Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Help with DCdiag errors

Posted on 2010-11-30
13
Medium Priority
?
1,524 Views
Last Modified: 2012-06-27
Hello,
Just setting up my 2nd DC on a all windows 2008 r2 domain. Here is my dcdiag report on the new server? Any suggestions on these errors.

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = VALDC2
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Connectivity
         ......................... VALDC2 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\VALDC2
      Starting test: Advertising
         ......................... VALDC2 passed test Advertising
      Starting test: FrsEvent
         ......................... VALDC2 passed test FrsEvent
      Starting test: DFSREvent
         ......................... VALDC2 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... VALDC2 passed test SysVolCheck
      Starting test: KccEvent
         ......................... VALDC2 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... VALDC2 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... VALDC2 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=valmatic,DC=com
         ......................... VALDC2 failed test NCSecDesc
      Starting test: NetLogons
         [VALDC2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... VALDC2 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... VALDC2 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,VALDC2] DsReplicaGetInfo(PENDING_OPS, NULL)
         failed, error 0x2105 "Replication access was denied."
         ......................... VALDC2 failed test Replications
      Starting test: RidManager
         ......................... VALDC2 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on VALDC2, error 0x5
            "Access is denied."
         ......................... VALDC2 failed test Services
      Starting test: SystemLog
         ......................... VALDC2 passed test SystemLog
      Starting test: VerifyReferences
         ......................... VALDC2 passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : valmatic
      Starting test: CheckSDRefDom
         ......................... valmatic passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... valmatic passed test CrossRefValidation
0
Comment
Question by:valmatic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 2
13 Comments
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34240693
How long did you wait for replication before performing the diag?

Is DNS installed on the new DC and pointed to itself?

Is the server a Global Catalog?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240818
Are you sure you are using a username with permissions to run dcdiag? Second are you using the proper dcdiag tool? You should be using dcdiag that was installed when you installed AD.
0
 
LVL 7

Author Comment

by:valmatic
ID: 34240883
i installed this server last wed. DNS is installed on the new on since AD required it. It is a glabl catalog.

Permissions - i am logged under the doman admin. I dont know what you mean by proper dcdiag tool. I just opened a command promot and typed dcdiag?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 7

Author Comment

by:valmatic
ID: 34240889
And for dns yest, it is set for static to look at itself then the other DC.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34240901
Some admins have been copying dcdiag from another server then placing in the system since in Windows 2003 Server you had to install the Support tools to copy it from another system the error states that the user you are using doesn't have permissions to run.

VALDC2] User credentials does not have permission to perform this
         operation.
         The account used for this test must have network logon privileges
         for this machine's domain
0
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 2000 total points
ID: 34240916
Try right-clicking your command prompt run as Administrator then run dcdiag
0
 
LVL 9

Expert Comment

by:BDoellefeld
ID: 34241025
This one is safe to ignore unless you want RODC's. (http://support.microsoft.com/kb/967482)
Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com


dariusg is spot on with the other test errors as you have to run this with elevated privileges.
0
 
LVL 59

Assisted Solution

by:Darius Ghassem
Darius Ghassem earned 2000 total points
ID: 34241333
0
 
LVL 7

Author Comment

by:valmatic
ID: 34241412
I did the run as admin these are the only tests that are failing still.

      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=valmatic,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=valmatic,DC=com
         ......................... VALDC2 failed test NCSecDesc
 
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34241422
Look over the link I posted this is fine the link will explain in detail
0
 
LVL 7

Author Comment

by:valmatic
ID: 34241425
so is there any harm in running the prerp for rodc even if i do not plan on using it? Or will it screw up my config?
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 34241431
No harm you can if you want to
0
 
LVL 7

Author Closing Comment

by:valmatic
ID: 34241729
thanks for the help.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

661 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question