693
Generating component is 8 (winsock)
Status is 11001: No such host is known.
Detection location is 320
NumberOfParameters is 1
Unicode string: a822b2c4-659c-48d9-9aa8-8a
.k12.ca.us
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: DC=DomainDnsZones,DC=gonza
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
184 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: CN=Schema,CN=Configuration
DC=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
163 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: CN=Configuration,DC=gonzal
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:51:43.
165 failures have occurred since the last success.
[Replications Check,GUSD2] A recent replication attempt failed:
From GUSD1 to GUSD2
Naming Context: DC=gonzales,DC=k12,DC=ca,D
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:51:58.
The last success occurred at 2010-08-13 17:53:16.
4285 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
GUSD2: Current time is 2010-08-20 12:53:50.
DC=ForestDnsZones,DC=gonza
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=DomainDnsZones,DC=gonza
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Schema,CN=Configuration
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Configuration,DC=gonzal
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=gonzales,DC=k12,DC=ca,D
Last replication recieved from GUSD1 at 2010-08-14 04:12:40.
......................... GUSD2 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GUSD2.
* Security Permissions Check for
DC=ForestDnsZones,DC=gonza
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=gonza
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=gonzal
(Configuration,Version 2)
* Security Permissions Check for
DC=gonzales,DC=k12,DC=ca,D
(Domain,Version 2)
......................... GUSD2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GUSD2\netlogon
Verified share \\GUSD2\sysvol
......................... GUSD2 passed test NetLogons
Starting test: Advertising
The DC GUSD2 is advertising itself as a DC and having a DS.
The DC GUSD2 is advertising as an LDAP server
The DC GUSD2 is advertising as having a writeable directory
The DC GUSD2 is advertising as a Key Distribution Center
The DC GUSD2 is advertising as a time server
......................... GUSD2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
st-Site-Name,CN=Sites,CN=C
Warning: GUSD1 is the Schema Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
[GUSD1] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: GUSD1 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
st-Site-Name,CN=Sites,CN=C
Warning: GUSD1 is the Domain Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
Site-Name,CN=Sites,CN=Conf
Warning: GUSD1 is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
Site-Name,CN=Sites,CN=Conf
Warning: GUSD1 is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
,CN=Default-First-Site-Nam
C=us
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... GUSD2 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3613 to 1073741823
* GUSD1.gonzales.k12.ca.us is the RID Master
......................... GUSD2 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC GUSD2 on DC GUSD2.
* SPN found :LDAP/GUSD2.gonzales.k12.c
* SPN found :LDAP/GUSD2.gonzales.k12.c
* SPN found :LDAP/GUSD2
* SPN found :LDAP/GUSD2.gonzales.k12.c
* SPN found :LDAP/1cc4025f-8eee-4211-a
k12.ca.us
* SPN found :E3514235-4B06-11D1-AB04-0
1e-0e8557630489/gonzales.k
* SPN found :HOST/GUSD2.gonzales.k12.c
* SPN found :HOST/GUSD2.gonzales.k12.c
* SPN found :HOST/GUSD2
* SPN found :HOST/GUSD2.gonzales.k12.c
* SPN found :GC/GUSD2.gonzales.k12.ca.
......................... GUSD2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GUSD2 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GUSD2 is in domain DC=gonzales,DC=k12,DC=ca,D
Checking for CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC
=us in domain DC=gonzales,DC=k12,DC=ca,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GUSD2,CN=Serve
-Name,CN=Sites,CN=Configur
iguration,DC=gonzales,DC=k
Object is up-to-date on all servers.
......................... GUSD2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GUSD2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 12:49:10
(Event String could not be retrieved)
......................... GUSD2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GUSD2 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 08/20/2010 12:51:58
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/gusd1.gonzales.k12.ca
used was . This indicates that the password used
to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(GONZALES.K12.CA.US), and the client realm.
Please contact your system administrator.
......................... GUSD2 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC
backlink on
CN=GUSD2,CN=Servers,CN=Def
n,DC=gonzales,DC=k12,DC=ca
are correct.
The system object reference (frsComputerReferenceBL)
CN=GUSD2,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales
and backlink on
CN=GUSD2,OU=Domain Controllers,DC=gonzales,DC
correct.
The system object reference (serverReferenceBL)
CN=GUSD2,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales
and backlink on
CN=NTDS Settings,CN=GUSD2,CN=Serve
s,CN=Configuration,DC=gonz
are correct.
......................... GUSD2 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQU
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
KDC Name: \\GUSD2.gonzales.k12.ca.us
Locator Flags: 0xe00001f8
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
GUSD3: (couldn't get all either)
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 5004 (DcDiag)
System Time is: 8/20/2010 19:57:21:452
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 322
Error Record 2, ProcessID is 5004 (DcDiag)
System Time is: 8/20/2010 19:57:21:452
Generating component is 8 (winsock)
Status is 11001: No such host is known.
Detection location is 320
NumberOfParameters is 1
Unicode string: 2b37136e-a92f-429b-9928-21
.k12.ca.us
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: DC=DomainDnsZones,DC=gonza
The replication generated an error (1256):
The remote system is not available. For information about network tr
oubleshooting, see Windows Help.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
166 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: CN=Schema,CN=Configuration
DC=us
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
154 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: CN=Configuration,DC=gonzal
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 03:52:34.
155 failures have occurred since the last success.
[Replications Check,GUSD3] A recent replication attempt failed:
From GUSD1 to GUSD3
Naming Context: DC=gonzales,DC=k12,DC=ca,D
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2010-08-20 12:50:29.
The last success occurred at 2010-08-14 04:12:40.
4110 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
GUSD3: Current time is 2010-08-20 12:57:21.
DC=ForestDnsZones,DC=gonza
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=DomainDnsZones,DC=gonza
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Schema,CN=Configuration
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
CN=Configuration,DC=gonzal
Last replication recieved from GUSD1 at 2010-08-14 03:52:34.
DC=gonzales,DC=k12,DC=ca,D
Last replication recieved from GUSD1 at 2010-08-14 04:12:40.
......................... GUSD3 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC GUSD3.
* Security Permissions Check for
DC=ForestDnsZones,DC=gonza
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=gonza
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=gonzal
(Configuration,Version 2)
* Security Permissions Check for
DC=gonzales,DC=k12,DC=ca,D
(Domain,Version 2)
......................... GUSD3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\GUSD3\netlogon
Verified share \\GUSD3\sysvol
......................... GUSD3 passed test NetLogons
Starting test: Advertising
The DC GUSD3 is advertising itself as a DC and having a DS.
The DC GUSD3 is advertising as an LDAP server
The DC GUSD3 is advertising as having a writeable directory
The DC GUSD3 is advertising as a Key Distribution Center
The DC GUSD3 is advertising as a time server
The DS GUSD3 is advertising as a GC.
......................... GUSD3 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
st-Site-Name,CN=Sites,CN=C
Warning: GUSD1 is the Schema Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
[GUSD1] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: GUSD1 is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
st-Site-Name,CN=Sites,CN=C
Warning: GUSD1 is the Domain Owner, but is not responding to DS RPC Bin
d.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
Site-Name,CN=Sites,CN=Conf
Warning: GUSD1 is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
Site-Name,CN=Sites,CN=Conf
Warning: GUSD1 is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=GUSD1,CN=Serve
,CN=Default-First-Site-Nam
C=us
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local ma
chine at "Computer Configuration/Administrati
e Call" to enable it.
Warning: GUSD1 is the Infrastructure Update Owner, but is not respondin
g to LDAP Bind.
......................... GUSD3 failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 3613 to 1073741823
* GUSD1.gonzales.k12.ca.us is the RID Master
......................... GUSD3 failed test RidManager
Starting test: MachineAccount
Checking machine account for DC GUSD3 on DC GUSD3.
* SPN found :LDAP/GUSD3.gonzales.k12.c
* SPN found :LDAP/GUSD3.gonzales.k12.c
* SPN found :LDAP/GUSD3
* SPN found :LDAP/GUSD3.gonzales.k12.c
* SPN found :LDAP/a822b2c4-659c-48d9-9
k12.ca.us
* SPN found :E3514235-4B06-11D1-AB04-0
a8-8a6bbe194cb4/gonzales.k
* SPN found :HOST/GUSD3.gonzales.k12.c
* SPN found :HOST/GUSD3.gonzales.k12.c
* SPN found :HOST/GUSD3
* SPN found :HOST/GUSD3.gonzales.k12.c
* SPN found :GC/GUSD3.gonzales.k12.ca.
......................... GUSD3 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... GUSD3 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
GUSD3 is in domain DC=gonzales,DC=k12,DC=ca,D
Checking for CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC
=us in domain DC=gonzales,DC=k12,DC=ca,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=GUSD3,CN=Serve
-Name,CN=Sites,CN=Configur
iguration,DC=gonzales,DC=k
Object is up-to-date on all servers.
......................... GUSD3 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... GUSD3 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 10:00:48
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/20/2010 10:43:22
(Event String could not be retrieved)
......................... GUSD3 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minut
es.
......................... GUSD3 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 08/20/2010 12:50:29
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
host/gusd1.gonzales.k12.ca
used was . This indicates that the password used
to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(GONZALES.K12.CA.US), and the client realm.
Please contact your system administrator.
......................... GUSD3 failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC
backlink on
CN=GUSD3,CN=Servers,CN=Def
n,DC=gonzales,DC=k12,DC=ca
are correct.
The system object reference (frsComputerReferenceBL)
CN=GUSD3,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales
and backlink on
CN=GUSD3,OU=Domain Controllers,DC=gonzales,DC
correct.
The system object reference (serverReferenceBL)
CN=GUSD3,CN=Domain System Volume (SYSVOL share),CN=File Replication Ser
vice,CN=System,DC=gonzales
and backlink on
CN=NTDS Settings,CN=GUSD3,CN=Serve
s,CN=Configuration,DC=gonz
are correct.
......................... GUSD3 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : gonzales
Starting test: CrossRefValidation
......................... gonzales passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... gonzales passed test CheckSDRefDom
Running enterprise tests on : gonzales.k12.ca.us
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... gonzales.k12.ca.us passed test Intersite
Starting test: FsmoCheck
GC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
KDC Name: \\GUSD3.gonzales.k12.ca.us
Locator Flags: 0xe00001fc
......................... gonzales.k12.ca.us failed test FsmoCheck
Test omitted by user request: DNS
Okay, I had said in a previous post not to change anything on GUSD1!
Okay, I think we are going to abandoned GUSD1, disconnect from network and turn if off.
Only if, it does not serve DHCP, File Serving or Print Serving or any other role that's needed on your network.
If and only if your are confident in following the following article, and all roles have been removed from GUSD1, because afterwards you must not switch it back on or connect to the network, you must format and rebuild it.
http://support.microsoft.com/kb/255504
Move all AD roles to GUSD3 using the article and command line tool ndsutil from GUSD1.
Make sure it's GUSD1 is OFF and disconnected from the network.
Once, you completed the above process, leave alone and wait for replication to sort itself out.
Good Luck, but again if you don't feel you have the skill or are confident in above, leave well alone.
Also make sure you have a backup of AD.
Okay, I think we are going to abandoned GUSD1, disconnect from network and turn if off.
Only if, it does not serve DHCP, File Serving or Print Serving or any other role that's needed on your network.
If and only if your are confident in following the following article, and all roles have been removed from GUSD1, because afterwards you must not switch it back on or connect to the network, you must format and rebuild it.
http://support.microsoft.com/kb/255504
Move all AD roles to GUSD3 using the article and command line tool ndsutil from GUSD1.
Make sure it's GUSD1 is OFF and disconnected from the network.
Once, you completed the above process, leave alone and wait for replication to sort itself out.
Good Luck, but again if you don't feel you have the skill or are confident in above, leave well alone.
Also make sure you have a backup of AD.
ASKER
Well I shut off DNS on GUSD1 because all of my users are gone. So you're saying i'm going to have to reformat the GUSD1 server? Can't I just run dcpromo /force removal to take it off the domain? Also, to be clear, GUSD1 has to be disconnected from the network and turned off BEFORE I start using ndsutil to transfer and seize roles? Thanks for all your help!!
ASKER
I'm only asking if GUSD1 has to be shut off first because that article states: " We recommend that you transfer FSMO roles in the following scenarios:
* The current role holder is operational and can be accessed on the network by the new FSMO owner.
* The current role holder is operational and can be accessed on the network by the new FSMO owner.
I think you'll find in ADs current state you'll not be able to run dcpromo /force - but it's worth giving it a try - but I thought from the first opening post this didn't work!
if your forceably sieze the roles from the server, the server does not need to be on, because we are assuming that the server is dead and not responding, and from what I can see yours is not responding well to AD.
okay try the following steps and see which is successful.
1. try dcpromo /force on GUSD1, if it doesn't work proceed to Step 2.
2. use ndsutil to sieze roles from GUSD1 and transfer them to GUSD3, so run ndsutil on GUSD3.
if this does not work proceed to Step 3.
3. turn off GUSD1, disconnect GUSD1 and run so run ndsutil on GUSD3.
4. Do not be tempeted to re-connect GUSD1 on the network.
If you need to have a third DC then rebuild, and install AD. But I would personally leave it OFF for few weeks, and see how AD is performing, replicating etc
Then make you mind up, whethere you need a third DC, or use it for something else etc The more DC's the more complicated replication becomes, when it goes wrong.
if your forceably sieze the roles from the server, the server does not need to be on, because we are assuming that the server is dead and not responding, and from what I can see yours is not responding well to AD.
okay try the following steps and see which is successful.
1. try dcpromo /force on GUSD1, if it doesn't work proceed to Step 2.
2. use ndsutil to sieze roles from GUSD1 and transfer them to GUSD3, so run ndsutil on GUSD3.
if this does not work proceed to Step 3.
3. turn off GUSD1, disconnect GUSD1 and run so run ndsutil on GUSD3.
4. Do not be tempeted to re-connect GUSD1 on the network.
If you need to have a third DC then rebuild, and install AD. But I would personally leave it OFF for few weeks, and see how AD is performing, replicating etc
Then make you mind up, whethere you need a third DC, or use it for something else etc The more DC's the more complicated replication becomes, when it goes wrong.
ASKER
I didn't even know about dcpromo /force!!! I only tried to remove by entering dcpromo and that is where i got the error. Anyway, i followed your steps and got this picture!!!!!! Before I did this, it said I would need to seize the roles after GUSD1 was off AD. Should I do this next??
DCPromo-forceremove.JPG
DCPromo-forceremove.JPG
ASKER
Also, I need GUSD1 to be functional because there is a program on that server that the students use (their reading program). So i need to have that up as well.
yes, now follow Step 2, Step 3. See how you get on. Check the eventlogs.
it would seem it couldn't transfer the roles, you'll need to follow the Microsoft article fully.
well you can try and keep GUSD1 on the network, this is why I asked you to check the roles, because often keeping an OLD DC on the network afterwards may cause issues.
it would seem it couldn't transfer the roles, you'll need to follow the Microsoft article fully.
well you can try and keep GUSD1 on the network, this is why I asked you to check the roles, because often keeping an OLD DC on the network afterwards may cause issues.
ASKER
Ok, so AD is removed from GUSD1 and is currently turned off. I launched Ntdsutil on GUSD3 and typed "roles" then i typed "connections" and typed "connect to server GUSD3".....I tried to seize the roles but ALL of them failed. I got this error more or less:
fsmo maintenance: seize rid master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN
AVAILABLE), data 8524
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure ...
Searching for highest rid pool in domain
Server "gusd3" knows about 5 roles
Schema - CN=NTDS Settings,CN=GUSD1,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Site
s,CN=Configuration,DC=gonz ales,DC=k1 2,DC=ca,DC =us
Domain - CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Site
s,CN=Configuration,DC=gonz ales,DC=k1 2,DC=ca,DC =us
PDC - CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Sites,C
N=Configuration,DC=gonzale s,DC=k12,D C=ca,DC=us
RID - CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site-Name, CN=Sites,C
N=Configuration,DC=gonzale s,DC=k12,D C=ca,DC=us
Infrastructure - CN=NTDS Settings,CN=GUSD3,CN=Serve rs,CN=Defa ult-First- Site-Name
,CN=Sites,CN=Configuration ,DC=gonzal es,DC=k12, DC=ca,DC=u s
:(
fsmo maintenance: seize rid master
Attempting safe transfer of RID FSMO before seizure.
ldap_modify_sW error 0x34(52 (Unavailable).
Ldap extended error message is 000020AF: SvcErr: DSID-0321092B, problem 5002 (UN
AVAILABLE), data 8524
Win32 error returned is 0x20af(The requested FSMO operation failed. The current
FSMO holder could not be contacted.)
)
Depending on the error code this may indicate a connection,
ldap, or role transfer error.
Transfer of RID FSMO failed, proceeding with seizure ...
Searching for highest rid pool in domain
Server "gusd3" knows about 5 roles
Schema - CN=NTDS Settings,CN=GUSD1,CN=Serve
s,CN=Configuration,DC=gonz
Domain - CN=NTDS Settings,CN=GUSD3,CN=Serve
s,CN=Configuration,DC=gonz
PDC - CN=NTDS Settings,CN=GUSD3,CN=Serve
N=Configuration,DC=gonzale
RID - CN=NTDS Settings,CN=GUSD3,CN=Serve
N=Configuration,DC=gonzale
Infrastructure - CN=NTDS Settings,CN=GUSD3,CN=Serve
,CN=Sites,CN=Configuration
:(
whats happening with replication repadmin /replsum
event log errors?
dcpromo /forceremoval command leave FSMO roles in an invalid state until they are reassigned.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
follow the above, and remove what we call the failed DC from AD.
event log errors?
dcpromo /forceremoval command leave FSMO roles in an invalid state until they are reassigned.
http://www.petri.co.il/delete_failed_dcs_from_ad.htm
follow the above, and remove what we call the failed DC from AD.
That's not a failure, although you have to read the text carefully to determine this. It's merely saying that the TRANSFER operation failed, which is to be expected. The seizure then proceeds. In the text you posted, four of the five FSMOs have been seized by GUSD3. The only one that remains on GUSD1 is the Schema role, which you have presumably also seized by now.
ASKER
OH WAIT! Maybe it didn't fail?? https://www.experts-exchange.com/questions/21624163/Can't-seize-schema-or-domain-naming-master-FSMO-roles.html
ASKER
Good lookin out DrDave!!! and yes, i seized the schema master right after just in case. ;) So now what lol? I presume i can start with ntdsutil /metadata cleanup to fully remove GUSD1 from replication?
also check which roles have been transferred by the wizard if any
netdom query GUSD3 /fsmo
netdom query GUSD3 /pdc
netdom query GUSD3 /fsmo
netdom query GUSD3 /pdc
yep, but don't try to rush this, let replication sort itself out.....
you should find hopefully, that all roles have been transaferred to GUSD3 (it own's all the roles).
then have a foos read through the ntdsutil /metadata cleanup and were done.
then have a foos read through the ntdsutil /metadata cleanup and were done.
keep checking event logs, replication, (repadmin /replsum is your friend here), and hopefully errors should eventually stop in the event logs.
ASKER
I just went to the computer lab to try some logins and........SUCCESS!!!!!!!! I can now login!! I tried a few logins that I could remember off the top of my head and they all worked. Sooooooo....after I do the metadata clean up......do you think I could rejoin GUSD1 to the domain? OR should I possibly leave it as a WORKGROUP server ( because as I stated, the reading program is on there so it MUST be online)....we prefer to have 3 DCs but I could always add one of our other servers as the 3rd.
ASKER
The reading program on GUSD1 that I'm talking worked just fine when the server was a workgroup. I didn't even have to make any changes when i converted the server into a DC when we first started AD. So I presume nothing will happen to the program if I go back to Workgroup. THANK YOU HANCCOCKA!!! You were a great help and I couldn't have done this without you!!! I would give you a hug if I could dude hahaha!!! This site is so great, i'm going to continue paying for it after my trial is done. :D
I would leave GUSD1 for at least 5 days, keep checking event logs and replication is okay.
and then make a decision if you really need three DCs?
remember the more DCs you have the more to go wrong, and it only takes one to go bad, and you get login issues!
the least loaded DC will always respond to requests.
trend carefuly my friend, and be patient.
All the best, glad you got it fixed, and for FREE!
and then make a decision if you really need three DCs?
remember the more DCs you have the more to go wrong, and it only takes one to go bad, and you get login issues!
the least loaded DC will always respond to requests.
trend carefuly my friend, and be patient.
All the best, glad you got it fixed, and for FREE!
ASKER
i'm back! Ok, i've left the server alone and I turned it on today. Before I did that though, I ran the metadata clean up which worked pretty nice. I left the machine as a Workgroup server and the program that was on it runs great. The only issue i'm having now is joining machines to the domain. It won't let me. First I tried the server which I had taken down and it didn't let me so I said screw and decided to only have 2 domain controllers. The BIGGER problem is that i can't join ANY machine to the domain. AD IS working though as students have been logging in just fine all week. It's just the joining of new machines that's been a problem. Help? I can start a new thread if needed.
I think this is the subject of a new question, but refer the new question to this old one.