Link to home
Start Free TrialLog in
Avatar of ahmad1467
ahmad1467Flag for United States of America

asked on

Problems in the DCDIAG Reports

I have some concerns about my domain controller, a few days ago I took my 2003 Exchange Server out of my domain and now I am wondering if everything is ok with my Domain controller running on another Windows 2003  Server . I followed the steps to do this correctly after I did this I notice a few problems. On one of my serves in my domain is having some problems with program based services, some of the ones that were using logons stop working, then when I tried to use a different user and brows to find the user it sees the user but when I select apply I get a message that says {The specific domain ether does not exist or could not be contacted}. I ran
dcdiag /e /c > and I saw some things that I’m not sure about, is this where I would look if it were a problem with AD?
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

DCDIAG is a good place to look for AD health.  If you could post any errors you have received, that will be a good place for us to start looking.

DrUltima
Avatar of ahmad1467

ASKER

This is where I first start seeing problems in the test
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\DC-ALLIED
      Starting test: Connectivity
         ......................... DC-ALLIED passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\DC-ALLIED
      Starting test: Replications

         .........................
      Starting test: Services
         ......................... DC-ALLIED passed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... DC-ALLIED passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... DC-ALLIED passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... DC-ALLIED passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... DC-ALLIED failed test frsevent
      Starting test: kccevent
         ......................... DC-ALLIED passed test kccevent
      Starting test: systemlog
         ......................... DC-ALLIED passed test systemlog
      Starting test: VerifyReplicas
         ......................... DC-ALLIED passed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... DC-ALLIED passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... DC-ALLIED passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         [DC-ALLIED] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... DC-ALLIED passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : allied
      Starting test: CrossRefValidation
         ......................... allied passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... allied passed test CheckSDRefDom
   
   Running enterprise tests on : allied.ad
      Starting test: Intersite
         ......................... allied.ad passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
         A Global Catalog Server could not be located - All GC's are down.
         ......................... allied.ad failed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: DC-ALLIED.allied.ad
            Domain: allied.ad

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
                 
               TEST: Dynamic update (Dyn)
                  Warning: Dynamic update is enabled on the zone but not secure allied.ad.
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 208.67.220.220 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 208.67.220.220
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: allied.ad
               DC-ALLIED                    PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... allied.ad passed test DNS
Your Domain controller is not able to locate FMSO roles in any of the servers and there is no Global catalog server. Can you check where these roles are existing now. you can do it by running the below command:

netdom query fsmo

run the above command and check if the server holding the roles is present your network.
I ran netdom query fsmo from my domain controller and this is what I got
C:\>netdom query fsmo
Schema owner               DC-1.abc.ad

Domain role owner        DC-1.abc.ad

PDC role                        DC-1.abc.ad

RID pool manager          DC-1.abc.ad

Infrastructure owner      DC-1.abc.ad

The command completed successfully.
------------------------------------------------------------------------
DC-1 is the name of my domain controller and abc.ad is the name of my domain
I don’t see the name of the old server, also under AD users and computers I only see one server under domain controllers I only see one server.
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial