The Active Directory integrated DNS zone _msdcs.DOMAINNAME.lan was not found
I have just installed a Server2008R2 into an existing Server2003 domain.
I have promoted this a DC and installed the DNS role.
I can confirm that DNS is working properly on the OTHER DC in the domain.
My problem is, that if I configure IP4 properties to point to own DNS its applying settings for 20 minutes! When running the Best Practice Analyzer for DNS it tells me that:
"The Active Directory integrated DNS zone _msdcs.ok-snacks.lan was not found"
I can confirm that there is not much written in this zone but it looks idential to the zone on the old DC.
Can anyone helps me out WITHOUT just pointing to some BP articles from Microsoft? :-)
I have promoted this a DC and installed the DNS role.
I can confirm that DNS is working properly on the OTHER DC in the domain.
My problem is, that if I configure IP4 properties to point to own DNS its applying settings for 20 minutes! When running the Best Practice Analyzer for DNS it tells me that:
"The Active Directory integrated DNS zone _msdcs.ok-snacks.lan was not found"
I can confirm that there is not much written in this zone but it looks idential to the zone on the old DC.
Can anyone helps me out WITHOUT just pointing to some BP articles from Microsoft? :-)
Neil Russell
On both DC's please run DCDiag and check for ANY errors reported.
Can you log on to that 2008 R2 DC and run in command-line these tests?
dcdiag /e /c /v >c:\dcdiag.log
repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
and post results here. Post also unmodified ipconfig /all from both of your DC, please.
Regards,
Krzysztof
dcdiag /e /c /v >c:\dcdiag.log
repadmin /showrepl /all /intersite /verbose >c:\repadmin.log
and post results here. Post also unmodified ipconfig /all from both of your DC, please.
Regards,
Krzysztof
ASKER
ISIEK :-)
--------------------------
Result of DCDIAG:
--------------------------
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERV-DC1, is a Directory Server.
Home Server = SERV-DC1
* Connecting to directory service on server SERV-DC1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ADCONTROLLER,C
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BACKUPSERVER,C
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERV-DC1,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... ADCONTROLLER passed test Connectivity
Testing server: Default-First-Site-Name\BA
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... BACKUPSERVER passed test Connectivity
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERV-DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Advertising
The DC ADCONTROLLER is advertising itself as a DC and having a DS.
The DC ADCONTROLLER is advertising as an LDAP server
The DC ADCONTROLLER is advertising as having a writeable directory
The DC ADCONTROLLER is advertising as a Key Distribution Center
The DC ADCONTROLLER is advertising as a time server
The DS ADCONTROLLER is advertising as a GC.
......................... ADCONTROLLER passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC ADCONTROLLER on DC SERV-DC1.
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/ADCONTROLLER
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/95589b0c-cfef-4c19-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/ADCONTROLLER
* SPN found :HOST/adcontroller.ok-snac
* SPN found :GC/adcontroller.ok-snacks
Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
[ADCONTROLLER] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... ADCONTROLLER passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ADCONTROLLER passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble
enabling replication from SERV-DC1 to
ADCONTROLLER for c:\windows\sysvol\domain using
the DNS name SERV-DC1.ok-snacks.lan. FRS will
keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SERV-DC1.ok-snacks.lan from this computer.
[2] FRS is not running on
SERV-DC1.ok-snacks.lan.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
A warning event occurred. EventID: 0x800034C5
Time Generated: 09/19/2011 10:45:54
Event String:
The File Replication Service has enabled
replication from SERV-DC1 to ADCONTROLLER for
c:\windows\sysvol\domain after repeated retries.
......................... ADCONTROLLER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... ADCONTROLLER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ADCONTROLLER passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ADCONTROLLER passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ADCONTROLLER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... ADCONTROLLER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ADCONTROLLER on DC ADCONTROLLER.
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/ADCONTROLLER
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/95589b0c-cfef-4c19-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/ADCONTROLLER
* SPN found :HOST/adcontroller.ok-snac
* SPN found :GC/adcontroller.ok-snacks
......................... ADCONTROLLER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ADCONTROLLER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... ADCONTROLLER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ADCONTROLLER\netlogon
Verified share \\ADCONTROLLER\sysvol
......................... ADCONTROLLER passed test NetLogons
Starting test: ObjectsReplicated
ADCONTROLLER is in domain DC=ok-snacks,DC=lan
Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ADCONTROLLER,C
Object is up-to-date on all servers.
......................... ADCONTROLLER passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... ADCONTROLLER passed test
OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... ADCONTROLLER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 1604 to 2103
* rIDPreviousAllocationPool is 1604 to 2103
* rIDNextRID: 1698
......................... ADCONTROLLER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
Invalid service type: RpcSs on ADCONTROLLER, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ADCONTROLLER failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... ADCONTROLLER passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ADCONTROLLER passed test Topology
Starting test: VerifyEnterpriseReferences
......................... ADCONTROLLER passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
on
CN=ADCONTROLLER,CN=Servers
are correct.
The system object reference (serverReferenceBL)
CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=ADCONTROLLER,C
are correct.
The system object reference (frsComputerReferenceBL)
CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
......................... ADCONTROLLER passed test VerifyReferences
Starting test: VerifyReplicas
......................... ADCONTROLLER passed test VerifyReplicas
Testing server: Default-First-Site-Name\BA
Starting test: Advertising
The DC BACKUPSERVER is advertising itself as a DC and having a DS.
The DC BACKUPSERVER is advertising as an LDAP server
The DC BACKUPSERVER is advertising as having a writeable directory
The DC BACKUPSERVER is advertising as a Key Distribution Center
The DC BACKUPSERVER is advertising as a time server
......................... BACKUPSERVER passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC BACKUPSERVER on DC SERV-DC1.
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/2b76e290-f2c7-46b0-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :GC/BACKUPSERVER.ok-snacks
Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
[BACKUPSERVER] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... BACKUPSERVER passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BACKUPSERVER passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble
enabling replication from SERV-DC1 to
BACKUPSERVER for c:\windows\sysvol\domain using
the DNS name SERV-DC1.ok-snacks.lan. FRS will
keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SERV-DC1.ok-snacks.lan from this computer.
[2] FRS is not running on
SERV-DC1.ok-snacks.lan.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
A warning event occurred. EventID: 0x800034C5
Time Generated: 09/19/2011 10:45:54
Event String:
The File Replication Service has enabled
replication from SERV-DC1 to BACKUPSERVER for
c:\windows\sysvol\domain after repeated retries.
......................... BACKUPSERVER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... BACKUPSERVER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BACKUPSERVER passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BACKUPSERVER passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BACKUPSERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... BACKUPSERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BACKUPSERVER on DC BACKUPSERVER.
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/2b76e290-f2c7-46b0-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :GC/BACKUPSERVER.ok-snacks
......................... BACKUPSERVER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BACKUPSERVER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... BACKUPSERVER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BACKUPSERVER\netlogon
Verified share \\BACKUPSERVER\sysvol
......................... BACKUPSERVER passed test NetLogons
Starting test: ObjectsReplicated
BACKUPSERVER is in domain DC=ok-snacks,DC=lan
Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BACKUPSERVER,C
Object is up-to-date on all servers.
......................... BACKUPSERVER passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... BACKUPSERVER passed test
OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... BACKUPSERVER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 2604 to 3103
* rIDPreviousAllocationPool is 2604 to 3103
* rIDNextRID: 2619
......................... BACKUPSERVER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
Invalid service type: RpcSs on BACKUPSERVER, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BACKUPSERVER failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... BACKUPSERVER passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BACKUPSERVER passed test Topology
Starting test: VerifyEnterpriseReferences
......................... BACKUPSERVER passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
on
CN=BACKUPSERVER,CN=Servers
are correct.
The system object reference (serverReferenceBL)
CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=BACKUPSERVER,C
are correct.
The system object reference (frsComputerReferenceBL)
CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
......................... BACKUPSERVER passed test VerifyReferences
Starting test: VerifyReplicas
......................... BACKUPSERVER passed test VerifyReplicas
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
The DC SERV-DC1 is advertising itself as a DC and having a DS.
The DC SERV-DC1 is advertising as an LDAP server
The DC SERV-DC1 is advertising as having a writeable directory
The DC SERV-DC1 is advertising as a Key Distribution Center
The DC SERV-DC1 is advertising as a time server
The DS SERV-DC1 is advertising as a GC.
......................... SERV-DC1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC SERV-DC1 on DC SERV-DC1.
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/81af9283-c054-4dc6-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :GC/SERV-DC1.ok-snacks.lan
[SERV-DC1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV-DC1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERV-DC1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034FA
Time Generated: 09/19/2011 10:05:57
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
A warning event occurred. EventID: 0x800034FA
Time Generated: 09/19/2011 10:25:20
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble enabling replication from BACKUPSERVER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name BACKUPSERVER.ok-snacks.lan
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name BACKUPSERVER.ok-snacks.lan
[2] FRS is not running on BACKUPSERVER.ok-snacks.lan
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble enabling replication from ADCONTROLLER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name adcontroller.ok-snacks.lan
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name adcontroller.ok-snacks.lan
[2] FRS is not running on adcontroller.ok-snacks.lan
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... SERV-DC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SERV-DC1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV-DC1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV-DC1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERV-DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... SERV-DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERV-DC1 on DC SERV-DC1.
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/81af9283-c054-4dc6-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :GC/SERV-DC1.ok-snacks.lan
......................... SERV-DC1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV-DC1.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... SERV-DC1 failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERV-DC1\netlogon
Verified share \\SERV-DC1\sysvol
......................... SERV-DC1 passed test NetLogons
Starting test: ObjectsReplicated
SERV-DC1 is in domain DC=ok-snacks,DC=lan
Checking for CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERV-DC1,CN=Se
Object is up-to-date on all servers.
......................... SERV-DC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERV-DC1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV-DC1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 3604 to 4103
* rIDPreviousAllocationPool is 3604 to 4103
* rIDNextRID: 3613
......................... SERV-DC1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV-DC1 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x000003F6
Time Generated: 09/19/2011 12:14:20
Event String:
Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x8000001D
Time Generated: 09/19/2011 12:25:38
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x00002724
Time Generated: 09/19/2011 12:26:01
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x000003F6
Time Generated: 09/19/2011 12:26:27
Event String:
Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727AA
Time Generated: 09/19/2011 12:28:34
Event String:
The WinRM service failed to create the following SPNs: WSMAN/SERV-DC1.ok-snacks.l
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Found no errors in "System" Event log in the last 60 minutes.
......................... SERV-DC1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERV-DC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SERV-DC1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
CN=SERV-DC1,CN=Servers,CN=
are correct.
The system object reference (serverReferenceBL)
CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=SERV-DC1,CN=Se
are correct.
The system object reference (frsComputerReferenceBL)
CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
are correct.
......................... SERV-DC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERV-DC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
Starting test: DNS
Starting test: DNS
See DNS test in enterprise tests section for results
......................... BACKUPSERVER passed test
DNS
See DNS test in enterprise tests section for results
......................... ADCONTROLLER passed test DNS
See DNS test in enterprise tests section for results
......................... SERV-DC1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ok-snacks
Starting test: CheckSDRefDom
......................... ok-snacks passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ok-snacks passed test CrossRefValidation
Running enterprise tests on : ok-snacks.lan
Starting test: DNS
Test results for domain controllers:
DC: adcontroller.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
MAC address is 00:15:17:0D:DF:56
IP Address is static
IP address: 192.168.1.101
DNS servers:
192.168.1.101 (ADCONTROLLER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
193.162.145.130 (<name unavailable>) [Valid]
193.162.153.164 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
Matching CNAME record found at DNS server 192.168.1.101:
95589b0c-cfef-4c19-bc04-d9
Matching A record found at DNS server 192.168.1.101:
adcontroller.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.101:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.pdc._msdcs.ok-s
DC: BACKUPSERVER.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] HP NC320i PCIe Gigabit Server Adapter:
MAC address is 00:17:A4:37:D0:AB
IP Address is static
IP address: 192.168.1.253, 192.168.1.10
DNS servers:
192.168.1.253 (BACKUPSERVER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
194.239.134.83 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] HP NC320i PCIe Gigabit Server Adapter:
Matching CNAME record found at DNS server 192.168.1.253:
2b76e290-f2c7-46b0-966a-6b
Matching A record found at DNS server 192.168.1.253:
BACKUPSERVER.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.253:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.Default-Fir
DC: SERV-DC1.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is 78:2B:CB:4C:B5:28
IP Address is static
IP address: 192.168.1.2, fe80::f855:9700:4df0:f815
DNS servers:
192.168.1.101 (ADCONTROLLER) [Valid]
192.168.1.2 (SERV-DC1) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 198.41.0.10 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.101:
81af9283-c054-4dc6-abec-d6
Matching A record found at DNS server 192.168.1.101:
SERV-DC1.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.101:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching CNAME record found at DNS server 192.168.1.2:
81af9283-c054-4dc6-abec-d6
Matching A record found at DNS server 192.168.1.2:
SERV-DC1.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.2:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.2:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.101 (ADCONTROLLER)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.2 (SERV-DC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.253 (BACKUPSERVER)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.162.145.130 (<name unavailable>)
All tests passed on this DNS server
DNS server: 193.162.153.164 (<name unavailable>)
All tests passed on this DNS server
DNS server: 194.239.134.83 (<name unavailable>)
All tests passed on this DNS server
DNS server: 198.41.0.10 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: ok-snacks.lan
adcontroller PASS PASS PASS PASS WARN PASS n/a
BACKUPSERVER PASS PASS PASS PASS WARN PASS n/a
SERV-DC1 PASS PASS PASS PASS WARN PASS n/a
......................... ok-snacks.lan passed test DNS
Starting test: LocatorCheck
GC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
PDC Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
Time Server Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
KDC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
......................... ok-snacks.lan passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
PDC Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
Time Server Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
KDC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
......................... ok-snacks.lan passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ok-snacks.lan passed test Intersite
--------------------------
Result of REPADMIN:
--------------------------
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 81af9283-c054-4dc6-abec-d6
DSA invocationID: f631ee63-f78a-435d-80e6-73
==== INBOUND NEIGHBORS ==========================
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
DC=ok-snacks,DC=lan
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-19 12:48:13 was successful.
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-19 12:48:16 was successful.
CN=Configuration,DC=ok-sna
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-19 12:46:00 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-19 12:46:03 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:43 was successful.
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:46 was successful.
DC=DomainDnsZones,DC=ok-sn
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:55 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:58 was successful.
DC=ForestDnsZones,DC=ok-sn
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:49 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:52 was successful.
==== KCC CONNECTION OBJECTS ==========================
Connection --
Connection name : 4c9cb3f1-eb0e-4f1b-91c0-fc
Server DNS name : SERV-DC1.ok-snacks.lan
Server DN name : CN=NTDS Settings,CN=SERV-DC1,CN=Se
Source: Default-First-Site-Name\BA
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: DC=ForestDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ok-snacks,DC=lan
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Configuration,DC=ok-sna
Reason: RingTopology
Replica link has been added.
enabledConnection: TRUE
whenChanged: 20110914131641.0Z
whenCreated: 20110914131641.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
Connection --
Connection name : 8968558e-7d8a-4ccf-acb5-b1
Server DNS name : SERV-DC1.ok-snacks.lan
Server DN name : CN=NTDS Settings,CN=SERV-DC1,CN=Se
Source: Default-First-Site-Name\AD
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: DC=ForestDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ok-snacks,DC=lan
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Configuration,DC=ok-sna
Reason: RingTopology
Replica link has been added.
enabledConnection: TRUE
whenChanged: 20110914131641.0Z
whenCreated: 20110914131641.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
2 connections found.
Partition Replication Schedule Loading:
00 01 02 03 04 05 06 07 08 09 10 11
0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3
Sun: 10000000100000001000000010
Sun: 10000000100000001000000010
Mon: 10000000100000001000000010
Mon: 10000000100000001000000010
Tue: 10000000100000001000000010
Tue: 10000000100000001000000010
Wed: 10000000100000001000000010
Wed: 10000000100000001000000010
Thu: 10000000100000001000000010
Thu: 10000000100000001000000010
Fri: 10000000100000001000000010
Fri: 10000000100000001000000010
Sat: 10000000100000001000000010
Sat: 10000000100000001000000010
--------------------------
Result of IPCONFIG:
--------------------------
SERV-DC1: (new 2008R2 srv)
--------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERV-DC1
Primary Dns Suffix . . . . . . . : ok-snacks.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ok-snacks.lan
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ok-snacks.lan
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 78-2B-CB-4C-B5-28
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f855:9700:4df0:f815%
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242756555
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-02-3A-CB-78
DNS Servers . . . . . . . . . . . : 192.168.1.101
192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{EEDA89F6-8BC9-4EC0
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ok-snacks.lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
--------------------------
ADCONTROLLER (old 2003 srv)
--------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : adcontroller
Primary Dns Suffix . . . . . . . : ok-snacks.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ok-snacks.lan
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
Physical Address. . . . . . . . . : 00-15-17-0D-DF-56
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.101
Primary WINS Server . . . . . . . : 192.168.1.101
--------------------------
Result of DCDIAG:
--------------------------
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERV-DC1, is a Directory Server.
Home Server = SERV-DC1
* Connecting to directory service on server SERV-DC1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ADCONTROLLER,C
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BACKUPSERVER,C
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERV-DC1,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... ADCONTROLLER passed test Connectivity
Testing server: Default-First-Site-Name\BA
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... BACKUPSERVER passed test Connectivity
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERV-DC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Advertising
The DC ADCONTROLLER is advertising itself as a DC and having a DS.
The DC ADCONTROLLER is advertising as an LDAP server
The DC ADCONTROLLER is advertising as having a writeable directory
The DC ADCONTROLLER is advertising as a Key Distribution Center
The DC ADCONTROLLER is advertising as a time server
The DS ADCONTROLLER is advertising as a GC.
......................... ADCONTROLLER passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC ADCONTROLLER on DC SERV-DC1.
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/ADCONTROLLER
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/95589b0c-cfef-4c19-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/ADCONTROLLER
* SPN found :HOST/adcontroller.ok-snac
* SPN found :GC/adcontroller.ok-snacks
Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
[ADCONTROLLER] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... ADCONTROLLER passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ADCONTROLLER passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble
enabling replication from SERV-DC1 to
ADCONTROLLER for c:\windows\sysvol\domain using
the DNS name SERV-DC1.ok-snacks.lan. FRS will
keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SERV-DC1.ok-snacks.lan from this computer.
[2] FRS is not running on
SERV-DC1.ok-snacks.lan.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
A warning event occurred. EventID: 0x800034C5
Time Generated: 09/19/2011 10:45:54
Event String:
The File Replication Service has enabled
replication from SERV-DC1 to ADCONTROLLER for
c:\windows\sysvol\domain after repeated retries.
......................... ADCONTROLLER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... ADCONTROLLER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ADCONTROLLER passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ADCONTROLLER passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ADCONTROLLER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... ADCONTROLLER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ADCONTROLLER on DC ADCONTROLLER.
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/ADCONTROLLER
* SPN found :LDAP/adcontroller.ok-snac
* SPN found :LDAP/95589b0c-cfef-4c19-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/adcontroller.ok-snac
* SPN found :HOST/ADCONTROLLER
* SPN found :HOST/adcontroller.ok-snac
* SPN found :GC/adcontroller.ok-snacks
......................... ADCONTROLLER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ADCONTROLLER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... ADCONTROLLER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ADCONTROLLER\netlogon
Verified share \\ADCONTROLLER\sysvol
......................... ADCONTROLLER passed test NetLogons
Starting test: ObjectsReplicated
ADCONTROLLER is in domain DC=ok-snacks,DC=lan
Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ADCONTROLLER,C
Object is up-to-date on all servers.
......................... ADCONTROLLER passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... ADCONTROLLER passed test
OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... ADCONTROLLER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 1604 to 2103
* rIDPreviousAllocationPool is 1604 to 2103
* rIDNextRID: 1698
......................... ADCONTROLLER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
Invalid service type: RpcSs on ADCONTROLLER, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ADCONTROLLER failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... ADCONTROLLER passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ADCONTROLLER passed test Topology
Starting test: VerifyEnterpriseReferences
......................... ADCONTROLLER passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
on
CN=ADCONTROLLER,CN=Servers
are correct.
The system object reference (serverReferenceBL)
CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=ADCONTROLLER,C
are correct.
The system object reference (frsComputerReferenceBL)
CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,D
......................... ADCONTROLLER passed test VerifyReferences
Starting test: VerifyReplicas
......................... ADCONTROLLER passed test VerifyReplicas
Testing server: Default-First-Site-Name\BA
Starting test: Advertising
The DC BACKUPSERVER is advertising itself as a DC and having a DS.
The DC BACKUPSERVER is advertising as an LDAP server
The DC BACKUPSERVER is advertising as having a writeable directory
The DC BACKUPSERVER is advertising as a Key Distribution Center
The DC BACKUPSERVER is advertising as a time server
......................... BACKUPSERVER passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC BACKUPSERVER on DC SERV-DC1.
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/2b76e290-f2c7-46b0-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :GC/BACKUPSERVER.ok-snacks
Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
[BACKUPSERVER] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... BACKUPSERVER passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BACKUPSERVER passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble
enabling replication from SERV-DC1 to
BACKUPSERVER for c:\windows\sysvol\domain using
the DNS name SERV-DC1.ok-snacks.lan. FRS will
keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
SERV-DC1.ok-snacks.lan from this computer.
[2] FRS is not running on
SERV-DC1.ok-snacks.lan.
[3] The topology information in the Active
Directory Domain Services for this replica has
not yet replicated to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
A warning event occurred. EventID: 0x800034C5
Time Generated: 09/19/2011 10:45:54
Event String:
The File Replication Service has enabled
replication from SERV-DC1 to BACKUPSERVER for
c:\windows\sysvol\domain after repeated retries.
......................... BACKUPSERVER passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... BACKUPSERVER passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BACKUPSERVER passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BACKUPSERVER passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... BACKUPSERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... BACKUPSERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC BACKUPSERVER on DC BACKUPSERVER.
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/BACKUPSERVER
* SPN found :LDAP/BACKUPSERVER.ok-snac
* SPN found :LDAP/2b76e290-f2c7-46b0-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :HOST/BACKUPSERVER
* SPN found :HOST/BACKUPSERVER.ok-snac
* SPN found :GC/BACKUPSERVER.ok-snacks
......................... BACKUPSERVER passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BACKUPSERVER.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... BACKUPSERVER failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BACKUPSERVER\netlogon
Verified share \\BACKUPSERVER\sysvol
......................... BACKUPSERVER passed test NetLogons
Starting test: ObjectsReplicated
BACKUPSERVER is in domain DC=ok-snacks,DC=lan
Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=BACKUPSERVER,C
Object is up-to-date on all servers.
......................... BACKUPSERVER passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... BACKUPSERVER passed test
OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... BACKUPSERVER passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 2604 to 3103
* rIDPreviousAllocationPool is 2604 to 3103
* rIDNextRID: 2619
......................... BACKUPSERVER passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
Invalid service type: RpcSs on BACKUPSERVER, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BACKUPSERVER failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... BACKUPSERVER passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BACKUPSERVER passed test Topology
Starting test: VerifyEnterpriseReferences
......................... BACKUPSERVER passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
on
CN=BACKUPSERVER,CN=Servers
are correct.
The system object reference (serverReferenceBL)
CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=BACKUPSERVER,C
are correct.
The system object reference (frsComputerReferenceBL)
CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,D
......................... BACKUPSERVER passed test VerifyReferences
Starting test: VerifyReplicas
......................... BACKUPSERVER passed test VerifyReplicas
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
The DC SERV-DC1 is advertising itself as a DC and having a DS.
The DC SERV-DC1 is advertising as an LDAP server
The DC SERV-DC1 is advertising as having a writeable directory
The DC SERV-DC1 is advertising as a Key Distribution Center
The DC SERV-DC1 is advertising as a time server
The DS SERV-DC1 is advertising as a GC.
......................... SERV-DC1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
Checking machine account for DC SERV-DC1 on DC SERV-DC1.
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/81af9283-c054-4dc6-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :GC/SERV-DC1.ok-snacks.lan
[SERV-DC1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERV-DC1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERV-DC1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034FA
Time Generated: 09/19/2011 10:05:57
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
A warning event occurred. EventID: 0x800034FA
Time Generated: 09/19/2011 10:25:20
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble enabling replication from BACKUPSERVER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name BACKUPSERVER.ok-snacks.lan
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name BACKUPSERVER.ok-snacks.lan
[2] FRS is not running on BACKUPSERVER.ok-snacks.lan
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
A warning event occurred. EventID: 0x800034C4
Time Generated: 09/19/2011 10:30:05
Event String:
The File Replication Service is having trouble enabling replication from ADCONTROLLER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name adcontroller.ok-snacks.lan
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name adcontroller.ok-snacks.lan
[2] FRS is not running on adcontroller.ok-snacks.lan
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... SERV-DC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SERV-DC1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV-DC1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERV-DC1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERV-DC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,C
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Se
......................... SERV-DC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERV-DC1 on DC SERV-DC1.
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/SERV-DC1
* SPN found :LDAP/SERV-DC1.ok-snacks.l
* SPN found :LDAP/81af9283-c054-4dc6-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :HOST/SERV-DC1
* SPN found :HOST/SERV-DC1.ok-snacks.l
* SPN found :GC/SERV-DC1.ok-snacks.lan
......................... SERV-DC1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV-DC1.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=ok-sn
* Security Permissions Check for
DC=DomainDnsZones,DC=ok-sn
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=ok-sn
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=ok-sna
(Configuration,Version 3)
* Security Permissions Check for
DC=ok-snacks,DC=lan
(Domain,Version 3)
......................... SERV-DC1 failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERV-DC1\netlogon
Verified share \\SERV-DC1\sysvol
......................... SERV-DC1 passed test NetLogons
Starting test: ObjectsReplicated
SERV-DC1 is in domain DC=ok-snacks,DC=lan
Checking for CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERV-DC1,CN=Se
Object is up-to-date on all servers.
......................... SERV-DC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERV-DC1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ok-sn
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ok-sna
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=ok-snacks,DC=lan
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... SERV-DC1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4104 to 1073741823
* adcontroller.ok-snacks.lan
* DsBind with RID Master was successful
* rIDAllocationPool is 3604 to 4103
* rIDPreviousAllocationPool is 3604 to 4103
* rIDNextRID: 3613
......................... SERV-DC1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERV-DC1 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x000003F6
Time Generated: 09/19/2011 12:14:20
Event String:
Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x8000001D
Time Generated: 09/19/2011 12:25:38
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x00002724
Time Generated: 09/19/2011 12:26:01
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
A warning event occurred. EventID: 0x000003F6
Time Generated: 09/19/2011 12:26:27
Event String:
Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727AA
Time Generated: 09/19/2011 12:28:34
Event String:
The WinRM service failed to create the following SPNs: WSMAN/SERV-DC1.ok-snacks.l
Additional Data
The error received was 8344: %%8344.
User Action
The SPNs can be created by an administrator using setspn.exe utility.
Found no errors in "System" Event log in the last 60 minutes.
......................... SERV-DC1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=ok-sn
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=ok-sna
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=ok-snacks,DC=lan.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERV-DC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SERV-DC1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
CN=SERV-DC1,CN=Servers,CN=
are correct.
The system object reference (serverReferenceBL)
CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on
CN=NTDS Settings,CN=SERV-DC1,CN=Se
are correct.
The system object reference (frsComputerReferenceBL)
CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-sn
and backlink on CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,D
are correct.
......................... SERV-DC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERV-DC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
Starting test: DNS
Starting test: DNS
See DNS test in enterprise tests section for results
......................... BACKUPSERVER passed test
DNS
See DNS test in enterprise tests section for results
......................... ADCONTROLLER passed test DNS
See DNS test in enterprise tests section for results
......................... SERV-DC1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ok-snacks
Starting test: CheckSDRefDom
......................... ok-snacks passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ok-snacks passed test CrossRefValidation
Running enterprise tests on : ok-snacks.lan
Starting test: DNS
Test results for domain controllers:
DC: adcontroller.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
MAC address is 00:15:17:0D:DF:56
IP Address is static
IP address: 192.168.1.101
DNS servers:
192.168.1.101 (ADCONTROLLER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
193.162.145.130 (<name unavailable>) [Valid]
193.162.153.164 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:
Matching CNAME record found at DNS server 192.168.1.101:
95589b0c-cfef-4c19-bc04-d9
Matching A record found at DNS server 192.168.1.101:
adcontroller.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.101:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.pdc._msdcs.ok-s
DC: BACKUPSERVER.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] HP NC320i PCIe Gigabit Server Adapter:
MAC address is 00:17:A4:37:D0:AB
IP Address is static
IP address: 192.168.1.253, 192.168.1.10
DNS servers:
192.168.1.253 (BACKUPSERVER) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
194.239.134.83 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] HP NC320i PCIe Gigabit Server Adapter:
Matching CNAME record found at DNS server 192.168.1.253:
2b76e290-f2c7-46b0-966a-6b
Matching A record found at DNS server 192.168.1.253:
BACKUPSERVER.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.253:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.253:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.253:
_kerberos._tcp.Default-Fir
DC: SERV-DC1.ok-snacks.lan
Domain: ok-snacks.lan
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is 78:2B:CB:4C:B5:28
IP Address is static
IP address: 192.168.1.2, fe80::f855:9700:4df0:f815
DNS servers:
192.168.1.101 (ADCONTROLLER) [Valid]
192.168.1.2 (SERV-DC1) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 198.41.0.10 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone ok-snacks.lan
Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
Matching CNAME record found at DNS server 192.168.1.101:
81af9283-c054-4dc6-abec-d6
Matching A record found at DNS server 192.168.1.101:
SERV-DC1.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.101:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.101:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.101:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.101:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.101:
_ldap._tcp.Default-First-S
Matching CNAME record found at DNS server 192.168.1.2:
81af9283-c054-4dc6-abec-d6
Matching A record found at DNS server 192.168.1.2:
SERV-DC1.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.fc6f75d8-1e16-4
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.dc._msdcs.o
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.dc._msdcs.ok-sn
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._udp.ok-snacks.l
Matching SRV record found at DNS server 192.168.1.2:
_kpasswd._tcp.ok-snacks.la
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 192.168.1.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.gc._msdcs.ok-sn
Matching A record found at DNS server 192.168.1.2:
gc._msdcs.ok-snacks.lan
Matching SRV record found at DNS server 192.168.1.2:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 192.168.1.2:
_ldap._tcp.Default-First-S
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.1.101 (ADCONTROLLER)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.2 (SERV-DC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.253 (BACKUPSERVER)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.162.145.130 (<name unavailable>)
All tests passed on this DNS server
DNS server: 193.162.153.164 (<name unavailable>)
All tests passed on this DNS server
DNS server: 194.239.134.83 (<name unavailable>)
All tests passed on this DNS server
DNS server: 198.41.0.10 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: ok-snacks.lan
adcontroller PASS PASS PASS PASS WARN PASS n/a
BACKUPSERVER PASS PASS PASS PASS WARN PASS n/a
SERV-DC1 PASS PASS PASS PASS WARN PASS n/a
......................... ok-snacks.lan passed test DNS
Starting test: LocatorCheck
GC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
PDC Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
Time Server Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
KDC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
......................... ok-snacks.lan passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
PDC Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
Time Server Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
Preferred Time Server Name: \\adcontroller.ok-snacks.l
Locator Flags: 0xe00003fd
KDC Name: \\SERV-DC1.ok-snacks.lan
Locator Flags: 0xe00031fc
......................... ok-snacks.lan passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... ok-snacks.lan passed test Intersite
--------------------------
Result of REPADMIN:
--------------------------
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 81af9283-c054-4dc6-abec-d6
DSA invocationID: f631ee63-f78a-435d-80e6-73
==== INBOUND NEIGHBORS ==========================
==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============
DC=ok-snacks,DC=lan
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-19 12:48:13 was successful.
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-19 12:48:16 was successful.
CN=Configuration,DC=ok-sna
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-19 12:46:00 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-19 12:46:03 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:43 was successful.
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:46 was successful.
DC=DomainDnsZones,DC=ok-sn
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:55 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:58 was successful.
DC=ForestDnsZones,DC=ok-sn
Default-First-Site-Name\AD
DSA object GUID: 95589b0c-cfef-4c19-bc04-d9
Address: 95589b0c-cfef-4c19-bc04-d9
WRITEABLE
Last attempt @ 2011-09-15 16:07:49 was successful.
Default-First-Site-Name\BA
DSA object GUID: 2b76e290-f2c7-46b0-966a-6b
Address: 2b76e290-f2c7-46b0-966a-6b
WRITEABLE
Last attempt @ 2011-09-15 16:07:52 was successful.
==== KCC CONNECTION OBJECTS ==========================
Connection --
Connection name : 4c9cb3f1-eb0e-4f1b-91c0-fc
Server DNS name : SERV-DC1.ok-snacks.lan
Server DN name : CN=NTDS Settings,CN=SERV-DC1,CN=Se
Source: Default-First-Site-Name\BA
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: DC=ForestDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ok-snacks,DC=lan
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Configuration,DC=ok-sna
Reason: RingTopology
Replica link has been added.
enabledConnection: TRUE
whenChanged: 20110914131641.0Z
whenCreated: 20110914131641.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
Connection --
Connection name : 8968558e-7d8a-4ccf-acb5-b1
Server DNS name : SERV-DC1.ok-snacks.lan
Server DN name : CN=NTDS Settings,CN=SERV-DC1,CN=Se
Source: Default-First-Site-Name\AD
No Failures.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: DC=ForestDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=DomainDnsZones,DC=ok-sn
Reason: RingTopology
Replica link has been added.
ReplicatesNC: DC=ok-snacks,DC=lan
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration
Reason: RingTopology
Replica link has been added.
ReplicatesNC: CN=Configuration,DC=ok-sna
Reason: RingTopology
Replica link has been added.
enabledConnection: TRUE
whenChanged: 20110914131641.0Z
whenCreated: 20110914131641.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
2 connections found.
Partition Replication Schedule Loading:
00 01 02 03 04 05 06 07 08 09 10 11
0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3
Sun: 10000000100000001000000010
Sun: 10000000100000001000000010
Mon: 10000000100000001000000010
Mon: 10000000100000001000000010
Tue: 10000000100000001000000010
Tue: 10000000100000001000000010
Wed: 10000000100000001000000010
Wed: 10000000100000001000000010
Thu: 10000000100000001000000010
Thu: 10000000100000001000000010
Fri: 10000000100000001000000010
Fri: 10000000100000001000000010
Sat: 10000000100000001000000010
Sat: 10000000100000001000000010
--------------------------
Result of IPCONFIG:
--------------------------
SERV-DC1: (new 2008R2 srv)
--------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : SERV-DC1
Primary Dns Suffix . . . . . . . : ok-snacks.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ok-snacks.lan
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : ok-snacks.lan
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 78-2B-CB-4C-B5-28
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f855:9700:4df0:f815%
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242756555
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-02-3A-CB-78
DNS Servers . . . . . . . . . . . : 192.168.1.101
192.168.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{EEDA89F6-8BC9-4EC0
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ok-snacks.lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
--------------------------
ADCONTROLLER (old 2003 srv)
--------------------------
Windows IP Configuration
Host Name . . . . . . . . . . . . : adcontroller
Primary Dns Suffix . . . . . . . : ok-snacks.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ok-snacks.lan
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
Physical Address. . . . . . . . . : 00-15-17-0D-DF-56
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.101
Primary WINS Server . . . . . . . : 192.168.1.101
One of your DCs is multihomed (has more than 1 NIC configured). This can lead to problems.
This DC is DC: BACKUPSERVER.ok-snacks.lan
Please, try to follow with this article at Microsoft Technet and check if ater configuration changes, your DC will start to work
http://support.microsoft.com/kb/272294
Krzysztof
This DC is DC: BACKUPSERVER.ok-snacks.lan
Please, try to follow with this article at Microsoft Technet and check if ater configuration changes, your DC will start to work
http://support.microsoft.com/kb/272294
Krzysztof
ASKER
ISieK:
?? The server BACKUPSERVER has only one NIC??
ADCONTROLLER has two NIC's but the second is disabled.
?? The server BACKUPSERVER has only one NIC??
ADCONTROLLER has two NIC's but the second is disabled.
OK, this is one NIC and two IPs, right? So, there is no problem, sorry :)
OK, let's try this way. Reconfigure your NIC's properties. In DNS section on that server point to another DC with DNS as primary IP address. Remove DNS role from your server and add it again. Wait some time (i.e. 1 hour) and check if DNS zone was replicated and problem disappeared.
Krzysztof
OK, let's try this way. Reconfigure your NIC's properties. In DNS section on that server point to another DC with DNS as primary IP address. Remove DNS role from your server and add it again. Wait some time (i.e. 1 hour) and check if DNS zone was replicated and problem disappeared.
Krzysztof
ASKER
GREAT ! testing and get back to you :-)
ASKER
iSieK:
Hmm this is really strange.
When I examine the zones of the DNS on the two servers, they look exactly the sames!
However on the new 2008 it still says that the zone does not exists even though I can see the zone???
Hmm this is really strange.
When I examine the zones of the DNS on the two servers, they look exactly the sames!
However on the new 2008 it still says that the zone does not exists even though I can see the zone???
ASKER
another important thing!
I have just tried to do a backup/restore of the DNS Zone.
I used DNSCMD.EXE first on the old server and then exported it from the new.
SAME RESULT!!
I have just tried to do a backup/restore of the DNS Zone.
I used DNSCMD.EXE first on the old server and then exported it from the new.
SAME RESULT!!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.