Solved

Help with DCdiag errors

Posted on 2010-11-30
13
1,515 Views
Last Modified: 2012-06-27
Hello,
Just setting up my 2nd DC on a all windows 2008 r2 domain. Here is my dcdiag report on the new server? Any suggestions on these errors.

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = VALDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Connectivity
         ......................... VALDC2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Advertising
         ......................... VALDC2 passed test Advertising
      Starting test: FrsEvent
         ......................... VALDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... VALDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... VALDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... VALDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... VALDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... VALDC2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=valmatic,DC=com
         ......................... VALDC2 failed test NCSecDesc
      Starting test: NetLogons
         [VALDC2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... VALDC2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... VALDC2 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,VALDC2] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Replication access was denied."
         ......................... VALDC2 failed test Replications
      Starting test: RidManager
         ......................... VALDC2 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on VALDC2, error 0x5
            "Access is denied."
         ......................... VALDC2 failed test Services
      Starting test: SystemLog
         ......................... VALDC2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... VALDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : valmatic
      Starting test: CheckSDRefDom
         ......................... valmatic passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... valmatic passed test CrossRefValidation
0
Comment
Question by:valmatic
  • 6
  • 5
  • 2
13 Comments
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34240693
How long did you wait for replication before performing the diag?

Is DNS installed on the new DC and pointed to itself?

Is the server a Global Catalog?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240818
Are you sure you are using a username with permissions to run dcdiag? Second are you using the proper dcdiag tool? You should be using dcdiag that was installed when you installed AD.
0
 
LVL 7

Author Comment

by:valmatic
ID: 34240883
i installed this server last wed. DNS is installed on the new on since AD required it. It is a glabl catalog.

Permissions - i am logged under the doman admin. I dont know what you mean by proper dcdiag tool. I just opened a command promot and typed dcdiag?
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 7

Author Comment

by:valmatic
ID: 34240889
And for dns yest, it is set for static to look at itself then the other DC.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240901
Some admins have been copying dcdiag from another server then placing in the system since in Windows 2003 Server you had to install the Support tools to copy it from another system the error states that the user you are using doesn't have permissions to run.

VALDC2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 500 total points
ID: 34240916
Try right-clicking your command prompt run as Administrator then run dcdiag
0
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34241025
This one is safe to ignore unless you want RODC's. (http://support.microsoft.com/kb/967482)
Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com


dariusg is spot on with the other test errors as you have to run this with elevated privileges.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 500 total points
ID: 34241333
0
 
LVL 7

Author Comment

by:valmatic
ID: 34241412
I did the run as admin these are the only tests that are failing still.

      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=valmatic,DC=com
         ......................... VALDC2 failed test NCSecDesc
 
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34241422
Look over the link I posted this is fine the link will explain in detail
0
 
LVL 7

Author Comment

by:valmatic
ID: 34241425
so is there any harm in running the prerp for rodc even if i do not plan on using it? Or will it screw up my config?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34241431
No harm you can if you want to
0
 
LVL 7

Author Closing Comment

by:valmatic
ID: 34241729
thanks for the help.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question