• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2860
  • Last Modified:

Dcdiag issues

We have (or at least thought i had) migrated our Windows 2003 to Windows 2008 DC's.

I had a DNS issue with our new exch2k8 box and thus ran dcdiag:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\dradministrator>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = Server
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Site1\Server
      Starting test: Connectivity
         ......................... Server passed test Connectivity

Doing primary tests

   Testing server: Site1\Server
      Starting test: Advertising
         ......................... Server passed test Advertising
      Starting test: FrsEvent
         ......................... Server passed test FrsEvent
      Starting test: DFSREvent
         ......................... Server passed test DFSREvent
      Starting test: SysVolCheck
         ......................... Server passed test SysVolCheck
      Starting test: KccEvent
         A warning event occurred.  EventID: 0x8000043B
            Time Generated: 08/15/2012   14:35:53
            Event String:
            Active Directory Domain Services could not update the following obje
ct with changes received from the directory service at the following network add
ress because Active Directory Domain Services was busy processing information.
         A warning event occurred.  EventID: 0x80000B46
            Time Generated: 08/15/2012   14:39:31
            Event String:
            The security of this directory server can be significantly enhanced
by configuring the server to reject SASL (Negotiate,  Kerberos, NTLM, or Digest)
 LDAP binds that do not request signing (integrity verification) and LDAP simple
 binds that  are performed on a cleartext (non-SSL/TLS-encrypted) connection.  E
ven if no clients are using such binds, configuring the server to reject them wi
ll improve the security of this server.
         ......................... Server passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... Server passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... Server passed test MachineAccount
      Starting test: NCSecDesc
         ......................... Server passed test NCSecDesc
      Starting test: NetLogons
         ......................... Server passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... Server passed test ObjectsReplicated
      Starting test: Replications
         ......................... Server passed test Replications
      Starting test: RidManager
         ......................... Server passed test RidManager
      Starting test: Services
         ......................... Server passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x80070003
            Time Generated: 08/15/2012   14:38:49
            Event String:
            VMDebug driver (version 7.3.4.7) was not enabled.  This driver is re
quired by the replay debugging feature of VMware Workstation. If you are using o
ther VMware products or not using replay debugging, please ignore this message.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 08/15/2012   14:39:26
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate
 to use for smart card logons, or the KDC certificate could not be verified. Sma
rt card logon may not function correctly if this problem is not resolved. To cor
rect this problem, either verify the existing KDC certificate using certutil.exe
 or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 08/15/2012   14:39:45
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For
 reliable DHCPv6 server operation, you should use only static IPv6 addresses.
         A warning event occurred.  EventID: 0x0000008E
            Time Generated: 08/15/2012   14:40:23
            Event String:
            The time service has stopped advertising as a time source because th
e local clock is not synchronized.
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 08/15/2012   14:42:06
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/chi-ad1
-dr.domain.local; WSMAN/Server.
         ......................... Server passed test SystemLog
      Starting test: VerifyReferences
         ......................... Server passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.local
      Starting test: LocatorCheck
         ......................... domain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.local passed test Intersite

C:\Users\dradministrator>fsmo

Steps i followed to migrate:

1. added 2x new 2k8 server to domain and added as DC, skipped DHCP and DNS.
2. moved schema master from our live site to DR site (to be able to install exchange 2k10.
3. moved schema back (once exchange installed)
4. added DNS role onto 2x new DC's (2k8)
5. added 2x new DHCP servers (configuring scopes etc) - tested fine.
6. removed old 2003 DC's from network in terms of IP addresses from NIC setting on other server and DHCP scope - this seems to have caused the dcdiag errors.

Anything wrong here?
0
CHI-LTD
Asked:
CHI-LTD
  • 3
  • 2
1 Solution
 
CHI-LTDAuthor Commented:
Just noticed that the DHCP and DNS roles on the 2x old 2k3 servers are running still....

But ip addresses removed from NIC settings and DHCP scope etc..

Can this cause the issue?
0
 
Darius GhassemCommented:
Not sure what you mean by remove IP addresses from network.

Did you demote these servers?
0
 
CHI-LTDAuthor Commented:
Meant by removing the DNS, ip addresses of the old servers from the NIC ipv4 tcpip settings on all the servers.
They have yet to be truly demoted.  Before we do, we will test for a week or so by turning them off.
0
 
Darius GhassemCommented:
I understand now.

I do not see a DNS issue.

The error does happen sometimes
0
 
CHI-LTDAuthor Commented:
Yes seems ok now...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now