Julian123
asked on
Active Directory Forest Trust stops working
I have two Windows 2008 R2 Active Directory forests, which I'll call ForestA and ForestB. ForestB trusts ForestA via a one-way external trust. I have file shares and SQL databases in ForestB that are accessed using domain accounts from ForestA.
Everything was working great until ForestA accounts started getting access denied when accessing the ForestB resources. I saw NETLOGON 3210 events on the ForestB domain controllers listing the following:
This computer could not authenticate with \\FORESTA_Domain_Controlle r_name_her e, a Windows domain controller for domain mydomain.com, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.
I also saw the same events on the ForestA domain controllers with the logs listing ForestB DCs in body of the event log message.
I deleted and re-created the trust and everything worked fine again. However, a few weeks later this issue happened again. I've had to delete and re-create the trust a few times now but want to stop this from happening.
Suggestions welcome.
Thanks!
Everything was working great until ForestA accounts started getting access denied when accessing the ForestB resources. I saw NETLOGON 3210 events on the ForestB domain controllers listing the following:
This computer could not authenticate with \\FORESTA_Domain_Controlle
I also saw the same events on the ForestA domain controllers with the logs listing ForestB DCs in body of the event log message.
I deleted and re-created the trust and everything worked fine again. However, a few weeks later this issue happened again. I've had to delete and re-create the trust a few times now but want to stop this from happening.
Suggestions welcome.
Thanks!
Can you run dcdiag /v/e on both the DC's
good to run dcdiag as well to make sure error are surfaced
http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx
http://technet.microsoft.com/en-us/library/cc776854(v=ws.10).aspx
http://blogs.technet.com/b/askds/archive/2011/03/22/what-does-dcdiag-actually-do.aspx
http://technet.microsoft.com/en-us/library/cc776854(v=ws.10).aspx
ASKER
I've listed the dcidag /v /e output as requested (forest, AD site, and server names have been changed for confidentiality purposes):
Here's the output for the DC in ForestB:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Server_2, is a Directory Server.
Home Server = Server_2
* Connecting to directory service on server Server_2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=F orestB,DC= lan,LDAP_S COPE_SUBTR EE,(object Category=n tDSSiteSet tings),... ....
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=ForestB-lan,CN =Sites,CN= Configurat ion,DC=For estB,DC=la n
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=F orestB,DC= lan,LDAP_S COPE_SUBTR EE,(object Class=ntDS Dsa),..... ..
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: ForestB-lan\Server_2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... Server_2 passed test Connectivity
Doing primary tests
Testing server: ForestB-lan\Server_2
Starting test: Advertising
The DC Server_2 is advertising itself as a DC and having a DS.
The DC Server_2 is advertising as an LDAP server
The DC Server_2 is advertising as having a writeable directory
The DC Server_2 is advertising as a Key Distribution Center
The DC Server_2 is advertising as a time server
The DS Server_2 is advertising as a GC.
......................... Server_2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... Server_2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... Server_2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... Server_2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... Server_2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
Role Domain Owner = CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
Role PDC Owner = CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
Role Rid Owner = CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
Role Infrastructure Update Owner = CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
......................... Server_2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC Server_2 on DC Server_2.
* SPN found :LDAP/Server_2.ForestB.lan /ForestB.l an
* SPN found :LDAP/Server_2.ForestB.lan
* SPN found :LDAP/Server_2
* SPN found :LDAP/Server_2.ForestB.lan /ForestB
* SPN found :LDAP/42d3c96a-c04b-483e-b c7f-50acfe 519ac5._ms dcs.Forest B.lan
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/42d3c96a -c04b-483e -bc7f-50ac fe519ac5/F orestB.lan
* SPN found :HOST/Server_2.ForestB.lan /ForestB.l an
* SPN found :HOST/Server_2.ForestB.lan
* SPN found :HOST/Server_2
* SPN found :HOST/Server_2.ForestB.lan /ForestB
* SPN found :GC/Server_2.ForestB.lan/F orestB.lan
......................... Server_2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC Server_2.
* Security Permissions Check for
DC=ForestDnsZones,DC=Fores tB,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Fores tB,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=Forest B,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Forest B,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=ForestB,DC=lan
(Domain,Version 3)
......................... Server_2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\Server_2\netlogon
Verified share \\Server_2\sysvol
......................... Server_2 passed test NetLogons
Starting test: ObjectsReplicated
Server_2 is in domain DC=ForestB,DC=lan
Checking for CN=Server_2,OU=Domain Controllers,DC=ForestB,DC= lan in domain DC=ForestB,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan in domain CN=Configuration,DC=Forest B,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... Server_2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... Server_2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* Server_2.ForestB.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1161
......................... Server_2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
Invalid service type: DnsCache on Server_2, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... Server_2 failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... Server_2 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=Server_2,OU=Domain Controllers,DC=ForestB,DC= lan and backlink on
CN=Server_2,CN=Servers,CN= ForestB-la n,CN=Sites ,CN=Config uration,DC =ForestB,D C=lan
are correct.
The system object reference (serverReferenceBL)
CN=WIN-UEU2M12O60H,CN=Topo logy,CN=Do main System Volume,CN=DFSR-GlobalSetti ngs,CN=Sys tem,DC=For estB,DC=la n
and backlink on
CN=NTDS Settings,CN=Server_2,CN=Se rvers,CN=F orestB-lan ,CN=Sites, CN=Configu ration,DC= ForestB,DC =lan
are correct.
The system object reference (msDFSR-ComputerReferenceB L)
CN=WIN-UEU2M12O60H,CN=Topo logy,CN=Do main System Volume,CN=DFSR-GlobalSetti ngs,CN=Sys tem,DC=For estB,DC=la n
and backlink on CN=Server_2,OU=Domain Controllers,DC=ForestB,DC= lan are
correct.
......................... Server_2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ForestB
Starting test: CheckSDRefDom
......................... ForestB passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestB passed test CrossRefValidation
Running enterprise tests on : ForestB.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
PDC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
Time Server Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
Preferred Time Server Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
KDC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
......................... ForestB.lan passed test LocatorCheck
Starting test: Intersite
Skipping site ForestB-lan, this site is outside the scope provided by the
command line arguments provided.
......................... ForestB.lan passed test Intersite
And the output for ForestA:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC_2, is a Directory Server.
Home Server = DC_2
* Connecting to directory service on server DC_2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=D omainA,DC= local,LDAP _SCOPE_SUB TREE,(obje ctCategory =ntDSSiteS ettings),. ......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SiteA,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Siteb,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SiteC,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SiteD,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=D omainA,DC= local,LDAP _SCOPE_SUB TREE,(obje ctClass=nt DSDsa),... ....
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_2,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_3,CN=Server s,CN=Siteb ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_4,CN=Server s,CN=SiteC ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 4 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SiteA\DC_1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_1 passed test Connectivity
Testing server: SiteA\DC_2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_2 passed test Connectivity
Testing server: Siteb\DC_3
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_3 passed test Connectivity
Testing server: SiteC\DC_4
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_4 passed test Connectivity
Doing primary tests
Testing server: SiteA\DC_1
Starting test: Advertising
The DC DC_1 is advertising itself as a DC and having a DS.
The DC DC_1 is advertising as an LDAP server
The DC DC_1 is advertising as having a writeable directory
The DC DC_1 is advertising as a Key Distribution Center
The DC DC_1 is advertising as a time server
The DS DC_1 is advertising as a GC.
......................... DC_1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 23:53:28
Event String:
The File Replication Service is having trouble enabling replication from DC_4 to DC_1 for c:\windows\sysvol\domain using the DNS name DC_4.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_4.DomainA.local from this computer.
[2] FRS is not running on DC_4.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034FA
Time Generated: 01/06/2013 00:30:25
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC_1.DomainA.local for FRS replica set configuration information.
The nTDSConnection object cn=rodc connection (frs),cn=ntds settings,cn=DC_3,cn=server s,cn=Siteb ,cn=sites, cn=configu ration,dc= DomainA,dc =local is conflicting with cn=DC_1,cn=ntds settings,cn=DC_3,cn=server s,cn=Siteb ,cn=sites, cn=configu ration,dc= DomainA,dc =local. Using cn=rodc connection (frs),cn=ntds settings,cn=DC_3,cn=server s,cn=Siteb ,cn=sites, cn=configu ration,dc= DomainA,dc =local
......................... DC_1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_1 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
......................... DC_1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_1 on DC DC_1.
* SPN found :LDAP/DC_1.DomainA.local/D omainA.loc al
* SPN found :LDAP/DC_1.DomainA.local
* SPN found :LDAP/DC_1
* SPN found :LDAP/DC_1.DomainA.local/D omainA
* SPN found :LDAP/317ad8e6-bca1-4433-b adf-8b275e d0e298._ms dcs.Domain A.local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/317ad8e6 -bca1-4433 -badf-8b27 5ed0e298/D omainA.loc al
* SPN found :HOST/DC_1.DomainA.local/D omainA.loc al
* SPN found :HOST/DC_1.DomainA.local
* SPN found :HOST/DC_1
* SPN found :HOST/DC_1.DomainA.local/D omainA
* SPN found :GC/DC_1.DomainA.local/Dom ainA.local
......................... DC_1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_1.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain A,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_1\netlogon
Verified share \\DC_1\sysvol
......................... DC_1 passed test NetLogons
Starting test: ObjectsReplicated
DC_1 is in domain DC=DomainA,DC=local
Checking for CN=DC_1,OU=Domain Controllers,DC=DomainA,DC= local in domain DC=DomainA,DC=local on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local in domain CN=Configuration,DC=Domain A,DC=local on 4 servers
Object is up-to-date on all servers.
......................... DC_1 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Domai nA,DC=loca l
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Domai nA,DC=loca l
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Domain A,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainA,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC_1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 5604 to 6103
* rIDNextRID: 6027
* Warning :There is less than 16% available RIDs in the current pool
......................... DC_1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC_1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC_1 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_1,OU=Domain Controllers,DC=DomainA,DC= local and
backlink on
CN=DC_1,CN=Servers,CN=Site A,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
are correct.
The system object reference (serverReferenceBL)
CN=DC_1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai nA,DC=loca l
and backlink on
CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
are correct.
......................... DC_1 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: SiteA\DC_2
Starting test: Advertising
The DC DC_2 is advertising itself as a DC and having a DS.
The DC DC_2 is advertising as an LDAP server
The DC DC_2 is advertising as having a writeable directory
The DC DC_2 is advertising as a Key Distribution Center
The DC DC_2 is advertising as a time server
The DS DC_2 is advertising as a GC.
......................... DC_2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 23:52:54
Event String:
The File Replication Service is having trouble enabling replication from DC_4 to DC_2 for c:\windows\sysvol\domain using the DNS name DC_4.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_4.DomainA.local from this computer.
[2] FRS is not running on DC_4.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... DC_2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
......................... DC_2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_2 on DC DC_2.
* SPN found :LDAP/DC_2.DomainA.local/D omainA.loc al
* SPN found :LDAP/DC_2.DomainA.local
* SPN found :LDAP/DC_2
* SPN found :LDAP/DC_2.DomainA.local/D omainA
* SPN found :LDAP/44b03619-27b4-4046-9 5b1-c7c539 86fba1._ms dcs.Domain A.local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/44b03619 -27b4-4046 -95b1-c7c5 3986fba1/D omainA.loc al
* SPN found :HOST/DC_2.DomainA.local/D omainA.loc al
* SPN found :HOST/DC_2.DomainA.local
* SPN found :HOST/DC_2
* SPN found :HOST/DC_2.DomainA.local/D omainA
* SPN found :GC/DC_2.DomainA.local/Dom ainA.local
......................... DC_2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_2.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain A,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_2\netlogon
Verified share \\DC_2\sysvol
......................... DC_2 passed test NetLogons
Starting test: ObjectsReplicated
DC_2 is in domain DC=DomainA,DC=local
Checking for CN=DC_2,OU=Domain Controllers,DC=DomainA,DC= local in domain DC=DomainA,DC=local on 4 servers
Authoritative attribute lastLogonTimestamp on DC_2 (writeable)
usnLocalChange = 39638571
LastOriginatingDsa = DC_1
usnOriginatingChange = 70015661
timeLastOriginatingChange = 2013-01-03 17:15:06
VersionLastOriginatingChan ge = 90
Out-of-date attribute lastLogonTimestamp on DC_4 (writeable)
usnLocalChange = 2314093
LastOriginatingDsa = DC_4
usnOriginatingChange = 2314093
timeLastOriginatingChange = 2012-12-21 20:30:20
VersionLastOriginatingChan ge = 89
Authoritative attribute pwdLastSet on DC_2 (writeable)
usnLocalChange = 39475478
LastOriginatingDsa = DC_1
usnOriginatingChange = 69772114
timeLastOriginatingChange = 2012-12-28 20:57:36
VersionLastOriginatingChan ge = 35
Out-of-date attribute pwdLastSet on DC_4 (writeable)
usnLocalChange = 2231123
LastOriginatingDsa = DC_1
usnOriginatingChange = 68625986
timeLastOriginatingChange = 2012-11-28 01:27:02
VersionLastOriginatingChan ge = 34
Checking for CN=NTDS Settings,CN=DC_2,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local in domain CN=Configuration,DC=Domain A,DC=local on 4 servers
Object is up-to-date on all servers.
......................... DC_2 failed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Domai nA,DC=loca l
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Domai nA,DC=loca l
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Domain A,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainA,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC_2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7104 to 7603
* rIDPreviousAllocationPool is 4604 to 5103
* rIDNextRID: 4961
......................... DC_2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC_2 passed test Services
Starting test: SystemLog
* The System Event log test
......................... DC_2 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_2,OU=Domain Controllers,DC=DomainA,DC= local and
backlink on
CN=DC_2,CN=Servers,CN=Site A,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
are correct.
The system object reference (serverReferenceBL)
CN=DC_2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai nA,DC=loca l
and backlink on
CN=NTDS Settings,CN=DC_2,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
are correct.
......................... DC_2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Siteb\DC_3
Starting test: Advertising
The DC DC_3 is advertising itself as a DC and having a DS.
The DC DC_3 is advertising as an LDAP server
The DC DC_3 is not advertising as having a writeable directory because it is an RODC
The DC DC_3 is advertising as a Key Distribution Center
The DC DC_3 is advertising as a time server
The DS DC_3 is advertising as a GC.
......................... DC_3 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... DC_3 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_3 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_3 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_3 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
......................... DC_3 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_3 on DC DC_3.
* SPN found :LDAP/DC_3.DomainA.local/D omainA.loc al
* SPN found :LDAP/DC_3.DomainA.local
* SPN found :LDAP/DC_3
* SPN found :LDAP/DC_3.DomainA.local/D omainA
* SPN found :LDAP/e5ef6b48-fba4-43c7-9 030-4ae7ff 8dd773._ms dcs.Domain A.local
* SPN found :HOST/DC_3.DomainA.local/D omainA.loc al
* SPN found :HOST/DC_3.DomainA.local
* SPN found :HOST/DC_3
* SPN found :HOST/DC_3.DomainA.local/D omainA
* SPN found :GC/DC_3.DomainA.local/Dom ainA.local
......................... DC_3 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_3.
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain A,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_3\netlogon
Verified share \\DC_3\sysvol
......................... DC_3 passed test NetLogons
Starting test: ObjectsReplicated
DC_3 is in domain DC=DomainA,DC=local
Checking for CN=DC_3,OU=Domain Controllers,DC=DomainA,DC= local in domain DC=DomainA,DC=local on 4 servers
Authoritative attribute lastLogonTimestamp on DC_1 (writeable)
usnLocalChange = 69842721
LastOriginatingDsa = DC_1
usnOriginatingChange = 69842721
timeLastOriginatingChange = 2012-12-30 14:10:40
VersionLastOriginatingChan ge = 70
Out-of-date attribute lastLogonTimestamp on DC_4 (writeable)
usnLocalChange = 2278270
LastOriginatingDsa = DC_1
usnOriginatingChange = 69088672
timeLastOriginatingChange = 2012-12-10 13:25:59
VersionLastOriginatingChan ge = 68
Authoritative attribute pwdLastSet on DC_2 (writeable)
usnLocalChange = 39254844
LastOriginatingDsa = DC_1
usnOriginatingChange = 69415453
timeLastOriginatingChange = 2012-12-19 02:06:11
VersionLastOriginatingChan ge = 28
Out-of-date attribute pwdLastSet on DC_4 (writeable)
usnLocalChange = 2194439
LastOriginatingDsa = DC_1
usnOriginatingChange = 68277479
timeLastOriginatingChange = 2012-11-18 02:05:56
VersionLastOriginatingChan ge = 27
Checking for CN=NTDS Settings,CN=DC_3,CN=Server s,CN=Siteb ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local in domain CN=Configuration,DC=Domain A,DC=local on 4 servers
Object is up-to-date on all servers.
......................... DC_3 failed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context:
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:57:40.
The last success occurred at 2013-01-05 19:56:27.
88 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context: CN=Configuration,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:57:19.
The last success occurred at 2013-01-05 19:56:26.
88 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:02.
The last success occurred at 2013-01-05 19:56:27.
88 failures have occurred since the last success.
The source DC_2 is responding now.
......................... DC_3 failed test Replications
Test skipped for RODC: RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on DC_3, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... DC_3 failed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 01/06/2013 17:32:00
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Error Event occurred. EventID: 0x0000165B
Time Generated: 01/06/2013 17:51:31
Event String:
The session setup from computer 'ALPHA' failed because the security database does not contain a trust account 'colo.lan.' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'colo.lan.' is a legitimate machine account for the computer 'ALPHA' then 'ALPHA' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'colo.lan.' is a legitimate machine account for the computer 'ALPHA', then 'ALPHA' should be rejoined to the domain.
If 'colo.lan.' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'colo.lan.' is not a legitimate account, the following action should be taken on 'ALPHA':
If 'ALPHA' is a Domain Controller, then the trust associated with 'colo.lan.' should be deleted.
If 'ALPHA' is not a Domain Controller, it should be disjoined from the domain.
......................... DC_3 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_3,OU=Domain Controllers,DC=DomainA,DC= local and
backlink on
CN=DC_3,CN=Servers,CN=Site b,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
are correct.
The system object reference (serverReferenceBL)
CN=DC_3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai nA,DC=loca l
and backlink on
CN=NTDS Settings,CN=DC_3,CN=Server s,CN=Siteb ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
are correct.
......................... DC_3 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: SiteC\DC_4
Starting test: Advertising
The DC DC_4 is advertising itself as a DC and having a DS.
The DC DC_4 is advertising as an LDAP server
The DC DC_4 is advertising as having a writeable directory
The DC DC_4 is advertising as a Key Distribution Center
The DC DC_4 is advertising as a time server
The DS DC_4 is advertising as a GC.
......................... DC_4 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 19:15:34
Event String:
The File Replication Service is having trouble enabling replication from DC_1 to DC_4 for c:\windows\sysvol\domain using the DNS name DC_1.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_1.DomainA.local from this computer.
[2] FRS is not running on DC_1.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034FA
Time Generated: 01/06/2013 07:52:22
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC_4.DomainA.local for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/06/2013 16:51:07
Event String:
The File Replication Service is having trouble enabling replication from DC_2 to DC_4 for c:\windows\sysvol\domain using the DNS name DC_2.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_2.DomainA.local from this computer.
[2] FRS is not running on DC_2.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... DC_4 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/05/2013 22:18:02
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/06/2013 06:18:18
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/06/2013 14:18:33
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
......................... DC_4 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_4 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
Directory partition:
DC=DomainA,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con figuration ,DC=Domain A,DC=local
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=DomainA,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
Directory partition:
DC=DomainDnsZones,DC=Domai nA,DC=loca l
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con figuration ,DC=Domain A,DC=local
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=DomainDnsZones,DC=Domai nA,DC=loca l
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
Directory partition:
DC=ForestDnsZones,DC=Domai nA,DC=loca l
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con figuration ,DC=Domain A,DC=local
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=ForestDnsZones,DC=Domai nA,DC=loca l
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
Directory partition:
CN=Configuration,DC=Domain A,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con figuration ,DC=Domain A,DC=local
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
CN=Configuration,DC=Domain A,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi guration,D C=DomainA, DC=local
......................... DC_4 failed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server s,CN=SiteA ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
......................... DC_4 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_4 on DC DC_4.
* SPN found :LDAP/DC_4.DomainA.local/D omainA.loc al
* SPN found :LDAP/DC_4.DomainA.local
* SPN found :LDAP/DC_4
* SPN found :LDAP/DC_4.DomainA.local/D omainA
* SPN found :LDAP/8377db93-69b5-4022-9 7d1-84a35d 324725._ms dcs.Domain A.local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/8377db93 -69b5-4022 -97d1-84a3 5d324725/D omainA.loc al
* SPN found :HOST/DC_4.DomainA.local/D omainA.loc al
* SPN found :HOST/DC_4.DomainA.local
* SPN found :HOST/DC_4
* SPN found :HOST/DC_4.DomainA.local/D omainA
* SPN found :GC/DC_4.DomainA.local/Dom ainA.local
......................... DC_4 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_4.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai nA,DC=loca l
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain A,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_4 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_4\netlogon
Verified share \\DC_4\sysvol
......................... DC_4 passed test NetLogons
Starting test: ObjectsReplicated
DC_4 is in domain DC=DomainA,DC=local
Checking for CN=DC_4,OU=Domain Controllers,DC=DomainA,DC= local in domain DC=DomainA,DC=local on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC_4,CN=Server s,CN=SiteC ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local in domain CN=Configuration,DC=Domain A,DC=local on 4 servers
Object is up-to-date on all servers.
......................... DC_4 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=ForestDnsZones,DC=Domai nA,DC=loca l
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=ForestDnsZones,DC=Domai nA,DC=loca l
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=DomainDnsZones,DC=Domai nA,DC=loca l
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=DomainDnsZones,DC=Domai nA,DC=loca l
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context:
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context:
CN=Schema,CN=Configuration ,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: CN=Configuration,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: CN=Configuration,DC=Domain A,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:54.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
......................... DC_4 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6604 to 7103
* rIDPreviousAllocationPool is 6604 to 7103
* rIDNextRID: 6607
......................... DC_4 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on DC_4, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... DC_4 failed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:15:45
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:20:46
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:25:47
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:30:48
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:35:49
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:40:50
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:45:16
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:45:51
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:50:53
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:55:54
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:44
Event String:
The dynamic registration of the DNS record '_gc._tcp.DomainA.local. 600 IN SRV 0 100 3268 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_gc._tcp.SiteC._sites.Dom ainA.local . 600 IN SRV 0 100 3268 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones .DomainA.l ocal. 600 IN SRV 0 100 389 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.SiteC._sites.D omainDnsZo nes.Domain A.local. 600 IN SRV 0 100 389 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZones .DomainA.l ocal. 600 IN SRV 0 100 389 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:59
Event String:
The dynamic registration of the DNS record '_ldap._tcp.SiteC._sites.F orestDnsZo nes.Domain A.local. 600 IN SRV 0 100 389 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.DomainA.lo cal. 600 IN SRV 0 100 88 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.SiteC._sit es.DomainA .local. 600 IN SRV 0 100 88 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._udp.DomainA.lo cal. 600 IN SRV 0 100 88 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kpasswd._tcp.DomainA.loc al. 600 IN SRV 0 100 464 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:19
Event String:
The dynamic registration of the DNS record '_kpasswd._udp.DomainA.loc al. 600 IN SRV 0 100 464 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:00:55
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:05:56
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:10:57
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... DC_4 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_4,OU=Domain Controllers,DC=DomainA,DC= local and
backlink on
CN=DC_4,CN=Servers,CN=Site C,CN=Sites ,CN=Config uration,DC =DomainA,D C=local
are correct.
The system object reference (serverReferenceBL)
CN=DC_4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai nA,DC=loca l
and backlink on
CN=NTDS Settings,CN=DC_4,CN=Server s,CN=SiteC ,CN=Sites, CN=Configu ration,DC= DomainA,DC =local
are correct.
......................... DC_4 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DomainA
Starting test: CheckSDRefDom
......................... DomainA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainA passed test
CrossRefValidation
Running enterprise tests on : DomainA.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
SiteDC Name: \\DC_1.DomainA.local
Locator Flags: 0xe00013fd
Time Server Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
Preferred Time Server Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
KDC Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
......................... DomainA.local passed test
LocatorCheck
Starting test: Intersite
Doing intersite inbound replication test on site SiteA:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site SiteA is: DC_1.
Checking for down bridgeheads ...
Bridghead SiteC\DC_4 is up and replicating fine.
Bridghead SiteA\DC_2 is up and replicating fine.
Bridghead SiteA\DC_1 is up and replicating fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating into site
SiteA.
Doing intersite inbound replication test on site Siteb:
Locating & Contacting Intersite Topology Generator (ISTG) ...
Doing intersite inbound replication test on site SiteC:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site SiteC is: DC_4.
Checking for down bridgeheads ...
*Warning: Remote bridgehead SiteA\DC_2 is not eligible
as a bridgehead due to too many failures. Replication may be
disrupted into the local site SiteC.
Bridghead SiteC\DC_4 is up and replicating fine.
*Warning: Remote bridgehead SiteA\DC_1 is not eligible as
a bridgehead due to too many failures. Replication may be
disrupted into the local site SiteC.
Doing in depth site analysis ...
Remote site SiteA is replicating to the local site
SiteC the writeable NC ForestDnsZones correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC DomainDnsZones correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC Schema correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC Configuration correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC DomainA correctly.
Skipping site SiteD, this site is outside the scope provided by the
command line arguments provided.
......................... DomainA.local passed test Intersite
Here's the output for the DC in ForestB:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Server_2, is a Directory Server.
Home Server = Server_2
* Connecting to directory service on server Server_2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=ForestB-lan,CN
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=Server_2,CN=Se
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: ForestB-lan\Server_2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... Server_2 passed test Connectivity
Doing primary tests
Testing server: ForestB-lan\Server_2
Starting test: Advertising
The DC Server_2 is advertising itself as a DC and having a DS.
The DC Server_2 is advertising as an LDAP server
The DC Server_2 is advertising as having a writeable directory
The DC Server_2 is advertising as a Key Distribution Center
The DC Server_2 is advertising as a time server
The DS Server_2 is advertising as a GC.
......................... Server_2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... Server_2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... Server_2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... Server_2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... Server_2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=Server_2,CN=Se
Role Domain Owner = CN=NTDS Settings,CN=Server_2,CN=Se
Role PDC Owner = CN=NTDS Settings,CN=Server_2,CN=Se
Role Rid Owner = CN=NTDS Settings,CN=Server_2,CN=Se
Role Infrastructure Update Owner = CN=NTDS Settings,CN=Server_2,CN=Se
......................... Server_2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC Server_2 on DC Server_2.
* SPN found :LDAP/Server_2.ForestB.lan
* SPN found :LDAP/Server_2.ForestB.lan
* SPN found :LDAP/Server_2
* SPN found :LDAP/Server_2.ForestB.lan
* SPN found :LDAP/42d3c96a-c04b-483e-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/Server_2.ForestB.lan
* SPN found :HOST/Server_2.ForestB.lan
* SPN found :HOST/Server_2
* SPN found :HOST/Server_2.ForestB.lan
* SPN found :GC/Server_2.ForestB.lan/F
......................... Server_2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC Server_2.
* Security Permissions Check for
DC=ForestDnsZones,DC=Fores
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Fores
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Forest
(Configuration,Version 3)
* Security Permissions Check for
DC=ForestB,DC=lan
(Domain,Version 3)
......................... Server_2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\Server_2\netlogon
Verified share \\Server_2\sysvol
......................... Server_2 passed test NetLogons
Starting test: ObjectsReplicated
Server_2 is in domain DC=ForestB,DC=lan
Checking for CN=Server_2,OU=Domain Controllers,DC=ForestB,DC=
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=Server_2,CN=Se
Object is up-to-date on all servers.
......................... Server_2 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... Server_2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* Server_2.ForestB.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1161
......................... Server_2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
Invalid service type: DnsCache on Server_2, current value
WIN32_OWN_PROCESS, expected value WIN32_SHARE_PROCESS
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... Server_2 failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... Server_2 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=Server_2,OU=Domain Controllers,DC=ForestB,DC=
CN=Server_2,CN=Servers,CN=
are correct.
The system object reference (serverReferenceBL)
CN=WIN-UEU2M12O60H,CN=Topo
and backlink on
CN=NTDS Settings,CN=Server_2,CN=Se
are correct.
The system object reference (msDFSR-ComputerReferenceB
CN=WIN-UEU2M12O60H,CN=Topo
and backlink on CN=Server_2,OU=Domain Controllers,DC=ForestB,DC=
correct.
......................... Server_2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : ForestB
Starting test: CheckSDRefDom
......................... ForestB passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestB passed test CrossRefValidation
Running enterprise tests on : ForestB.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
PDC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
Time Server Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
Preferred Time Server Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
KDC Name: \\Server_2.ForestB.lan
Locator Flags: 0xe00031fd
......................... ForestB.lan passed test LocatorCheck
Starting test: Intersite
Skipping site ForestB-lan, this site is outside the scope provided by the
command line arguments provided.
......................... ForestB.lan passed test Intersite
And the output for ForestA:
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine DC_2, is a Directory Server.
Home Server = DC_2
* Connecting to directory service on server DC_2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SiteA,CN=Sites
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Siteb,CN=Sites
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SiteC,CN=Sites
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SiteD,CN=Sites
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC_1,CN=Server
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_2,CN=Server
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_3,CN=Server
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
Server is an RODC
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC_4,CN=Server
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 4 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SiteA\DC_1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_1 passed test Connectivity
Testing server: SiteA\DC_2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_2 passed test Connectivity
Testing server: Siteb\DC_3
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_3 passed test Connectivity
Testing server: SiteC\DC_4
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC_4 passed test Connectivity
Doing primary tests
Testing server: SiteA\DC_1
Starting test: Advertising
The DC DC_1 is advertising itself as a DC and having a DS.
The DC DC_1 is advertising as an LDAP server
The DC DC_1 is advertising as having a writeable directory
The DC DC_1 is advertising as a Key Distribution Center
The DC DC_1 is advertising as a time server
The DS DC_1 is advertising as a GC.
......................... DC_1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 23:53:28
Event String:
The File Replication Service is having trouble enabling replication from DC_4 to DC_1 for c:\windows\sysvol\domain using the DNS name DC_4.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_4.DomainA.local from this computer.
[2] FRS is not running on DC_4.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034FA
Time Generated: 01/06/2013 00:30:25
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC_1.DomainA.local for FRS replica set configuration information.
The nTDSConnection object cn=rodc connection (frs),cn=ntds settings,cn=DC_3,cn=server
......................... DC_1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_1 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server
......................... DC_1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_1 on DC DC_1.
* SPN found :LDAP/DC_1.DomainA.local/D
* SPN found :LDAP/DC_1.DomainA.local
* SPN found :LDAP/DC_1
* SPN found :LDAP/DC_1.DomainA.local/D
* SPN found :LDAP/317ad8e6-bca1-4433-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/DC_1.DomainA.local/D
* SPN found :HOST/DC_1.DomainA.local
* SPN found :HOST/DC_1
* SPN found :HOST/DC_1.DomainA.local/D
* SPN found :GC/DC_1.DomainA.local/Dom
......................... DC_1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_1.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_1\netlogon
Verified share \\DC_1\sysvol
......................... DC_1 passed test NetLogons
Starting test: ObjectsReplicated
DC_1 is in domain DC=DomainA,DC=local
Checking for CN=DC_1,OU=Domain Controllers,DC=DomainA,DC=
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC_1,CN=Server
Object is up-to-date on all servers.
......................... DC_1 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Domai
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Domai
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Domain
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainA,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC_1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7604 to 8103
* rIDPreviousAllocationPool is 5604 to 6103
* rIDNextRID: 6027
* Warning :There is less than 16% available RIDs in the current pool
......................... DC_1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC_1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... DC_1 passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_1,OU=Domain Controllers,DC=DomainA,DC=
backlink on
CN=DC_1,CN=Servers,CN=Site
are correct.
The system object reference (serverReferenceBL)
CN=DC_1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai
and backlink on
CN=NTDS Settings,CN=DC_1,CN=Server
are correct.
......................... DC_1 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: SiteA\DC_2
Starting test: Advertising
The DC DC_2 is advertising itself as a DC and having a DS.
The DC DC_2 is advertising as an LDAP server
The DC DC_2 is advertising as having a writeable directory
The DC DC_2 is advertising as a Key Distribution Center
The DC DC_2 is advertising as a time server
The DS DC_2 is advertising as a GC.
......................... DC_2 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 23:52:54
Event String:
The File Replication Service is having trouble enabling replication from DC_4 to DC_2 for c:\windows\sysvol\domain using the DNS name DC_4.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_4.DomainA.local from this computer.
[2] FRS is not running on DC_4.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... DC_2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_2 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_2 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server
......................... DC_2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_2 on DC DC_2.
* SPN found :LDAP/DC_2.DomainA.local/D
* SPN found :LDAP/DC_2.DomainA.local
* SPN found :LDAP/DC_2
* SPN found :LDAP/DC_2.DomainA.local/D
* SPN found :LDAP/44b03619-27b4-4046-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/DC_2.DomainA.local/D
* SPN found :HOST/DC_2.DomainA.local
* SPN found :HOST/DC_2
* SPN found :HOST/DC_2.DomainA.local/D
* SPN found :GC/DC_2.DomainA.local/Dom
......................... DC_2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_2.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_2\netlogon
Verified share \\DC_2\sysvol
......................... DC_2 passed test NetLogons
Starting test: ObjectsReplicated
DC_2 is in domain DC=DomainA,DC=local
Checking for CN=DC_2,OU=Domain Controllers,DC=DomainA,DC=
Authoritative attribute lastLogonTimestamp on DC_2 (writeable)
usnLocalChange = 39638571
LastOriginatingDsa = DC_1
usnOriginatingChange = 70015661
timeLastOriginatingChange = 2013-01-03 17:15:06
VersionLastOriginatingChan
Out-of-date attribute lastLogonTimestamp on DC_4 (writeable)
usnLocalChange = 2314093
LastOriginatingDsa = DC_4
usnOriginatingChange = 2314093
timeLastOriginatingChange = 2012-12-21 20:30:20
VersionLastOriginatingChan
Authoritative attribute pwdLastSet on DC_2 (writeable)
usnLocalChange = 39475478
LastOriginatingDsa = DC_1
usnOriginatingChange = 69772114
timeLastOriginatingChange = 2012-12-28 20:57:36
VersionLastOriginatingChan
Out-of-date attribute pwdLastSet on DC_4 (writeable)
usnLocalChange = 2231123
LastOriginatingDsa = DC_1
usnOriginatingChange = 68625986
timeLastOriginatingChange = 2012-11-28 01:27:02
VersionLastOriginatingChan
Checking for CN=NTDS Settings,CN=DC_2,CN=Server
Object is up-to-date on all servers.
......................... DC_2 failed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=Domai
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=Domai
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=Domain
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainA,DC=local
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC_2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7104 to 7603
* rIDPreviousAllocationPool is 4604 to 5103
* rIDNextRID: 4961
......................... DC_2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC_2 passed test Services
Starting test: SystemLog
* The System Event log test
......................... DC_2 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_2,OU=Domain Controllers,DC=DomainA,DC=
backlink on
CN=DC_2,CN=Servers,CN=Site
are correct.
The system object reference (serverReferenceBL)
CN=DC_2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai
and backlink on
CN=NTDS Settings,CN=DC_2,CN=Server
are correct.
......................... DC_2 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: Siteb\DC_3
Starting test: Advertising
The DC DC_3 is advertising itself as a DC and having a DS.
The DC DC_3 is advertising as an LDAP server
The DC DC_3 is not advertising as having a writeable directory because it is an RODC
The DC DC_3 is advertising as a Key Distribution Center
The DC DC_3 is advertising as a time server
The DS DC_3 is advertising as a GC.
......................... DC_3 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... DC_3 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... DC_3 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_3 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... DC_3 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server
......................... DC_3 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_3 on DC DC_3.
* SPN found :LDAP/DC_3.DomainA.local/D
* SPN found :LDAP/DC_3.DomainA.local
* SPN found :LDAP/DC_3
* SPN found :LDAP/DC_3.DomainA.local/D
* SPN found :LDAP/e5ef6b48-fba4-43c7-9
* SPN found :HOST/DC_3.DomainA.local/D
* SPN found :HOST/DC_3.DomainA.local
* SPN found :HOST/DC_3
* SPN found :HOST/DC_3.DomainA.local/D
* SPN found :GC/DC_3.DomainA.local/Dom
......................... DC_3 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_3.
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_3\netlogon
Verified share \\DC_3\sysvol
......................... DC_3 passed test NetLogons
Starting test: ObjectsReplicated
DC_3 is in domain DC=DomainA,DC=local
Checking for CN=DC_3,OU=Domain Controllers,DC=DomainA,DC=
Authoritative attribute lastLogonTimestamp on DC_1 (writeable)
usnLocalChange = 69842721
LastOriginatingDsa = DC_1
usnOriginatingChange = 69842721
timeLastOriginatingChange = 2012-12-30 14:10:40
VersionLastOriginatingChan
Out-of-date attribute lastLogonTimestamp on DC_4 (writeable)
usnLocalChange = 2278270
LastOriginatingDsa = DC_1
usnOriginatingChange = 69088672
timeLastOriginatingChange = 2012-12-10 13:25:59
VersionLastOriginatingChan
Authoritative attribute pwdLastSet on DC_2 (writeable)
usnLocalChange = 39254844
LastOriginatingDsa = DC_1
usnOriginatingChange = 69415453
timeLastOriginatingChange = 2012-12-19 02:06:11
VersionLastOriginatingChan
Out-of-date attribute pwdLastSet on DC_4 (writeable)
usnLocalChange = 2194439
LastOriginatingDsa = DC_1
usnOriginatingChange = 68277479
timeLastOriginatingChange = 2012-11-18 02:05:56
VersionLastOriginatingChan
Checking for CN=NTDS Settings,CN=DC_3,CN=Server
Object is up-to-date on all servers.
......................... DC_3 failed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:57:40.
The last success occurred at 2013-01-05 19:56:27.
88 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context: CN=Configuration,DC=Domain
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:57:19.
The last success occurred at 2013-01-05 19:56:26.
88 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_3] A recent replication attempt failed:
From DC_2 to DC_3
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:02.
The last success occurred at 2013-01-05 19:56:27.
88 failures have occurred since the last success.
The source DC_2 is responding now.
......................... DC_3 failed test Replications
Test skipped for RODC: RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on DC_3, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... DC_3 failed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x8000001D
Time Generated: 01/06/2013 17:32:00
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
An Error Event occurred. EventID: 0x0000165B
Time Generated: 01/06/2013 17:51:31
Event String:
The session setup from computer 'ALPHA' failed because the security database does not contain a trust account 'colo.lan.' referenced by the specified computer.
USER ACTION
If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. If this is a Read-Only Domain Controller and 'colo.lan.' is a legitimate machine account for the computer 'ALPHA' then 'ALPHA' should be marked cacheable for this location if appropriate or otherwise ensure connectivity to a domain controller capable of servicing the request (for example a writable domain controller). Otherwise, the following steps may be taken to resolve this problem:
If 'colo.lan.' is a legitimate machine account for the computer 'ALPHA', then 'ALPHA' should be rejoined to the domain.
If 'colo.lan.' is a legitimate interdomain trust account, then the trust should be recreated.
Otherwise, assuming that 'colo.lan.' is not a legitimate account, the following action should be taken on 'ALPHA':
If 'ALPHA' is a Domain Controller, then the trust associated with 'colo.lan.' should be deleted.
If 'ALPHA' is not a Domain Controller, it should be disjoined from the domain.
......................... DC_3 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_3,OU=Domain Controllers,DC=DomainA,DC=
backlink on
CN=DC_3,CN=Servers,CN=Site
are correct.
The system object reference (serverReferenceBL)
CN=DC_3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai
and backlink on
CN=NTDS Settings,CN=DC_3,CN=Server
are correct.
......................... DC_3 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: SiteC\DC_4
Starting test: Advertising
The DC DC_4 is advertising itself as a DC and having a DS.
The DC DC_4 is advertising as an LDAP server
The DC DC_4 is advertising as having a writeable directory
The DC DC_4 is advertising as a Key Distribution Center
The DC DC_4 is advertising as a time server
The DS DC_4 is advertising as a GC.
......................... DC_4 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/05/2013 19:15:34
Event String:
The File Replication Service is having trouble enabling replication from DC_1 to DC_4 for c:\windows\sysvol\domain using the DNS name DC_1.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_1.DomainA.local from this computer.
[2] FRS is not running on DC_1.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034FA
Time Generated: 01/06/2013 07:52:22
Event String:
Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller DC_4.DomainA.local for FRS replica set configuration information.
Could not bind to a Domain Controller. Will try again at next polling cycle.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/06/2013 16:51:07
Event String:
The File Replication Service is having trouble enabling replication from DC_2 to DC_4 for c:\windows\sysvol\domain using the DNS name DC_2.DomainA.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name DC_2.DomainA.local from this computer.
[2] FRS is not running on DC_2.DomainA.local.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... DC_4 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/05/2013 22:18:02
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/06/2013 06:18:18
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
An Warning Event occurred. EventID: 0x800004B4
Time Generated: 01/06/2013 14:18:33
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. The service will continue to replicate using previously downloaded configuration and will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
......................... DC_4 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC_4 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi
Directory partition:
DC=DomainA,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=DomainA,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi
Directory partition:
DC=DomainDnsZones,DC=Domai
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=DomainDnsZones,DC=Domai
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi
Directory partition:
DC=ForestDnsZones,DC=Domai
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=ForestDnsZones,DC=Domai
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi
An Warning Event occurred. EventID: 0x8000061E
Time Generated: 01/06/2013 18:04:17
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteA,CN=Sites,CN=Confi
Directory partition:
CN=Configuration,DC=Domain
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Con
An Error Event occurred. EventID: 0xC000051F
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
CN=Configuration,DC=Domain
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
An Warning Event occurred. EventID: 0x80000749
Time Generated: 01/06/2013 18:04:17
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteA,CN=Sites,CN=Confi
......................... DC_4 failed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role SiteDC Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=DC_1,CN=Server
Role Infrastructure USiteDate Owner = CN=NTDS Settings,CN=DC_1,CN=Server
......................... DC_4 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC DC_4 on DC DC_4.
* SPN found :LDAP/DC_4.DomainA.local/D
* SPN found :LDAP/DC_4.DomainA.local
* SPN found :LDAP/DC_4
* SPN found :LDAP/DC_4.DomainA.local/D
* SPN found :LDAP/8377db93-69b5-4022-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/DC_4.DomainA.local/D
* SPN found :HOST/DC_4.DomainA.local
* SPN found :HOST/DC_4
* SPN found :HOST/DC_4.DomainA.local/D
* SPN found :GC/DC_4.DomainA.local/Dom
......................... DC_4 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC_4.
* Security Permissions Check for
DC=ForestDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=Domai
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=Domain
(Configuration,Version 3)
* Security Permissions Check for
DC=DomainA,DC=local
(Domain,Version 3)
......................... DC_4 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC_4\netlogon
Verified share \\DC_4\sysvol
......................... DC_4 passed test NetLogons
Starting test: ObjectsReplicated
DC_4 is in domain DC=DomainA,DC=local
Checking for CN=DC_4,OU=Domain Controllers,DC=DomainA,DC=
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC_4,CN=Server
Object is up-to-date on all servers.
......................... DC_4 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=ForestDnsZones,DC=Domai
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=ForestDnsZones,DC=Domai
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=DomainDnsZones,DC=Domai
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=DomainDnsZones,DC=Domai
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: CN=Configuration,DC=Domain
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: CN=Configuration,DC=Domain
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_1 to DC_4
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:54.
1993 failures have occurred since the last success.
The source DC_1 is responding now.
[Replications Check,DC_4] A recent replication attempt failed:
From DC_2 to DC_4
Naming Context: DC=DomainA,DC=local
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-01-06 17:58:38.
The last success occurred at 2012-12-16 23:41:55.
1993 failures have occurred since the last success.
The source DC_2 is responding now.
......................... DC_4 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 8104 to 1073741823
* DC_1.DomainA.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6604 to 7103
* rIDPreviousAllocationPool is 6604 to 7103
* rIDNextRID: 6607
......................... DC_4 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on DC_4, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... DC_4 failed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:15:45
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:20:46
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:25:47
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:30:48
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:35:49
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:40:50
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:45:16
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:45:51
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:50:53
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 17:55:54
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:44
Event String:
The dynamic registration of the DNS record '_gc._tcp.DomainA.local. 600 IN SRV 0 100 3268 DC_4.DomainA.local.' failed on the following DNS server:
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_gc._tcp.SiteC._sites.Dom
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZones
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.SiteC._sites.D
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:47
Event String:
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZones
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 17:59:59
Event String:
The dynamic registration of the DNS record '_ldap._tcp.SiteC._sites.F
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.DomainA.lo
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.SiteC._sit
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kerberos._udp.DomainA.lo
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:11
Event String:
The dynamic registration of the DNS record '_kpasswd._tcp.DomainA.loc
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 01/06/2013 18:00:19
Event String:
The dynamic registration of the DNS record '_kpasswd._udp.DomainA.loc
DNS server IP address: 10.100.0.60
Returned Response Code (RCODE): 5
Returned Status Code: 10055
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An operation on a socket could not be performed because the system lacked sufficient buffer space or because a queue was full.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:00:55
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:05:56
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
An Error Event occurred. EventID: 0x0000041E
Time Generated: 01/06/2013 18:10:57
Event String:
The processing of Group Policy failed. Windows could not obtain the name of a domain controller. This could be caused by a name resolution failure. Verify your Domain Name System (DNS) is configured and working correctly.
......................... DC_4 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC_4,OU=Domain Controllers,DC=DomainA,DC=
backlink on
CN=DC_4,CN=Servers,CN=Site
are correct.
The system object reference (serverReferenceBL)
CN=DC_4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=Domai
and backlink on
CN=NTDS Settings,CN=DC_4,CN=Server
are correct.
......................... DC_4 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DomainA
Starting test: CheckSDRefDom
......................... DomainA passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainA passed test
CrossRefValidation
Running enterprise tests on : DomainA.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
SiteDC Name: \\DC_1.DomainA.local
Locator Flags: 0xe00013fd
Time Server Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
Preferred Time Server Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
KDC Name: \\DC_2.DomainA.local
Locator Flags: 0xe00013fc
......................... DomainA.local passed test
LocatorCheck
Starting test: Intersite
Doing intersite inbound replication test on site SiteA:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site SiteA is: DC_1.
Checking for down bridgeheads ...
Bridghead SiteC\DC_4 is up and replicating fine.
Bridghead SiteA\DC_2 is up and replicating fine.
Bridghead SiteA\DC_1 is up and replicating fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating into site
SiteA.
Doing intersite inbound replication test on site Siteb:
Locating & Contacting Intersite Topology Generator (ISTG) ...
Doing intersite inbound replication test on site SiteC:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site SiteC is: DC_4.
Checking for down bridgeheads ...
*Warning: Remote bridgehead SiteA\DC_2 is not eligible
as a bridgehead due to too many failures. Replication may be
disrupted into the local site SiteC.
Bridghead SiteC\DC_4 is up and replicating fine.
*Warning: Remote bridgehead SiteA\DC_1 is not eligible as
a bridgehead due to too many failures. Replication may be
disrupted into the local site SiteC.
Doing in depth site analysis ...
Remote site SiteA is replicating to the local site
SiteC the writeable NC ForestDnsZones correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC DomainDnsZones correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC Schema correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC Configuration correctly.
Remote site SiteA is replicating to the local site
SiteC the writeable NC DomainA correctly.
Skipping site SiteD, this site is outside the scope provided by the
command line arguments provided.
......................... DomainA.local passed test Intersite
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
MSDN has a Checklist: Creating a forest trust and DNS check is part of it
http://technet.microsoft.com/en-us/library/cc756852(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc756852(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc782773(WS.10).aspx
How to configure a firewall for domains and trusts
http://support.microsoft.com/kb/179442
You may also want to check out the section from this article
- "Prerequisites to establish One Way Forest Trust"
- "Trust Limitation
(note - Trusted Domain and Trusting Domain, in your case is ForestA and ForestB respectively)
http://blogs.technet.com/b/mir/archive/2011/06/12/accessing-resources-across-forest-and-achieve-single-sign-on-part1.aspx
Quite a couple of contributing factor but mainly if Netlogon doesn't start, the server (ForestB) will record one of two Netlogon errors: Error 3210 or 5721. Some old msdn below
NetLogon Service Fails When Secure Channel Not Functioning
http://support.microsoft.com/kb/150518
Event ID 3210 and 5722 Appear When Synchronizing Entire Domain
http://support.microsoft.com/kb/142869/EN-US
Nonetheless, for more in depth details, below are good read on the forest trust
http://technet.microsoft.com/en-us/library/cc773178%28WS.10%29.aspx
You may also want to see "Minimum Administrative Credentials for Securing Trusts"
http://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx