Solved

The Active Directory integrated DNS zone _msdcs.DOMAINNAME.lan was not found

Posted on 2011-09-19
10
2,340 Views
Last Modified: 2012-05-12
I have just installed a Server2008R2 into an existing Server2003 domain.
I have promoted this a DC and installed the DNS role.
I can confirm that DNS is working properly on the OTHER DC in the domain.

My problem is, that if I configure IP4 properties to point to own DNS its applying settings for 20 minutes!  When running the Best Practice Analyzer for DNS it tells me that:
"The Active Directory integrated DNS zone _msdcs.ok-snacks.lan was not found"

I can confirm that there is not much written in this zone but it looks idential to the zone on the old DC.

Can anyone helps me out WITHOUT just pointing to some BP articles from Microsoft? :-)
0
Comment
Question by:Ohmit
  • 5
  • 4
10 Comments
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36559367
On both DC's please run DCDiag and check for ANY errors reported.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36559370
Can you log on to that 2008 R2 DC and run in command-line these tests?

dcdiag /e /c /v >c:\dcdiag.log
repadmin /showrepl /all /intersite /verbose >c:\repadmin.log

and post results here. Post also unmodified ipconfig /all from both of your DC, please.

Regards,
Krzysztof
0
 

Author Comment

by:Ohmit
ID: 36559448
ISIEK :-)
----------------------------

Result of DCDIAG:
-----------------------------------------------------------------------------------------------------------------------
Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SERV-DC1, is a Directory Server.
   Home Server = SERV-DC1

   * Connecting to directory service on server SERV-DC1.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=BACKUPSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 3 DC(s). Testing 3 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\ADCONTROLLER

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... ADCONTROLLER passed test Connectivity

   
   Testing server: Default-First-Site-Name\BACKUPSERVER

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... BACKUPSERVER passed test Connectivity

   
   Testing server: Default-First-Site-Name\SERV-DC1

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... SERV-DC1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\ADCONTROLLER

      Starting test: Advertising

         The DC ADCONTROLLER is advertising itself as a DC and having a DS.
         The DC ADCONTROLLER is advertising as an LDAP server
         The DC ADCONTROLLER is advertising as having a writeable directory
         The DC ADCONTROLLER is advertising as a Key Distribution Center
         The DC ADCONTROLLER is advertising as a time server
         The DS ADCONTROLLER is advertising as a GC.
         ......................... ADCONTROLLER passed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
         Checking machine account for DC ADCONTROLLER on DC SERV-DC1.
         * SPN found :LDAP/adcontroller.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/adcontroller.ok-snacks.lan
         * SPN found :LDAP/ADCONTROLLER
         * SPN found :LDAP/adcontroller.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/95589b0c-cfef-4c19-bc04-d9e024d5a699/ok-snacks.lan
         * SPN found :HOST/adcontroller.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/adcontroller.ok-snacks.lan
         * SPN found :HOST/ADCONTROLLER
         * SPN found :HOST/adcontroller.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/adcontroller.ok-snacks.lan/ok-snacks.lan
         Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,DC=lan in domain DC=ok-snacks,DC=lan on 2 servers
            Object is up-to-date on all servers.
         [ADCONTROLLER] No security related replication errors were found on

         this DC!  To target the connection to a specific source DC use

         /ReplSource:<DC>.

         ......................... ADCONTROLLER passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... ADCONTROLLER passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         A warning event occurred.  EventID: 0x800034C4

            Time Generated: 09/19/2011   10:30:05

            Event String:

            The File Replication Service is having trouble

            enabling replication from SERV-DC1 to

            ADCONTROLLER for c:\windows\sysvol\domain using

            the DNS name SERV-DC1.ok-snacks.lan. FRS will

            keep retrying.

             Following are some of the reasons you would see

            this warning.

             

             [1] FRS can not correctly resolve the DNS name

            SERV-DC1.ok-snacks.lan from this computer.

             [2] FRS is not running on

            SERV-DC1.ok-snacks.lan.

             [3] The topology information in the Active

            Directory Domain Services for this replica has

            not yet replicated to all the Domain Controllers.

           

             

             This event log message will appear once per

            connection, After the problem is fixed you will

            see another event log message indicating that the

            connection has been established.

         A warning event occurred.  EventID: 0x800034C5

            Time Generated: 09/19/2011   10:45:54

            Event String:

            The File Replication Service has enabled

            replication from SERV-DC1 to ADCONTROLLER for

            c:\windows\sysvol\domain after repeated retries.

         ......................... ADCONTROLLER passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         Skip the test because the server is running FRS.

         ......................... ADCONTROLLER passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... ADCONTROLLER passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... ADCONTROLLER passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... ADCONTROLLER passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         ......................... ADCONTROLLER passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC ADCONTROLLER on DC ADCONTROLLER.
         * SPN found :LDAP/adcontroller.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/adcontroller.ok-snacks.lan
         * SPN found :LDAP/ADCONTROLLER
         * SPN found :LDAP/adcontroller.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/95589b0c-cfef-4c19-bc04-d9e024d5a699/ok-snacks.lan
         * SPN found :HOST/adcontroller.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/adcontroller.ok-snacks.lan
         * SPN found :HOST/ADCONTROLLER
         * SPN found :HOST/adcontroller.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/adcontroller.ok-snacks.lan/ok-snacks.lan
         ......................... ADCONTROLLER passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC ADCONTROLLER.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           DC=DomainDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=ok-snacks,DC=lan
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=ok-snacks,DC=lan
            (Domain,Version 3)
         ......................... ADCONTROLLER failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\ADCONTROLLER\netlogon
         Verified share \\ADCONTROLLER\sysvol
         ......................... ADCONTROLLER passed test NetLogons

      Starting test: ObjectsReplicated

         ADCONTROLLER is in domain DC=ok-snacks,DC=lan
         Checking for CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,DC=lan in domain DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan in domain CN=Configuration,DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         ......................... ADCONTROLLER passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... ADCONTROLLER passed test

         OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... ADCONTROLLER passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4104 to 1073741823
         * adcontroller.ok-snacks.lan is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1604 to 2103
         * rIDPreviousAllocationPool is 1604 to 2103
         * rIDNextRID: 1698
         ......................... ADCONTROLLER passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
            Invalid service type: RpcSs on ADCONTROLLER, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ADCONTROLLER failed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... ADCONTROLLER passed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... ADCONTROLLER passed test Topology

      Starting test: VerifyEnterpriseReferences

         ......................... ADCONTROLLER passed test

         VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,DC=lan and backlink

         on

         CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (serverReferenceBL)

         CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on

         CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=ADCONTROLLER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on

         CN=ADCONTROLLER,OU=Domain Controllers,DC=ok-snacks,DC=lan are correct.

         ......................... ADCONTROLLER passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... ADCONTROLLER passed test VerifyReplicas

   
   Testing server: Default-First-Site-Name\BACKUPSERVER

      Starting test: Advertising

         The DC BACKUPSERVER is advertising itself as a DC and having a DS.
         The DC BACKUPSERVER is advertising as an LDAP server
         The DC BACKUPSERVER is advertising as having a writeable directory
         The DC BACKUPSERVER is advertising as a Key Distribution Center
         The DC BACKUPSERVER is advertising as a time server
         ......................... BACKUPSERVER passed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
         Checking machine account for DC BACKUPSERVER on DC SERV-DC1.
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan
         * SPN found :LDAP/BACKUPSERVER
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2b76e290-f2c7-46b0-966a-6bdc46bc7df7/ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,DC=lan in domain DC=ok-snacks,DC=lan on 2 servers
            Object is up-to-date on all servers.
         [BACKUPSERVER] No security related replication errors were found on

         this DC!  To target the connection to a specific source DC use

         /ReplSource:<DC>.

         ......................... BACKUPSERVER passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BACKUPSERVER passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         A warning event occurred.  EventID: 0x800034C4

            Time Generated: 09/19/2011   10:30:05

            Event String:

            The File Replication Service is having trouble

            enabling replication from SERV-DC1 to

            BACKUPSERVER for c:\windows\sysvol\domain using

            the DNS name SERV-DC1.ok-snacks.lan. FRS will

            keep retrying.

             Following are some of the reasons you would see

            this warning.

             

             [1] FRS can not correctly resolve the DNS name

            SERV-DC1.ok-snacks.lan from this computer.

             [2] FRS is not running on

            SERV-DC1.ok-snacks.lan.

             [3] The topology information in the Active

            Directory Domain Services for this replica has

            not yet replicated to all the Domain Controllers.

           

             

             This event log message will appear once per

            connection, After the problem is fixed you will

            see another event log message indicating that the

            connection has been established.

         A warning event occurred.  EventID: 0x800034C5

            Time Generated: 09/19/2011   10:45:54

            Event String:

            The File Replication Service has enabled

            replication from SERV-DC1 to BACKUPSERVER for

            c:\windows\sysvol\domain after repeated retries.

         ......................... BACKUPSERVER passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         Skip the test because the server is running FRS.

         ......................... BACKUPSERVER passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... BACKUPSERVER passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... BACKUPSERVER passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... BACKUPSERVER passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         ......................... BACKUPSERVER passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC BACKUPSERVER on DC BACKUPSERVER.
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan
         * SPN found :LDAP/BACKUPSERVER
         * SPN found :LDAP/BACKUPSERVER.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2b76e290-f2c7-46b0-966a-6bdc46bc7df7/ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan
         * SPN found :HOST/BACKUPSERVER
         * SPN found :HOST/BACKUPSERVER.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/BACKUPSERVER.ok-snacks.lan/ok-snacks.lan
         ......................... BACKUPSERVER passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC BACKUPSERVER.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           DC=DomainDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=ok-snacks,DC=lan
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=ok-snacks,DC=lan
            (Domain,Version 3)
         ......................... BACKUPSERVER failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\BACKUPSERVER\netlogon
         Verified share \\BACKUPSERVER\sysvol
         ......................... BACKUPSERVER passed test NetLogons

      Starting test: ObjectsReplicated

         BACKUPSERVER is in domain DC=ok-snacks,DC=lan
         Checking for CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,DC=lan in domain DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=BACKUPSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan in domain CN=Configuration,DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         ......................... BACKUPSERVER passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... BACKUPSERVER passed test

         OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... BACKUPSERVER passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4104 to 1073741823
         * adcontroller.ok-snacks.lan is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2604 to 3103
         * rIDPreviousAllocationPool is 2604 to 3103
         * rIDNextRID: 2619
         ......................... BACKUPSERVER passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
            Invalid service type: RpcSs on BACKUPSERVER, current value

            WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS

         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... BACKUPSERVER failed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... BACKUPSERVER passed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... BACKUPSERVER passed test Topology

      Starting test: VerifyEnterpriseReferences

         ......................... BACKUPSERVER passed test

         VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,DC=lan and backlink

         on

         CN=BACKUPSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (serverReferenceBL)

         CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on

         CN=NTDS Settings,CN=BACKUPSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=BACKUPSERVER,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on

         CN=BACKUPSERVER,OU=Domain Controllers,DC=ok-snacks,DC=lan are correct.

         ......................... BACKUPSERVER passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... BACKUPSERVER passed test VerifyReplicas

   
   Testing server: Default-First-Site-Name\SERV-DC1

      Starting test: Advertising

         The DC SERV-DC1 is advertising itself as a DC and having a DS.
         The DC SERV-DC1 is advertising as an LDAP server
         The DC SERV-DC1 is advertising as having a writeable directory
         The DC SERV-DC1 is advertising as a Key Distribution Center
         The DC SERV-DC1 is advertising as a time server
         The DS SERV-DC1 is advertising as a GC.
         ......................... SERV-DC1 passed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC SERV-DC1 for domain ok-snacks.lan in site Default-First-Site-Name
         Checking machine account for DC SERV-DC1 on DC SERV-DC1.
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan
         * SPN found :LDAP/SERV-DC1
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/81af9283-c054-4dc6-abec-d636cdbc2aeb._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/81af9283-c054-4dc6-abec-d636cdbc2aeb/ok-snacks.lan
         * SPN found :HOST/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/SERV-DC1.ok-snacks.lan
         * SPN found :HOST/SERV-DC1
         * SPN found :HOST/SERV-DC1.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         [SERV-DC1] No security related replication errors were found on this

         DC!  To target the connection to a specific source DC use

         /ReplSource:<DC>.

         ......................... SERV-DC1 passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERV-DC1 passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         A warning event occurred.  EventID: 0x800034FA

            Time Generated: 09/19/2011   10:05:57

            Event String:

            Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.

             

             Could not bind to a Domain Controller. Will try again at next polling cycle.
           
             

           

         A warning event occurred.  EventID: 0x800034FA

            Time Generated: 09/19/2011   10:25:20

            Event String:

            Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller SERV-DC1.ok-snacks.lan for FRS replica set configuration information.

             

             Could not bind to a Domain Controller. Will try again at next polling cycle.
           
             

           

         A warning event occurred.  EventID: 0x800034C4

            Time Generated: 09/19/2011   10:30:05

            Event String:

            The File Replication Service is having trouble enabling replication from BACKUPSERVER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name BACKUPSERVER.ok-snacks.lan. FRS will keep retrying.

             Following are some of the reasons you would see this warning.

             

             [1] FRS can not correctly resolve the DNS name BACKUPSERVER.ok-snacks.lan from this computer.

             [2] FRS is not running on BACKUPSERVER.ok-snacks.lan.

             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

             

             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

         A warning event occurred.  EventID: 0x800034C4

            Time Generated: 09/19/2011   10:30:05

            Event String:

            The File Replication Service is having trouble enabling replication from ADCONTROLLER to SERV-DC1 for c:\windows\sysvol\domain using the DNS name adcontroller.ok-snacks.lan. FRS will keep retrying.

             Following are some of the reasons you would see this warning.

             

             [1] FRS can not correctly resolve the DNS name adcontroller.ok-snacks.lan from this computer.

             [2] FRS is not running on adcontroller.ok-snacks.lan.

             [3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.

             

             This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.

         ......................... SERV-DC1 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         Skip the test because the server is running FRS.

         ......................... SERV-DC1 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERV-DC1 passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERV-DC1 passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... SERV-DC1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Domain Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role PDC Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Rid Owner = CN=NTDS Settings,CN=ADCONTROLLER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan
         ......................... SERV-DC1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC SERV-DC1 on DC SERV-DC1.
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan
         * SPN found :LDAP/SERV-DC1
         * SPN found :LDAP/SERV-DC1.ok-snacks.lan/OK-SNACKS
         * SPN found :LDAP/81af9283-c054-4dc6-abec-d636cdbc2aeb._msdcs.ok-snacks.lan
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/81af9283-c054-4dc6-abec-d636cdbc2aeb/ok-snacks.lan
         * SPN found :HOST/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         * SPN found :HOST/SERV-DC1.ok-snacks.lan
         * SPN found :HOST/SERV-DC1
         * SPN found :HOST/SERV-DC1.ok-snacks.lan/OK-SNACKS
         * SPN found :GC/SERV-DC1.ok-snacks.lan/ok-snacks.lan
         ......................... SERV-DC1 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SERV-DC1.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=ForestDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           DC=DomainDnsZones,DC=ok-snacks,DC=lan
            (NDNC,Version 3)
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have

            Replicating Directory Changes In Filtered Set
         access rights for the naming context:

         DC=DomainDnsZones,DC=ok-snacks,DC=lan
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=ok-snacks,DC=lan
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=ok-snacks,DC=lan
            (Domain,Version 3)
         ......................... SERV-DC1 failed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\SERV-DC1\netlogon
         Verified share \\SERV-DC1\sysvol
         ......................... SERV-DC1 passed test NetLogons

      Starting test: ObjectsReplicated

         SERV-DC1 is in domain DC=ok-snacks,DC=lan
         Checking for CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,DC=lan in domain DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan in domain CN=Configuration,DC=ok-snacks,DC=lan on 3 servers
            Object is up-to-date on all servers.
         ......................... SERV-DC1 passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... SERV-DC1 passed test OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=ok-snacks,DC=lan
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=ok-snacks,DC=lan
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... SERV-DC1 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4104 to 1073741823
         * adcontroller.ok-snacks.lan is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 3604 to 4103
         * rIDPreviousAllocationPool is 3604 to 4103
         * rIDNextRID: 3613
         ......................... SERV-DC1 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERV-DC1 passed test Services

      Starting test: SystemLog

         * The System Event log test
         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 09/19/2011   12:14:20

            Event String:

            Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x8000001D

            Time Generated: 09/19/2011   12:25:38

            Event String:

            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.

         A warning event occurred.  EventID: 0x00002724

            Time Generated: 09/19/2011   12:26:01

            Event String:

            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.

         A warning event occurred.  EventID: 0x000003F6

            Time Generated: 09/19/2011   12:26:27

            Event String:

            Name resolution for the name ok-snacks.lan timed out after none of the configured DNS servers responded.

         A warning event occurred.  EventID: 0x000727AA

            Time Generated: 09/19/2011   12:28:34

            Event String:

            The WinRM service failed to create the following SPNs: WSMAN/SERV-DC1.ok-snacks.lan; WSMAN/SERV-DC1.

           

             Additional Data

             The error received was 8344: %%8344.

           

             User Action

             The SPNs can be created by an administrator using setspn.exe utility.

         Found no errors in "System" Event log in the last 60 minutes.
         ......................... SERV-DC1 passed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=ok-snacks,DC=lan.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERV-DC1 passed test Topology

      Starting test: VerifyEnterpriseReferences

         ......................... SERV-DC1 passed test

         VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,DC=lan and backlink on

         CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (serverReferenceBL)

         CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on

         CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=SERV-DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ok-snacks,DC=lan

         and backlink on CN=SERV-DC1,OU=Domain Controllers,DC=ok-snacks,DC=lan

         are correct.
         ......................... SERV-DC1 passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... SERV-DC1 passed test VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

           
               Starting test: DNS

                     
                        Starting test: DNS

                           See DNS test in enterprise tests section for results
                           ......................... BACKUPSERVER passed test

                           DNS

                  See DNS test in enterprise tests section for results
                  ......................... ADCONTROLLER passed test DNS

         See DNS test in enterprise tests section for results
         ......................... SERV-DC1 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : ok-snacks

      Starting test: CheckSDRefDom

         ......................... ok-snacks passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ok-snacks passed test CrossRefValidation

   
   Running enterprise tests on : ok-snacks.lan

      Starting test: DNS

         Test results for domain controllers:

           
            DC: adcontroller.ok-snacks.lan

            Domain: ok-snacks.lan

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                 

                     MAC address is 00:15:17:0D:DF:56
                     IP Address is static
                     IP address: 192.168.1.101
                     DNS servers:

                        192.168.1.101 (ADCONTROLLER) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     193.162.145.130 (<name unavailable>) [Valid]
                     193.162.153.164 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone ok-snacks.lan
                  Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
                  [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Intel(R) PRO/1000 EB Network Connection with I/O Acceleration:

                 

                     Matching CNAME record found at DNS server 192.168.1.101:
                     95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.101:
                     adcontroller.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.fc6f75d8-1e16-4083-8df5-7b9de43e2693.domains._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._udp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kpasswd._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.gc._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.101:
                     gc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _gc._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.pdc._msdcs.ok-snacks.lan

         
           
            DC: BACKUPSERVER.ok-snacks.lan

            Domain: ok-snacks.lan

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter [00000007] HP NC320i PCIe Gigabit Server Adapter:

                     MAC address is 00:17:A4:37:D0:AB
                     IP Address is static
                     IP address: 192.168.1.253, 192.168.1.10
                     DNS servers:

                        192.168.1.253 (BACKUPSERVER) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     194.239.134.83 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone ok-snacks.lan
                  Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
                  [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] HP NC320i PCIe Gigabit Server Adapter:

                     Matching CNAME record found at DNS server 192.168.1.253:
                     2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.253:
                     BACKUPSERVER.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _ldap._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _ldap._tcp.fc6f75d8-1e16-4083-8df5-7b9de43e2693.domains._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kerberos._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _ldap._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kerberos._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kerberos._udp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kpasswd._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _ldap._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.253:
                     _kerberos._tcp.Default-First-Site-Name._sites.ok-snacks.lan

         
           
            DC: SERV-DC1.ok-snacks.lan

            Domain: ok-snacks.lan

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 1.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     MAC address is 78:2B:CB:4C:B5:28
                     IP Address is static
                     IP address: 192.168.1.2, fe80::f855:9700:4df0:f815
                     DNS servers:

                        192.168.1.101 (ADCONTROLLER) [Valid]
                        192.168.1.2 (SERV-DC1) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders are not configured on this DNS server
                  Root hint Information:
                     Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
                     Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
                     Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreachable)]
                     Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
                     Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
                     Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
                     Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
                     Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
                     Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
                     Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
                     Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
                     Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
                     Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
                     Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
                     Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
                     Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
                     Name: j.root-servers.net. IP: 198.41.0.10 [Valid]
                     Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
                     Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
                     Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreachable)]
                     Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
                     Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
                     Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Test record dcdiag-test-record added successfully in zone ok-snacks.lan
                  Warning: Failed to delete the test record dcdiag-test-record in zone ok-snacks.lan
                  [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000007] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):

                 

                     Matching CNAME record found at DNS server 192.168.1.101:
                     81af9283-c054-4dc6-abec-d636cdbc2aeb._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.101:
                     SERV-DC1.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.fc6f75d8-1e16-4083-8df5-7b9de43e2693.domains._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._udp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kpasswd._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _kerberos._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.gc._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.101:
                     gc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _gc._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.101:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ok-snacks.lan

                     Matching CNAME record found at DNS server 192.168.1.2:
                     81af9283-c054-4dc6-abec-d636cdbc2aeb._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.2:
                     SERV-DC1.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.fc6f75d8-1e16-4083-8df5-7b9de43e2693.domains._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kerberos._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kerberos._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kerberos._udp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kpasswd._tcp.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _kerberos._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.gc._msdcs.ok-snacks.lan

                     Matching A record found at DNS server 192.168.1.2:
                     gc._msdcs.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _gc._tcp.Default-First-Site-Name._sites.ok-snacks.lan

                     Matching  SRV record found at DNS server 192.168.1.2:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ok-snacks.lan

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 128.9.0.107 (b.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 198.32.64.12 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2d::d (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:500:3::42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fd::1 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 2001:dc3::35 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.168.1.101 (ADCONTROLLER)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.168.1.2 (SERV-DC1)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.168.1.253 (BACKUPSERVER)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 192.58.128.30 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 193.162.145.130 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 193.162.153.164 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 194.239.134.83 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.10 (j.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               All tests passed on this DNS server

               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: ok-snacks.lan

               adcontroller                 PASS PASS PASS PASS WARN PASS n/a  
               BACKUPSERVER                 PASS PASS PASS PASS WARN PASS n/a  
               SERV-DC1                     PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... ok-snacks.lan passed test DNS

      Starting test: LocatorCheck

         GC Name: \\SERV-DC1.ok-snacks.lan

         Locator Flags: 0xe00031fc
         PDC Name: \\adcontroller.ok-snacks.lan
         Locator Flags: 0xe00003fd
         Time Server Name: \\SERV-DC1.ok-snacks.lan
         Locator Flags: 0xe00031fc
         Preferred Time Server Name: \\adcontroller.ok-snacks.lan
         Locator Flags: 0xe00003fd
         KDC Name: \\SERV-DC1.ok-snacks.lan
         Locator Flags: 0xe00031fc
         ......................... ok-snacks.lan passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\SERV-DC1.ok-snacks.lan

         Locator Flags: 0xe00031fc
         PDC Name: \\adcontroller.ok-snacks.lan
         Locator Flags: 0xe00003fd
         Time Server Name: \\SERV-DC1.ok-snacks.lan
         Locator Flags: 0xe00031fc
         Preferred Time Server Name: \\adcontroller.ok-snacks.lan
         Locator Flags: 0xe00003fd
         KDC Name: \\SERV-DC1.ok-snacks.lan
         Locator Flags: 0xe00031fc
         ......................... ok-snacks.lan passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... ok-snacks.lan passed test Intersite

---------------------------------------------------------------------------------------------------------------------------
Result of REPADMIN:
---------------------------------------------------------------------------------------------------------------------------



Repadmin: running command /showrepl against full DC localhost

Default-First-Site-Name\SERV-DC1

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 81af9283-c054-4dc6-abec-d636cdbc2aeb

DSA invocationID: f631ee63-f78a-435d-80e6-7350ef837e89



==== INBOUND NEIGHBORS ======================================



==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============



DC=ok-snacks,DC=lan

    Default-First-Site-Name\BACKUPSERVER via RPC

        DSA object GUID: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7

        Address: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-19 12:48:13 was successful.

    Default-First-Site-Name\ADCONTROLLER via RPC

        DSA object GUID: 95589b0c-cfef-4c19-bc04-d9e024d5a699

        Address: 95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-19 12:48:16 was successful.



CN=Configuration,DC=ok-snacks,DC=lan

    Default-First-Site-Name\ADCONTROLLER via RPC

        DSA object GUID: 95589b0c-cfef-4c19-bc04-d9e024d5a699

        Address: 95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-19 12:46:00 was successful.

    Default-First-Site-Name\BACKUPSERVER via RPC

        DSA object GUID: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7

        Address: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-19 12:46:03 was successful.



CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan

    Default-First-Site-Name\BACKUPSERVER via RPC

        DSA object GUID: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7

        Address: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:43 was successful.

    Default-First-Site-Name\ADCONTROLLER via RPC

        DSA object GUID: 95589b0c-cfef-4c19-bc04-d9e024d5a699

        Address: 95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:46 was successful.



DC=DomainDnsZones,DC=ok-snacks,DC=lan

    Default-First-Site-Name\ADCONTROLLER via RPC

        DSA object GUID: 95589b0c-cfef-4c19-bc04-d9e024d5a699

        Address: 95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:55 was successful.

    Default-First-Site-Name\BACKUPSERVER via RPC

        DSA object GUID: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7

        Address: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:58 was successful.



DC=ForestDnsZones,DC=ok-snacks,DC=lan

    Default-First-Site-Name\ADCONTROLLER via RPC

        DSA object GUID: 95589b0c-cfef-4c19-bc04-d9e024d5a699

        Address: 95589b0c-cfef-4c19-bc04-d9e024d5a699._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:49 was successful.

    Default-First-Site-Name\BACKUPSERVER via RPC

        DSA object GUID: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7

        Address: 2b76e290-f2c7-46b0-966a-6bdc46bc7df7._msdcs.ok-snacks.lan

        WRITEABLE

        Last attempt @ 2011-09-15 16:07:52 was successful.



==== KCC CONNECTION OBJECTS ============================================

Connection --

    Connection name : 4c9cb3f1-eb0e-4f1b-91c0-fc79dc251bb3

    Server DNS name : SERV-DC1.ok-snacks.lan

    Server DN  name : CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

        Source: Default-First-Site-Name\BACKUPSERVER

                No Failures.

        TransportType: intrasite RPC

        options:  isGenerated

        ReplicatesNC: DC=ForestDnsZones,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=DomainDnsZones,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Configuration,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        enabledConnection: TRUE

        whenChanged: 20110914131641.0Z

        whenCreated: 20110914131641.0Z

        Schedule:

        day: 0123456789ab0123456789ab

        Sun: 111111111111111111111111

        Mon: 111111111111111111111111

        Tue: 111111111111111111111111

        Wed: 111111111111111111111111

        Thu: 111111111111111111111111

        Fri: 111111111111111111111111

        Sat: 111111111111111111111111

Connection --

    Connection name : 8968558e-7d8a-4ccf-acb5-b1b3047f2bf6

    Server DNS name : SERV-DC1.ok-snacks.lan

    Server DN  name : CN=NTDS Settings,CN=SERV-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ok-snacks,DC=lan

        Source: Default-First-Site-Name\ADCONTROLLER

                No Failures.

        TransportType: intrasite RPC

        options:  isGenerated

        ReplicatesNC: DC=ForestDnsZones,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=DomainDnsZones,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Schema,CN=Configuration,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        ReplicatesNC: CN=Configuration,DC=ok-snacks,DC=lan

        Reason:  RingTopology

                Replica link has been added.

        enabledConnection: TRUE

        whenChanged: 20110914131641.0Z

        whenCreated: 20110914131641.0Z

        Schedule:

        day: 0123456789ab0123456789ab

        Sun: 111111111111111111111111

        Mon: 111111111111111111111111

        Tue: 111111111111111111111111

        Wed: 111111111111111111111111

        Thu: 111111111111111111111111

        Fri: 111111111111111111111111

        Sat: 111111111111111111111111

2 connections found.

Partition Replication Schedule Loading:

     

      00      01      02      03      04      05      06      07      08      09      10      11

     

 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3

        Sun: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Sun: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Mon: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Mon: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Tue: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Tue: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Wed: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Wed: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Thu: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Thu: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Fri: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Fri: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Sat: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

        Sat: 100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000

---------------------------------------------------------------------------------------------------------------------------
Result of IPCONFIG:
---------------------------------------------------------------------------------------------------------------------------
SERV-DC1: (new 2008R2 srv)
--------------------------------------------------------------------------------------------------------------------------
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERV-DC1
   Primary Dns Suffix  . . . . . . . : ok-snacks.lan
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ok-snacks.lan

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : ok-snacks.lan
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
   Physical Address. . . . . . . . . : 78-2B-CB-4C-B5-28
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f855:9700:4df0:f815%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 242756555
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-02-3A-CB-78-2B-CB-4C-B5-28
   DNS Servers . . . . . . . . . . . : 192.168.1.101
                                       192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EEDA89F6-8BC9-4EC0-8FE3-A116804F8A4E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ok-snacks.lan
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
--------------------------------------------------------------------------------------------------------------------------
ADCONTROLLER (old 2003 srv)
--------------------------------------------------------------------------------------------------------------------------
Windows IP Configuration

   Host Name . . . . . . . . . . . . : adcontroller
   Primary Dns Suffix  . . . . . . . : ok-snacks.lan
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : ok-snacks.lan
Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 EB Network Connection with I/O Acceleration
   Physical Address. . . . . . . . . : 00-15-17-0D-DF-56
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.101
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.101
   Primary WINS Server . . . . . . . : 192.168.1.101

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36559530
One of your DCs is multihomed (has more than 1 NIC configured). This can lead to problems.
This DC is DC: BACKUPSERVER.ok-snacks.lan
Please, try to follow with this article at Microsoft Technet and check if ater configuration changes, your DC will start to work
http://support.microsoft.com/kb/272294

Krzysztof
0
 

Author Comment

by:Ohmit
ID: 36559584
ISieK:

??  The server BACKUPSERVER has only one NIC??

ADCONTROLLER has two NIC's but the second is disabled.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36559642
OK, this is one NIC and two IPs, right? So, there is no problem, sorry :)
OK, let's try this way. Reconfigure your NIC's properties. In DNS section on that server point to another DC with DNS as primary IP address. Remove DNS role from your server and add it again. Wait some time (i.e. 1 hour) and check if DNS zone was replicated and problem disappeared.

Krzysztof
0
 

Author Comment

by:Ohmit
ID: 36559681
GREAT ! testing and get back to you :-)
0
 

Author Comment

by:Ohmit
ID: 36559824
iSieK:

Hmm this is really strange.
When I examine the zones of the DNS on the two servers, they look exactly the sames!
However on the new 2008 it still says that the zone does not exists even though I can see the zone???
0
 

Author Comment

by:Ohmit
ID: 36559834
another important thing!

I have just tried to do a backup/restore of the DNS Zone.
I used DNSCMD.EXE first on the old server and then exported it from the new.
SAME RESULT!!
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36565158
Sorry I left yesterday without a word!

OK, please run DNS Management console and expand Forward Lookup Zones node and check if you can see zone named _msdcs.DNS-DOMAIN-NAME ?

Try running also on any of your Windows Server 2003 DCs in command-line

netdiag /fix

to try to fix up DNS problem and let me know about results.

Krzysztof
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now