education-dynamics
asked on
Trusting Domains Issue
I am trying to create a trust between 2 domains. Here is what I am working with...
DomainA
Server 2003 R2
Domain function level = Server2003
Has forward lookup zone for DomainB which contains A records for DCs in DomainB
Is able to ping DomainB by hostname
When I run nltest /dsgetdc:DomainB I get the following error...
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
DomainB
Server 2008 R2
Domain function level = Server2003 (second domain controller is running Server 2003)
Has forward lookup zone for DomainA which contains A records for DCs in DomainA
Is able to ping DomainA by hostname
When I run nltest /dsgetdc:DomainA I get the following error...
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
When I try to create the trust from either domain controller in DomainA or DomainB, I get the following error...
"The trust relationship cannot be created because the following error occurred:
Either the domain does not exist, or network or other problems are preventing
connection."
I tried configuring forwarders in each domain to the other to no avail. Any help would be appreciated.
DomainA
Server 2003 R2
Domain function level = Server2003
Has forward lookup zone for DomainB which contains A records for DCs in DomainB
Is able to ping DomainB by hostname
When I run nltest /dsgetdc:DomainB I get the following error...
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
DomainB
Server 2008 R2
Domain function level = Server2003 (second domain controller is running Server 2003)
Has forward lookup zone for DomainA which contains A records for DCs in DomainA
Is able to ping DomainA by hostname
When I run nltest /dsgetdc:DomainA I get the following error...
DsGetDcName failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
When I try to create the trust from either domain controller in DomainA or DomainB, I get the following error...
"The trust relationship cannot be created because the following error occurred:
Either the domain does not exist, or network or other problems are preventing
connection."
I tried configuring forwarders in each domain to the other to no avail. Any help would be appreciated.
ASKER
Both firewalls are disabled.
Instead of forward lookup zones, enable zone transfer on domain dns zone of both domains and map as a secondary zone in both domains vice versa.
flush dns cache by running ipconfig /flushdns and dnscmd /clearcache at both domains.
Please try building trust now. If still issue persists,
Enable zone transfer on "_msdcs.domain.com" zone as well at each domain and map them as secondary zone at both domains vice versa
again flush dns cache by running ipconfig /flushdns and dnscmd /clearcache at both domains.
Please try building trust now. It should work.
flush dns cache by running ipconfig /flushdns and dnscmd /clearcache at both domains.
Please try building trust now. If still issue persists,
Enable zone transfer on "_msdcs.domain.com" zone as well at each domain and map them as secondary zone at both domains vice versa
again flush dns cache by running ipconfig /flushdns and dnscmd /clearcache at both domains.
Please try building trust now. It should work.
ASKER
I will try and post back. Thanks
ASKER
I forgot that I already have this setup as well. I tried doing this before posting to see if this would work. See attachments.
On the 1st screen-shot... should I specify the servers instead?
trust1.png
trust2.png
On the 1st screen-shot... should I specify the servers instead?
trust1.png
trust2.png
You have mentioned in your question that you have forward lookup zones for opposite domains ?
My suggestion is to delete forward lookup zone for opposite domains and create secondary zones instead for domain dns zone and _msdcs.domain.com vice versa.
If above got failed then,
Alternatively you can create conditional forwarding for both domain vice versa.
Also download PortQueryUI from Microsoft and check if AD authentication ports are opened from both ends ?
Thanks
My suggestion is to delete forward lookup zone for opposite domains and create secondary zones instead for domain dns zone and _msdcs.domain.com vice versa.
If above got failed then,
Alternatively you can create conditional forwarding for both domain vice versa.
Also download PortQueryUI from Microsoft and check if AD authentication ports are opened from both ends ?
Thanks
ASKER
This is the result of the portquery. Does this mean port 42 is not open? If so, how is that possible since both firewalls are off?
Starting portqry.exe -n srvdc1-ofy.ofy.org -e 42 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP exits with return code 0x00000001.
Starting portqry.exe -n srvdc1-ofy.ofy.org -e 42 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP exits with return code 0x00000001.
It seems to be name resolution or necessary port not open for domain and trust.If you are creationg forest trust ensure below parameters.
To create the trust you have to prepare DNS to resolve the other domain name properly.Use conditional forwarder or secondary or stub zone.
http://www.windowsnetworking.com/art...tub_Zones.html
Have you created forwarders or seconadry zone for name resolution.If the secondary zone is created check does the zone loads correctly.If you have created the same then create and check.
Checklist: Creating a forest trust
http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
How to configure a firewall for domains and trusts
http://support.microsoft.com/kb/179442
Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
To create the trust you have to prepare DNS to resolve the other domain name properly.Use conditional forwarder or secondary or stub zone.
http://www.windowsnetworking.com/art...tub_Zones.html
Have you created forwarders or seconadry zone for name resolution.If the secondary zone is created check does the zone loads correctly.If you have created the same then create and check.
Checklist: Creating a forest trust
http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
How to configure a firewall for domains and trusts
http://support.microsoft.com/kb/179442
Portquery is free tool from the MS which can be downloaded and installed to verify the necessary ports are opened or not.
TCP Port 42 (WINS) is not required by 2003 \ 2008 domain controllers.
Since you have not installed WINS service on either domain controllers, you cannot telnetThere is nothing wrong with that.
Please download PortQueryUI from Microsoft and check all AD ports with GUI
http://www.microsoft.com/en-us/download/details.aspx?id=24009
Can you please post the PortqueryUI results please..
Thanks
Since you have not installed WINS service on either domain controllers, you cannot telnetThere is nothing wrong with that.
Please download PortQueryUI from Microsoft and check all AD ports with GUI
http://www.microsoft.com/en-us/download/details.aspx?id=24009
Can you please post the PortqueryUI results please..
Thanks
ASKER
Here is the output...
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 135 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:
UUID: d95afe70-a6d5-4259-822e-2c 84da1ddb0d
ncacn_ip_tcp:10.60.0.33[49 152]
UUID: 76f226c3-ec14-4325-8a99-6a 46348418af
ncalrpc:[WMsgKRpc01E1B1389 2]
UUID: 12e65dd8-887f-41ef-91bf-8d 816c42c2e7 Secure Desktop LRPC interface
ncalrpc:[WMsgKRpc01E1B1389 2]
UUID: 906b0ce0-c70b-1067-b317-00 dd010662da
ncalrpc:[LRPC-c6577f35a7f7 2a6d3c]
UUID: 906b0ce0-c70b-1067-b317-00 dd010662da
ncalrpc:[LRPC-c6577f35a7f7 2a6d3c]
UUID: 906b0ce0-c70b-1067-b317-00 dd010662da
ncalrpc:[LRPC-c6577f35a7f7 2a6d3c]
UUID: 906b0ce0-c70b-1067-b317-00 dd010662da
ncalrpc:[LRPC-c6577f35a7f7 2a6d3c]
UUID: 6b5bdd1e-528c-422c-af8c-a4 079be4fe48 Remote Fw APIs
ncacn_ip_tcp:10.60.0.33[53 491]
UUID: 12345678-1234-abcd-ef00-01 23456789ab IPSec Policy agent endpoint
ncacn_ip_tcp:10.60.0.33[53 491]
UUID: 12345678-1234-abcd-ef00-01 23456789ab IPSec Policy agent endpoint
ncalrpc:[LRPC-2186494185e9 1f862d]
UUID: 367abb81-9844-35f1-ad32-98 f038001003
ncacn_ip_tcp:10.60.0.33[53 489]
UUID: 50abc2a4-574d-40b3-9d66-ee 4fd5fba076
ncacn_ip_tcp:10.60.0.33[55 386]
UUID: f5cc59b4-4264-101a-8c59-08 002b2f8426 NtFrs Service
ncalrpc:[OLE9D25B482533242 1D9CFA33A2 DD75]
UUID: f5cc59b4-4264-101a-8c59-08 002b2f8426 NtFrs Service
ncacn_ip_tcp:10.60.0.33[55 380]
UUID: f5cc59b4-4264-101a-8c59-08 002b2f8426 NtFrs Service
ncalrpc:[LRPC-39642e714fab f726d2]
UUID: d049b186-814f-11d1-9a3c-00 c04fc9b232 NtFrs API
ncalrpc:[OLE9D25B482533242 1D9CFA33A2 DD75]
UUID: d049b186-814f-11d1-9a3c-00 c04fc9b232 NtFrs API
ncacn_ip_tcp:10.60.0.33[55 380]
UUID: d049b186-814f-11d1-9a3c-00 c04fc9b232 NtFrs API
ncalrpc:[LRPC-39642e714fab f726d2]
UUID: a00c021c-2be2-11d2-b678-00 00f87a8f8e PERFMON SERVICE
ncalrpc:[OLE9D25B482533242 1D9CFA33A2 DD75]
UUID: a00c021c-2be2-11d2-b678-00 00f87a8f8e PERFMON SERVICE
ncacn_ip_tcp:10.60.0.33[55 380]
UUID: a00c021c-2be2-11d2-b678-00 00f87a8f8e PERFMON SERVICE
ncalrpc:[LRPC-39642e714fab f726d2]
UUID: 6bffd098-a112-3610-9833-46 c3f874532d
ncalrpc:[OLE4080869A591A47 D9A4C08B7A 0B5A]
UUID: 6bffd098-a112-3610-9833-46 c3f874532d
ncacn_ip_tcp:10.60.0.33[55 378]
UUID: 5b821720-f63b-11d0-aad2-00 c04fc324db
ncalrpc:[OLE4080869A591A47 D9A4C08B7A 0B5A]
UUID: 5b821720-f63b-11d0-aad2-00 c04fc324db
ncacn_ip_tcp:10.60.0.33[55 378]
UUID: 91ae6020-9e3c-11cf-8d7c-00 aa00c091be
ncalrpc:[OLEF0069B14502A4F 46A2A6CAEC 5A47]
UUID: 91ae6020-9e3c-11cf-8d7c-00 aa00c091be
ncacn_np:\\\\srvdc1[\\pipe \\cert]
UUID: 91ae6020-9e3c-11cf-8d7c-00 aa00c091be
ncacn_ip_tcp:10.60.0.33[55 374]
UUID: 76f03f96-cdfd-44fc-a22c-64 950a001209 Spooler function endpoint
ncacn_np:\\\\srvdc1[\\pipe \\spoolss]
UUID: 76f03f96-cdfd-44fc-a22c-64 950a001209 Spooler function endpoint
ncacn_ip_tcp:10.60.0.33[55 346]
UUID: ae33069b-a2a8-46ee-a235-dd fd339be281 Spooler base remote object endpoint
ncacn_np:\\\\srvdc1[\\pipe \\spoolss]
UUID: ae33069b-a2a8-46ee-a235-dd fd339be281 Spooler base remote object endpoint
ncacn_ip_tcp:10.60.0.33[55 346]
UUID: ae33069b-a2a8-46ee-a235-dd fd339be281 Spooler base remote object endpoint
ncalrpc:[spoolss]
UUID: 0b6edbfa-4a24-4fc6-8a23-94 2b1eca65d1 Spooler function endpoint
ncacn_np:\\\\srvdc1[\\pipe \\spoolss]
UUID: 0b6edbfa-4a24-4fc6-8a23-94 2b1eca65d1 Spooler function endpoint
ncacn_ip_tcp:10.60.0.33[55 346]
UUID: 0b6edbfa-4a24-4fc6-8a23-94 2b1eca65d1 Spooler function endpoint
ncalrpc:[spoolss]
UUID: 4a452661-8290-4b36-8fbe-7f 4093a94978 Spooler function endpoint
ncacn_np:\\\\srvdc1[\\pipe \\spoolss]
UUID: 4a452661-8290-4b36-8fbe-7f 4093a94978 Spooler function endpoint
ncacn_ip_tcp:10.60.0.33[55 346]
UUID: 4a452661-8290-4b36-8fbe-7f 4093a94978 Spooler function endpoint
ncalrpc:[spoolss]
UUID: dd490425-5325-4565-b774-7e 27d6c09c24 Base Firewall Engine API
ncalrpc:[LRPC-5e576e15949d 530d81]
UUID: 7f9d11bf-7fb9-436b-a812-b2 d50c5d4c03 Fw APIs
ncalrpc:[LRPC-5e576e15949d 530d81]
UUID: 2fb92682-6599-42dc-ae13-bd 2ca89bd11c Fw APIs
ncalrpc:[LRPC-5e576e15949d 530d81]
UUID: 1bddb2a6-c0c3-41be-8703-dd bdf4f0e80a Lan Service
ncalrpc:[LRPC-9085d185686e a5de3b]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[LRPC-9085d185686e a5de3b]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[audit]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[securityevent]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[LSARPC_ENDPOINT]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[lsapolicylookup]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[lsasspirpc]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[protected_storage ]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[dsrole]
UUID: b25a52bf-e5dd-4f4a-aea6-8c a7272a0e86 KeyIso
ncalrpc:[samss lpc]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[audit]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[securityevent]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[LSARPC_ENDPOINT]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[lsapolicylookup]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[lsasspirpc]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[protected_storage ]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[dsrole]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[samss lpc]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[OLE00BC171B4B964A 29AF1C9F38 873E]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncacn_ip_tcp:10.60.0.33[49 155]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncalrpc:[NTDS_LPC]
UUID: e3514235-4b06-11d1-ab04-00 c04fc2dcd2 MS NT Directory DRS Interface
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[audit]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[securityevent]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[lsapolicylookup]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[lsasspirpc]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[protected_storage ]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[dsrole]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[samss lpc]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[OLE00BC171B4B964A 29AF1C9F38 873E]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncacn_ip_tcp:10.60.0.33[49 155]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncalrpc:[NTDS_LPC]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01 23456789ac
ncacn_ip_tcp:10.60.0.33[49 158]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[audit]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[securityevent]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[LSARPC_ENDPOINT]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[lsapolicylookup]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[lsasspirpc]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[protected_storage ]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[dsrole]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[samss lpc]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[OLE00BC171B4B964A 29AF1C9F38 873E]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncacn_ip_tcp:10.60.0.33[49 155]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncalrpc:[NTDS_LPC]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncacn_http:10.60.0.33[49157]
UUID: f5cc5a18-4264-101a-8c59-08 002b2f8426 MS NT Directory NSP Interface
ncacn_ip_tcp:10.60.0.33[49 158]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[audit]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[securityevent]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[lsapolicylookup]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[lsasspirpc]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[protected_storage ]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[dsrole]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[samss lpc]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[OLE00BC171B4B964A 29AF1C9F38 873E]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncacn_ip_tcp:10.60.0.33[49 155]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncalrpc:[NTDS_LPC]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01 23456789ab
ncacn_ip_tcp:10.60.0.33[49 158]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncacn_np:\\\\srvdc1[\\pipe \\lsass]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[LRPC-d7a89f3643d0 63f605]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[audit]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[securityevent]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[lsapolicylookup]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[lsasspirpc]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[protected_storage ]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncacn_np:\\\\srvdc1[\\PIPE \\protecte d_storage]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[dsrole]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[samss lpc]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[OLE00BC171B4B964A 29AF1C9F38 873E]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncacn_ip_tcp:10.60.0.33[49 155]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncalrpc:[NTDS_LPC]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncacn_http:10.60.0.33[49157]
UUID: 12345678-1234-abcd-ef00-01 234567cffb
ncacn_ip_tcp:10.60.0.33[49 158]
UUID: 7ea70bcf-48af-4f6a-8968-6a 440754d5fa NSI server endpoint
ncalrpc:[OLE2D5A74A50F7D4B 9585EE926A 6914]
UUID: 7ea70bcf-48af-4f6a-8968-6a 440754d5fa NSI server endpoint
ncalrpc:[LRPC-206e33134847 0e4d95]
UUID: 3473dd4d-2e88-4006-9cba-22 570909dd10 WinHttp Auto-Proxy Service
ncalrpc:[OLE2D5A74A50F7D4B 9585EE926A 6914]
UUID: 3473dd4d-2e88-4006-9cba-22 570909dd10 WinHttp Auto-Proxy Service
ncalrpc:[LRPC-206e33134847 0e4d95]
UUID: 3473dd4d-2e88-4006-9cba-22 570909dd10 WinHttp Auto-Proxy Service
ncalrpc:[W32TIME_ALT]
UUID: 3473dd4d-2e88-4006-9cba-22 570909dd10 WinHttp Auto-Proxy Service
ncacn_np:\\\\srvdc1[\\PIPE \\W32TIME_ ALT]
UUID: 24019106-a203-4642-b88d-82 dae9158929
ncalrpc:[LRPC-a11e4f45d18e de3987]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[IUserProfile2]
UUID: 2eb08e3e-639f-4fba-97b1-14 f878961076
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[senssvc]
UUID: 0a74ef1c-41a4-4e06-83ae-dc 74fb1cdd53
ncalrpc:[IUserProfile2]
UUID: 0a74ef1c-41a4-4e06-83ae-dc 74fb1cdd53
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 0a74ef1c-41a4-4e06-83ae-dc 74fb1cdd53
ncalrpc:[senssvc]
UUID: 1ff70682-0a51-30e8-076d-74 0be8cee98b
ncalrpc:[IUserProfile2]
UUID: 1ff70682-0a51-30e8-076d-74 0be8cee98b
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 1ff70682-0a51-30e8-076d-74 0be8cee98b
ncalrpc:[senssvc]
UUID: 1ff70682-0a51-30e8-076d-74 0be8cee98b
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 378e52b0-c0a9-11cf-822d-00 aa0051e40f
ncalrpc:[IUserProfile2]
UUID: 378e52b0-c0a9-11cf-822d-00 aa0051e40f
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 378e52b0-c0a9-11cf-822d-00 aa0051e40f
ncalrpc:[senssvc]
UUID: 378e52b0-c0a9-11cf-822d-00 aa0051e40f
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 86d35949-83c9-4044-b424-db 363231fd0c
ncalrpc:[IUserProfile2]
UUID: 86d35949-83c9-4044-b424-db 363231fd0c
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 86d35949-83c9-4044-b424-db 363231fd0c
ncalrpc:[senssvc]
UUID: 86d35949-83c9-4044-b424-db 363231fd0c
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 86d35949-83c9-4044-b424-db 363231fd0c
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: 98716d03-89ac-44c7-bb8c-28 5824e51c4a XactSrv service
ncalrpc:[IUserProfile2]
UUID: 98716d03-89ac-44c7-bb8c-28 5824e51c4a XactSrv service
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 98716d03-89ac-44c7-bb8c-28 5824e51c4a XactSrv service
ncalrpc:[senssvc]
UUID: 98716d03-89ac-44c7-bb8c-28 5824e51c4a XactSrv service
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 98716d03-89ac-44c7-bb8c-28 5824e51c4a XactSrv service
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncalrpc:[IUserProfile2]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncalrpc:[senssvc]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: a398e520-d59a-4bdd-aa7a-3c 1e0303a511 IKE/Authip API
ncacn_np:\\\\srvdc1[\\PIPE \\srvsvc]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncalrpc:[IUserProfile2]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncalrpc:[senssvc]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: 552d076a-cb29-4e44-8b6a-d1 5e59e2c0af IP Transition Configuration endpoint
ncacn_np:\\\\srvdc1[\\PIPE \\srvsvc]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[senssvc]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncacn_np:\\\\srvdc1[\\PIPE \\srvsvc]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncalrpc:[IUserProfile2]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncalrpc:[OLE853666A3731B49 708CD7C83E 553A]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncalrpc:[senssvc]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncacn_np:\\\\srvdc1[\\PIPE \\atsvc]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncacn_ip_tcp:10.60.0.33[49 154]
UUID: 30b044a5-a225-43f0-b3a4-e0 60df91f9c1
ncacn_np:\\\\srvdc1[\\PIPE \\srvsvc]
UUID: f6beaff7-1e19-4fbb-9f8f-b8 9e2018337c Event log TCPIP
ncalrpc:[eventlog]
UUID: f6beaff7-1e19-4fbb-9f8f-b8 9e2018337c Event log TCPIP
ncacn_np:\\\\srvdc1[\\pipe \\eventlog ]
UUID: f6beaff7-1e19-4fbb-9f8f-b8 9e2018337c Event log TCPIP
ncacn_ip_tcp:10.60.0.33[49 153]
UUID: 30adc50c-5cbc-46ce-9a0e-91 914789e23c NRP server endpoint
ncalrpc:[eventlog]
UUID: 30adc50c-5cbc-46ce-9a0e-91 914789e23c NRP server endpoint
ncacn_np:\\\\srvdc1[\\pipe \\eventlog ]
UUID: 30adc50c-5cbc-46ce-9a0e-91 914789e23c NRP server endpoint
ncacn_ip_tcp:10.60.0.33[49 153]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d6 DHCPv6 Client LRPC Endpoint
ncalrpc:[eventlog]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d6 DHCPv6 Client LRPC Endpoint
ncacn_np:\\\\srvdc1[\\pipe \\eventlog ]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d6 DHCPv6 Client LRPC Endpoint
ncacn_ip_tcp:10.60.0.33[49 153]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d6 DHCPv6 Client LRPC Endpoint
ncalrpc:[dhcpcsvc6]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d5 DHCP Client LRPC Endpoint
ncalrpc:[eventlog]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d5 DHCP Client LRPC Endpoint
ncacn_np:\\\\srvdc1[\\pipe \\eventlog ]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d5 DHCP Client LRPC Endpoint
ncacn_ip_tcp:10.60.0.33[49 153]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d5 DHCP Client LRPC Endpoint
ncalrpc:[dhcpcsvc6]
UUID: 3c4728c5-f0ab-448b-bda1-6c e01eb0a6d5 DHCP Client LRPC Endpoint
ncalrpc:[dhcpcsvc]
UUID: 76f226c3-ec14-4325-8a99-6a 46348418af
ncalrpc:[WMsgKRpc081441]
UUID: c9ac6db5-82b7-4e55-ae8a-e4 64ed7b4277 Impl friendly name
ncalrpc:[LRPC-4a77474b7444 c210fc]
UUID: 76f226c3-ec14-4325-8a99-6a 46348418af
ncalrpc:[WMsgKRpc07CB80]
UUID: 76f226c3-ec14-4325-8a99-6a 46348418af
ncacn_np:\\\\srvdc1[\\PIPE \\InitShut down]
UUID: 76f226c3-ec14-4325-8a99-6a 46348418af
ncalrpc:[WindowsShutdown]
UUID: d95afe70-a6d5-4259-822e-2c 84da1ddb0d
ncalrpc:[WMsgKRpc07CB80]
UUID: d95afe70-a6d5-4259-822e-2c 84da1ddb0d
ncacn_np:\\\\srvdc1[\\PIPE \\InitShut down]
UUID: d95afe70-a6d5-4259-822e-2c 84da1ddb0d
ncalrpc:[WindowsShutdown]
Total endpoints found: 215
==== End of RPC Endpoint Mapper query response ====
portqry.exe -n srvdc1.mydomain.com -e 135 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 389 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/19/2013 15:01:50 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN= Configurat ion,DC=myd omain,DC=c om
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv ers,CN=Dow ntown,CN=S ites,CN=Co nfiguratio n,DC=mydom ain,DC=com
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
configurationNamingContext : CN=Configuration,DC=mydoma in,DC=com
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom ain.com
serverName: CN=srvdc1,CN=Servers,CN=Do wntown,CN= Sites,CN=C onfigurati on,DC=mydo main,DC=co m
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional ity: 4
======== End of LDAP query response ========
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/19/2013 15:01:54 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN= Configurat ion,DC=myd omain,DC=c om
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv ers,CN=Dow ntown,CN=S ites,CN=Co nfiguratio n,DC=mydom ain,DC=com
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
configurationNamingContext : CN=Configuration,DC=mydoma in,DC=com
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom ain.com
serverName: CN=srvdc1,CN=Servers,CN=Do wntown,CN= Sites,CN=C onfigurati on,DC=mydo main,DC=co m
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional ity: 4
======== End of LDAP query response ========
UDP port 389 is LISTENING
portqry.exe -n srvdc1.mydomain.com -e 389 -p BOTH exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 636 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 636 (ldaps service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 636 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 3268 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 3268 (msft-gc service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 3268...
LDAP query response:
currentdate: 11/19/2013 15:01:54 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN= Configurat ion,DC=myd omain,DC=c om
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv ers,CN=Dow ntown,CN=S ites,CN=Co nfiguratio n,DC=mydom ain,DC=com
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
configurationNamingContext : CN=Configuration,DC=mydoma in,DC=com
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom ain.com
serverName: CN=srvdc1,CN=Servers,CN=Do wntown,CN= Sites,CN=C onfigurati on,DC=mydo main,DC=co m
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional ity: 4
======== End of LDAP query response ========
portqry.exe -n srvdc1.mydomain.com -e 3268 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 3269 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 3269 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 53 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 53 -p BOTH exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 88 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 88 (kerberos service): LISTENING
UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n srvdc1.mydomain.com -e 88 -p BOTH exits with return code 0x00000002.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 445 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 445 (microsoft-ds service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 445 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 137 -p UDP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
UDP port 137 (netbios-ns service): LISTENING or FILTERED
Using ephemeral source port
Attempting NETBIOS adapter status query to UDP port 137...
Server's response: MAC address b8ac6f94eb7e
UDP port: LISTENING
portqry.exe -n srvdc1.mydomain.com -e 137 -p UDP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 138 -p UDP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n srvdc1.mydomain.com -e 138 -p UDP exits with return code 0x00000002.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 139 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 139 (netbios-ssn service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 139 -p TCP exits with return code 0x00000000.
========================== ========== =========
Starting portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP exits with return code 0x00000001.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 135 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 135 (epmap service): LISTENING
Using ephemeral source port
Querying Endpoint Mapper Database...
Server's response:
UUID: d95afe70-a6d5-4259-822e-2c
ncacn_ip_tcp:10.60.0.33[49
UUID: 76f226c3-ec14-4325-8a99-6a
ncalrpc:[WMsgKRpc01E1B1389
UUID: 12e65dd8-887f-41ef-91bf-8d
ncalrpc:[WMsgKRpc01E1B1389
UUID: 906b0ce0-c70b-1067-b317-00
ncalrpc:[LRPC-c6577f35a7f7
UUID: 906b0ce0-c70b-1067-b317-00
ncalrpc:[LRPC-c6577f35a7f7
UUID: 906b0ce0-c70b-1067-b317-00
ncalrpc:[LRPC-c6577f35a7f7
UUID: 906b0ce0-c70b-1067-b317-00
ncalrpc:[LRPC-c6577f35a7f7
UUID: 6b5bdd1e-528c-422c-af8c-a4
ncacn_ip_tcp:10.60.0.33[53
UUID: 12345678-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[53
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[LRPC-2186494185e9
UUID: 367abb81-9844-35f1-ad32-98
ncacn_ip_tcp:10.60.0.33[53
UUID: 50abc2a4-574d-40b3-9d66-ee
ncacn_ip_tcp:10.60.0.33[55
UUID: f5cc59b4-4264-101a-8c59-08
ncalrpc:[OLE9D25B482533242
UUID: f5cc59b4-4264-101a-8c59-08
ncacn_ip_tcp:10.60.0.33[55
UUID: f5cc59b4-4264-101a-8c59-08
ncalrpc:[LRPC-39642e714fab
UUID: d049b186-814f-11d1-9a3c-00
ncalrpc:[OLE9D25B482533242
UUID: d049b186-814f-11d1-9a3c-00
ncacn_ip_tcp:10.60.0.33[55
UUID: d049b186-814f-11d1-9a3c-00
ncalrpc:[LRPC-39642e714fab
UUID: a00c021c-2be2-11d2-b678-00
ncalrpc:[OLE9D25B482533242
UUID: a00c021c-2be2-11d2-b678-00
ncacn_ip_tcp:10.60.0.33[55
UUID: a00c021c-2be2-11d2-b678-00
ncalrpc:[LRPC-39642e714fab
UUID: 6bffd098-a112-3610-9833-46
ncalrpc:[OLE4080869A591A47
UUID: 6bffd098-a112-3610-9833-46
ncacn_ip_tcp:10.60.0.33[55
UUID: 5b821720-f63b-11d0-aad2-00
ncalrpc:[OLE4080869A591A47
UUID: 5b821720-f63b-11d0-aad2-00
ncacn_ip_tcp:10.60.0.33[55
UUID: 91ae6020-9e3c-11cf-8d7c-00
ncalrpc:[OLEF0069B14502A4F
UUID: 91ae6020-9e3c-11cf-8d7c-00
ncacn_np:\\\\srvdc1[\\pipe
UUID: 91ae6020-9e3c-11cf-8d7c-00
ncacn_ip_tcp:10.60.0.33[55
UUID: 76f03f96-cdfd-44fc-a22c-64
ncacn_np:\\\\srvdc1[\\pipe
UUID: 76f03f96-cdfd-44fc-a22c-64
ncacn_ip_tcp:10.60.0.33[55
UUID: ae33069b-a2a8-46ee-a235-dd
ncacn_np:\\\\srvdc1[\\pipe
UUID: ae33069b-a2a8-46ee-a235-dd
ncacn_ip_tcp:10.60.0.33[55
UUID: ae33069b-a2a8-46ee-a235-dd
ncalrpc:[spoolss]
UUID: 0b6edbfa-4a24-4fc6-8a23-94
ncacn_np:\\\\srvdc1[\\pipe
UUID: 0b6edbfa-4a24-4fc6-8a23-94
ncacn_ip_tcp:10.60.0.33[55
UUID: 0b6edbfa-4a24-4fc6-8a23-94
ncalrpc:[spoolss]
UUID: 4a452661-8290-4b36-8fbe-7f
ncacn_np:\\\\srvdc1[\\pipe
UUID: 4a452661-8290-4b36-8fbe-7f
ncacn_ip_tcp:10.60.0.33[55
UUID: 4a452661-8290-4b36-8fbe-7f
ncalrpc:[spoolss]
UUID: dd490425-5325-4565-b774-7e
ncalrpc:[LRPC-5e576e15949d
UUID: 7f9d11bf-7fb9-436b-a812-b2
ncalrpc:[LRPC-5e576e15949d
UUID: 2fb92682-6599-42dc-ae13-bd
ncalrpc:[LRPC-5e576e15949d
UUID: 1bddb2a6-c0c3-41be-8703-dd
ncalrpc:[LRPC-9085d185686e
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[LRPC-9085d185686e
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncacn_np:\\\\srvdc1[\\pipe
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[LRPC-d7a89f3643d0
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[audit]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[securityevent]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[LSARPC_ENDPOINT]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[lsapolicylookup]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[lsasspirpc]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[protected_storage
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncacn_np:\\\\srvdc1[\\PIPE
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[dsrole]
UUID: b25a52bf-e5dd-4f4a-aea6-8c
ncalrpc:[samss lpc]
UUID: e3514235-4b06-11d1-ab04-00
ncacn_np:\\\\srvdc1[\\pipe
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[LRPC-d7a89f3643d0
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[audit]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[securityevent]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[LSARPC_ENDPOINT]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[lsapolicylookup]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[lsasspirpc]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[protected_storage
UUID: e3514235-4b06-11d1-ab04-00
ncacn_np:\\\\srvdc1[\\PIPE
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[dsrole]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[samss lpc]
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[OLE00BC171B4B964A
UUID: e3514235-4b06-11d1-ab04-00
ncacn_ip_tcp:10.60.0.33[49
UUID: e3514235-4b06-11d1-ab04-00
ncalrpc:[NTDS_LPC]
UUID: e3514235-4b06-11d1-ab04-00
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\pipe
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[LRPC-d7a89f3643d0
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[audit]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[securityevent]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[lsapolicylookup]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[lsasspirpc]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[protected_storage
UUID: 12345778-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[dsrole]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[samss lpc]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[OLE00BC171B4B964A
UUID: 12345778-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[NTDS_LPC]
UUID: 12345778-1234-abcd-ef00-01
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: f5cc5a18-4264-101a-8c59-08
ncacn_np:\\\\srvdc1[\\pipe
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[LRPC-d7a89f3643d0
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[audit]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[securityevent]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[LSARPC_ENDPOINT]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[lsapolicylookup]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[lsasspirpc]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[protected_storage
UUID: f5cc5a18-4264-101a-8c59-08
ncacn_np:\\\\srvdc1[\\PIPE
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[dsrole]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[samss lpc]
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[OLE00BC171B4B964A
UUID: f5cc5a18-4264-101a-8c59-08
ncacn_ip_tcp:10.60.0.33[49
UUID: f5cc5a18-4264-101a-8c59-08
ncalrpc:[NTDS_LPC]
UUID: f5cc5a18-4264-101a-8c59-08
ncacn_http:10.60.0.33[49157]
UUID: f5cc5a18-4264-101a-8c59-08
ncacn_ip_tcp:10.60.0.33[49
UUID: 12345778-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\pipe
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[LRPC-d7a89f3643d0
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[audit]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[securityevent]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[lsapolicylookup]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[lsasspirpc]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[protected_storage
UUID: 12345778-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[dsrole]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[samss lpc]
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[OLE00BC171B4B964A
UUID: 12345778-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: 12345778-1234-abcd-ef00-01
ncalrpc:[NTDS_LPC]
UUID: 12345778-1234-abcd-ef00-01
ncacn_http:10.60.0.33[49157]
UUID: 12345778-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: 12345678-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\pipe
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[LRPC-d7a89f3643d0
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[audit]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[securityevent]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[LSARPC_ENDPOINT]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[lsapolicylookup]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[lsasspirpc]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[protected_storage
UUID: 12345678-1234-abcd-ef00-01
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[dsrole]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[samss lpc]
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[OLE00BC171B4B964A
UUID: 12345678-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: 12345678-1234-abcd-ef00-01
ncalrpc:[NTDS_LPC]
UUID: 12345678-1234-abcd-ef00-01
ncacn_http:10.60.0.33[49157]
UUID: 12345678-1234-abcd-ef00-01
ncacn_ip_tcp:10.60.0.33[49
UUID: 7ea70bcf-48af-4f6a-8968-6a
ncalrpc:[OLE2D5A74A50F7D4B
UUID: 7ea70bcf-48af-4f6a-8968-6a
ncalrpc:[LRPC-206e33134847
UUID: 3473dd4d-2e88-4006-9cba-22
ncalrpc:[OLE2D5A74A50F7D4B
UUID: 3473dd4d-2e88-4006-9cba-22
ncalrpc:[LRPC-206e33134847
UUID: 3473dd4d-2e88-4006-9cba-22
ncalrpc:[W32TIME_ALT]
UUID: 3473dd4d-2e88-4006-9cba-22
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 24019106-a203-4642-b88d-82
ncalrpc:[LRPC-a11e4f45d18e
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[IUserProfile2]
UUID: 2eb08e3e-639f-4fba-97b1-14
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[OLE853666A3731B49
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[senssvc]
UUID: 0a74ef1c-41a4-4e06-83ae-dc
ncalrpc:[IUserProfile2]
UUID: 0a74ef1c-41a4-4e06-83ae-dc
ncalrpc:[OLE853666A3731B49
UUID: 0a74ef1c-41a4-4e06-83ae-dc
ncalrpc:[senssvc]
UUID: 1ff70682-0a51-30e8-076d-74
ncalrpc:[IUserProfile2]
UUID: 1ff70682-0a51-30e8-076d-74
ncalrpc:[OLE853666A3731B49
UUID: 1ff70682-0a51-30e8-076d-74
ncalrpc:[senssvc]
UUID: 1ff70682-0a51-30e8-076d-74
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 378e52b0-c0a9-11cf-822d-00
ncalrpc:[IUserProfile2]
UUID: 378e52b0-c0a9-11cf-822d-00
ncalrpc:[OLE853666A3731B49
UUID: 378e52b0-c0a9-11cf-822d-00
ncalrpc:[senssvc]
UUID: 378e52b0-c0a9-11cf-822d-00
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 86d35949-83c9-4044-b424-db
ncalrpc:[IUserProfile2]
UUID: 86d35949-83c9-4044-b424-db
ncalrpc:[OLE853666A3731B49
UUID: 86d35949-83c9-4044-b424-db
ncalrpc:[senssvc]
UUID: 86d35949-83c9-4044-b424-db
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 86d35949-83c9-4044-b424-db
ncacn_ip_tcp:10.60.0.33[49
UUID: 98716d03-89ac-44c7-bb8c-28
ncalrpc:[IUserProfile2]
UUID: 98716d03-89ac-44c7-bb8c-28
ncalrpc:[OLE853666A3731B49
UUID: 98716d03-89ac-44c7-bb8c-28
ncalrpc:[senssvc]
UUID: 98716d03-89ac-44c7-bb8c-28
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 98716d03-89ac-44c7-bb8c-28
ncacn_ip_tcp:10.60.0.33[49
UUID: a398e520-d59a-4bdd-aa7a-3c
ncalrpc:[IUserProfile2]
UUID: a398e520-d59a-4bdd-aa7a-3c
ncalrpc:[OLE853666A3731B49
UUID: a398e520-d59a-4bdd-aa7a-3c
ncalrpc:[senssvc]
UUID: a398e520-d59a-4bdd-aa7a-3c
ncacn_np:\\\\srvdc1[\\PIPE
UUID: a398e520-d59a-4bdd-aa7a-3c
ncacn_ip_tcp:10.60.0.33[49
UUID: a398e520-d59a-4bdd-aa7a-3c
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 552d076a-cb29-4e44-8b6a-d1
ncalrpc:[IUserProfile2]
UUID: 552d076a-cb29-4e44-8b6a-d1
ncalrpc:[OLE853666A3731B49
UUID: 552d076a-cb29-4e44-8b6a-d1
ncalrpc:[senssvc]
UUID: 552d076a-cb29-4e44-8b6a-d1
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 552d076a-cb29-4e44-8b6a-d1
ncacn_ip_tcp:10.60.0.33[49
UUID: 552d076a-cb29-4e44-8b6a-d1
ncacn_np:\\\\srvdc1[\\PIPE
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[IUserProfile2]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[OLE853666A3731B49
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[senssvc]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncacn_np:\\\\srvdc1[\\PIPE
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncacn_ip_tcp:10.60.0.33[49
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 30b044a5-a225-43f0-b3a4-e0
ncalrpc:[IUserProfile2]
UUID: 30b044a5-a225-43f0-b3a4-e0
ncalrpc:[OLE853666A3731B49
UUID: 30b044a5-a225-43f0-b3a4-e0
ncalrpc:[senssvc]
UUID: 30b044a5-a225-43f0-b3a4-e0
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 30b044a5-a225-43f0-b3a4-e0
ncacn_ip_tcp:10.60.0.33[49
UUID: 30b044a5-a225-43f0-b3a4-e0
ncacn_np:\\\\srvdc1[\\PIPE
UUID: f6beaff7-1e19-4fbb-9f8f-b8
ncalrpc:[eventlog]
UUID: f6beaff7-1e19-4fbb-9f8f-b8
ncacn_np:\\\\srvdc1[\\pipe
UUID: f6beaff7-1e19-4fbb-9f8f-b8
ncacn_ip_tcp:10.60.0.33[49
UUID: 30adc50c-5cbc-46ce-9a0e-91
ncalrpc:[eventlog]
UUID: 30adc50c-5cbc-46ce-9a0e-91
ncacn_np:\\\\srvdc1[\\pipe
UUID: 30adc50c-5cbc-46ce-9a0e-91
ncacn_ip_tcp:10.60.0.33[49
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncalrpc:[eventlog]
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncacn_np:\\\\srvdc1[\\pipe
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncacn_ip_tcp:10.60.0.33[49
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncalrpc:[dhcpcsvc6]
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncalrpc:[eventlog]
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncacn_np:\\\\srvdc1[\\pipe
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncacn_ip_tcp:10.60.0.33[49
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncalrpc:[dhcpcsvc6]
UUID: 3c4728c5-f0ab-448b-bda1-6c
ncalrpc:[dhcpcsvc]
UUID: 76f226c3-ec14-4325-8a99-6a
ncalrpc:[WMsgKRpc081441]
UUID: c9ac6db5-82b7-4e55-ae8a-e4
ncalrpc:[LRPC-4a77474b7444
UUID: 76f226c3-ec14-4325-8a99-6a
ncalrpc:[WMsgKRpc07CB80]
UUID: 76f226c3-ec14-4325-8a99-6a
ncacn_np:\\\\srvdc1[\\PIPE
UUID: 76f226c3-ec14-4325-8a99-6a
ncalrpc:[WindowsShutdown]
UUID: d95afe70-a6d5-4259-822e-2c
ncalrpc:[WMsgKRpc07CB80]
UUID: d95afe70-a6d5-4259-822e-2c
ncacn_np:\\\\srvdc1[\\PIPE
UUID: d95afe70-a6d5-4259-822e-2c
ncalrpc:[WindowsShutdown]
Total endpoints found: 215
==== End of RPC Endpoint Mapper query response ====
portqry.exe -n srvdc1.mydomain.com -e 135 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 389 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 389 (ldap service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 389...
LDAP query response:
currentdate: 11/19/2013 15:01:50 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration
configurationNamingContext
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom
serverName: CN=srvdc1,CN=Servers,CN=Do
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional
======== End of LDAP query response ========
UDP port 389 (unknown service): LISTENING or FILTERED
Using ephemeral source port
Sending LDAP query to UDP port 389...
LDAP query response:
currentdate: 11/19/2013 15:01:54 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration
configurationNamingContext
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom
serverName: CN=srvdc1,CN=Servers,CN=Do
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional
======== End of LDAP query response ========
UDP port 389 is LISTENING
portqry.exe -n srvdc1.mydomain.com -e 389 -p BOTH exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 636 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 636 (ldaps service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 636 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 3268 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 3268 (msft-gc service): LISTENING
Using ephemeral source port
Sending LDAP query to TCP port 3268...
LDAP query response:
currentdate: 11/19/2013 15:01:54 (unadjusted GMT)
subschemaSubentry: CN=Aggregate,CN=Schema,CN=
dsServiceName: CN=NTDS Settings,CN=srvdc1,CN=Serv
namingContexts: DC=mydomain,DC=com
defaultNamingContext: DC=mydomain,DC=com
schemaNamingContext: CN=Schema,CN=Configuration
configurationNamingContext
rootDomainNamingContext: DC=mydomain,DC=com
supportedControl: 1.2.840.113556.1.4.319
supportedLDAPVersion: 3
supportedLDAPPolicies: MaxPoolThreads
highestCommittedUSN: 25364149
supportedSASLMechanisms: GSSAPI
dnsHostName: srvdc1.mydomain.com
ldapServiceName: mydomain.com:srvdc1$@mydom
serverName: CN=srvdc1,CN=Servers,CN=Do
supportedCapabilities: 1.2.840.113556.1.4.800
isSynchronized: TRUE
isGlobalCatalogReady: TRUE
domainFunctionality: 2
forestFunctionality: 0
domainControllerFunctional
======== End of LDAP query response ========
portqry.exe -n srvdc1.mydomain.com -e 3268 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 3269 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 3269 (msft-gc-ssl service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 3269 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 53 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 53 (domain service): LISTENING
UDP port 53 (domain service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 53 -p BOTH exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 88 -p BOTH ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 88 (kerberos service): LISTENING
UDP port 88 (kerberos service): LISTENING or FILTERED
portqry.exe -n srvdc1.mydomain.com -e 88 -p BOTH exits with return code 0x00000002.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 445 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 445 (microsoft-ds service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 445 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 137 -p UDP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
UDP port 137 (netbios-ns service): LISTENING or FILTERED
Using ephemeral source port
Attempting NETBIOS adapter status query to UDP port 137...
Server's response: MAC address b8ac6f94eb7e
UDP port: LISTENING
portqry.exe -n srvdc1.mydomain.com -e 137 -p UDP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 138 -p UDP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
UDP port 138 (netbios-dgm service): LISTENING or FILTERED
portqry.exe -n srvdc1.mydomain.com -e 138 -p UDP exits with return code 0x00000002.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 139 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 139 (netbios-ssn service): LISTENING
portqry.exe -n srvdc1.mydomain.com -e 139 -p TCP exits with return code 0x00000000.
==========================
Starting portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP ...
Querying target system called:
srvdc1.mydomain.com
Attempting to resolve name to IP address...
Name resolved to 10.60.0.33
querying...
TCP port 42 (nameserver service): NOT LISTENING
portqry.exe -n srvdc1.mydomain.com -e 42 -p TCP exits with return code 0x00000001.
PortQuery results are satisfactory
Please check if you have reverse lookup zones of both domain controller IP subnet vice versa
if not please create them at both domains and create PTR records as well
then again flush dns cache at both side and try recreating trust please
Thanks
Please check if you have reverse lookup zones of both domain controller IP subnet vice versa
if not please create them at both domains and create PTR records as well
then again flush dns cache at both side and try recreating trust please
Thanks
ASKER
Yes, I have pointer records in the reverse lookup zone in each DC going both ways. I can attach screen shot if needed
If you haven't already done so you may want to review the Microsft Trust Check-list
http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
http://technet.microsoft.com/en-us/library/cc756852%28WS.10%29.aspx
ASKER
I have been over this checklist a few times. All is well in tasks 1 and 2. In step 3, this is the scenario we are dealing with.
If there is no shared root DNS server, and the root DNS servers for each forest DNS
namespace are not running a member of the Windows Server 2003 family, configure DNS
secondary zones in each DNS namespace to route queries for names in the other
namespace.
Both domains are their own forest at this point with the function level being 2003 on both. I was able to trust one of these domains with a different domain just last week. There must be a reason why it won't work with this particular domain.
If there is no shared root DNS server, and the root DNS servers for each forest DNS
namespace are not running a member of the Windows Server 2003 family, configure DNS
secondary zones in each DNS namespace to route queries for names in the other
namespace.
Both domains are their own forest at this point with the function level being 2003 on both. I was able to trust one of these domains with a different domain just last week. There must be a reason why it won't work with this particular domain.
make sure all network ports are open between you domain and the remote domain as linked in the following article:
http://support.microsoft.com/kb/179442#method3
On a side note, I thought this article was interest as well.
http://blogs.msmvps.com/acefekay/2012/09/18/what-should-i-use-a-stub-conditional-forwader-forwarder-or-secondary-zone/
http://support.microsoft.com/kb/179442#method3
On a side note, I thought this article was interest as well.
http://blogs.msmvps.com/acefekay/2012/09/18/what-should-i-use-a-stub-conditional-forwader-forwarder-or-secondary-zone/
ASKER
Thanks. The firewalls on both DCs are disabled in each domain. I notice that the DC running 2008 already has a conditional forwarders section. Whereas, the 2003 server does not. Is that something that must be added manually?
Windows 2003 does not understand 2008 conditional forwarder.....
In 2003 servers, you need to add conditional forwarder through DNS server properties \ Forwarders tab
In forwarder tab, you need to type your specific domain FQDN and its DNS server IP where you want to forward query for that domain
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
http://www.techrepublic.com/article/step-by-step-standard-and-conditional-forwarding-in-windows-2003-dns/
Thanks
In 2003 servers, you need to add conditional forwarder through DNS server properties \ Forwarders tab
In forwarder tab, you need to type your specific domain FQDN and its DNS server IP where you want to forward query for that domain
http://www.windowsnetworking.com/articles-tutorials/windows-2003/DNS_Conditional_Forwarding_in_Windows_Server_2003.html
http://www.techrepublic.com/article/step-by-step-standard-and-conditional-forwarding-in-windows-2003-dns/
Thanks
I know you mentioned the Windows firewall was disabled on both servers but it there a hardware firewall in-between both domains?
The portQueryUI output is correct
Even if hardware firewall exists between both domains, ports are already opended....
Thanks
Even if hardware firewall exists between both domains, ports are already opended....
Thanks
Have you tried to run a dcidag in both domains?
Also the following my provide you with additional troubleshooting ideas:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/9b5eb682-0ec4-4975-8b52-3c756f84edbe/create-a-trust-between-windows-2003-and-windows-2008-r2
Also the following my provide you with additional troubleshooting ideas:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/9b5eb682-0ec4-4975-8b52-3c756f84edbe/create-a-trust-between-windows-2003-and-windows-2008-r2
ASKER
Here are the results from running dcdiag. I see some errors, but the odd thing is that the server that it is looking for (SRVDC2-ED) no longer exists in our network. Also, this domain is already trusted with 2 others.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SR VDC1-ED
Starting test: Connectivity
......................... SRVDC1-ED passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SR VDC1-ED
Starting test: Replications
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=ForestDnsZones,DC=mydom ain,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-04-29 11:45:10.
4924 failures have occurred since the last success.
[SRVDC2-ED] DsBindWithSpnEx() failed with error 1727,
The remote procedure call failed and did not execute..
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=ForestDnsZones,DC=mydom ain,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191823 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=DomainDnsZones,DC=mydom ain,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:07.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=DomainDnsZones,DC=mydom ain,DC=com
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191823 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-04-29 11:45:10.
4924 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191798 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Configuration,DC=mydoma in,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:04.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Configuration,DC=mydoma in,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191815 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=mydomain,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:27.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=mydomain,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:09.
191776 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
SRVDC1-ED: Current time is 2013-11-20 14:59:16.
DC=ForestDnsZones,DC=mydom ain,DC=com
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=mydom ain,DC=com
Last replication recieved from SRVDC2-ED at 2013-05-08 11:53:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=mydoma in,DC=com
Last replication recieved from SRVDC2-ED at 2013-05-08 11:50:34.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:09.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=mydomain,DC=com
Last replication recieved from SRVDC2-ED at 2013-05-08 11:53:27.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:08.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... SRVDC1-ED passed test Replications
Starting test: NCSecDesc
......................... SRVDC1-ED passed test NCSecDesc
Starting test: NetLogons
......................... SRVDC1-ED passed test NetLogons
Starting test: Advertising
......................... SRVDC1-ED passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRVDC1-ED passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRVDC1-ED passed test RidManager
Starting test: MachineAccount
......................... SRVDC1-ED passed test MachineAccount
Starting test: Services
......................... SRVDC1-ED passed test Services
Starting test: ObjectsReplicated
......................... SRVDC1-ED passed test ObjectsReplicated
Starting test: frssysvol
......................... SRVDC1-ED passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group
Policy problems.
......................... SRVDC1-ED failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
......................... SRVDC1-ED failed test kccevent
Starting test: systemlog
......................... SRVDC1-ED passed test systemlog
Starting test: VerifyReferences
......................... SRVDC1-ED passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed test FsmoCheck
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SR
Starting test: Connectivity
......................... SRVDC1-ED passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SR
Starting test: Replications
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=ForestDnsZones,DC=mydom
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-04-29 11:45:10.
4924 failures have occurred since the last success.
[SRVDC2-ED] DsBindWithSpnEx() failed with error 1727,
The remote procedure call failed and did not execute..
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=ForestDnsZones,DC=mydom
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191823 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=DomainDnsZones,DC=mydom
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:07.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=DomainDnsZones,DC=mydom
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191823 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-04-29 11:45:10.
4924 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191798 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Configuration,DC=mydoma
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:04.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: CN=Configuration,DC=mydoma
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:10.
191815 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=mydomain,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2013-05-08 11:53:27.
4708 failures have occurred since the last success.
[Replications Check,SRVDC1-ED] A recent replication attempt failed:
From SRVDC2-ED to SRVDC1-ED
Naming Context: DC=mydomain,DC=com
The replication generated an error (1727):
The remote procedure call failed and did not execute.
The failure occurred at 2013-11-20 14:47:08.
The last success occurred at 2008-05-31 07:54:09.
191776 failures have occurred since the last success.
REPLICATION-RECEIVED LATENCY WARNING
SRVDC1-ED: Current time is 2013-11-20 14:59:16.
DC=ForestDnsZones,DC=mydom
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=mydom
Last replication recieved from SRVDC2-ED at 2013-05-08 11:53:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=mydoma
Last replication recieved from SRVDC2-ED at 2013-05-08 11:50:34.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:09.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=mydomain,DC=com
Last replication recieved from SRVDC2-ED at 2013-05-08 11:53:27.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:08.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... SRVDC1-ED passed test Replications
Starting test: NCSecDesc
......................... SRVDC1-ED passed test NCSecDesc
Starting test: NetLogons
......................... SRVDC1-ED passed test NetLogons
Starting test: Advertising
......................... SRVDC1-ED passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SRVDC1-ED passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SRVDC1-ED passed test RidManager
Starting test: MachineAccount
......................... SRVDC1-ED passed test MachineAccount
Starting test: Services
......................... SRVDC1-ED passed test Services
Starting test: ObjectsReplicated
......................... SRVDC1-ED passed test ObjectsReplicated
Starting test: frssysvol
......................... SRVDC1-ED passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group
Policy problems.
......................... SRVDC1-ED failed test frsevent
Starting test: kccevent
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
An Warning Event occured. EventID: 0x8000061E
Time Generated: 11/20/2013 14:51:18
Event String: All domain controllers in the following site that
An Error Event occured. EventID: 0xC000051F
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 11/20/2013 14:51:18
Event String: The Knowledge Consistency Checker (KCC) was
......................... SRVDC1-ED failed test kccevent
Starting test: systemlog
......................... SRVDC1-ED passed test systemlog
Starting test: VerifyReferences
......................... SRVDC1-ED passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed test FsmoCheck
If the server no longer exists, it should be manually removed from AD but this is a side point right now.
1) Conditional forwards in place in both domains.
2) A firewall (software/hardware) is not blocking communicates in either domain.
3) Is the remote domain able to trust your domain?
4) Can you post the result of the following:
Configuring Conditional Forward DNS in windows server 2008.
Try the these steps:
(1) Type nslookup, and then press ENTER.
(2) Type set type=all, and then press ENTER.
(3) Type _ldap._tcp.dc. _msdcs .trusting.domain.com and then press ENTER.
(4) Type _ldap._tcp.dc._msdcs.trust ed.domain. com and then press ENTER.
1) Conditional forwards in place in both domains.
2) A firewall (software/hardware) is not blocking communicates in either domain.
3) Is the remote domain able to trust your domain?
4) Can you post the result of the following:
Configuring Conditional Forward DNS in windows server 2008.
Try the these steps:
(1) Type nslookup, and then press ENTER.
(2) Type set type=all, and then press ENTER.
(3) Type _ldap._tcp.dc. _msdcs .trusting.domain.com and then press ENTER.
(4) Type _ldap._tcp.dc._msdcs.trust
ASKER
Odd. I ran these commands on the 2008DC in domain B.... why does nslookup use a different DNS server in the domain instead of itself (which I believe is the authoritative DNS server)?
C:\>nslookup
Default Server: srvhp1-ofy.2003DC-IN-DOMAI N-B.com
Address: 10.60.0.70
> _ldap._tcp.dc._mcds.srvdc1 -ed.2003DC -IN-DOMAIN -A.com
Server: srvhp1-ofy.2003DC-IN-DOMAI N-B.com
Address: 10.60.0.70
*** srvhp1-ofy.2003DC-IN-DOMAI N-B.com can't find _ldap._tcp.dc._mcds.srvdc1 -ed.2003DC -IN-DOMAIN -A.com: Non-existent domain
> _ldap._tcp.dc._mcds.srvdc1 -ofy.2008D C-IN-DOMAI N-B.com
Server: srvhp1-ofy.2003DC-IN-DOMAI N-B.com
Address: 10.60.0.70
*** srvhp1-ofy.2003DC-IN-DOMAI N-B.com can't find _ldap._tcp.dc._mcds.srvdc1 -ofy.2008D C-IN-DOMAI N-B.com: Non-existent domain
>
C:\>nslookup
Default Server: srvhp1-ofy.2003DC-IN-DOMAI
Address: 10.60.0.70
> _ldap._tcp.dc._mcds.srvdc1
Server: srvhp1-ofy.2003DC-IN-DOMAI
Address: 10.60.0.70
*** srvhp1-ofy.2003DC-IN-DOMAI
> _ldap._tcp.dc._mcds.srvdc1
Server: srvhp1-ofy.2003DC-IN-DOMAI
Address: 10.60.0.70
*** srvhp1-ofy.2003DC-IN-DOMAI
>
thats why event after creating _msdcs.domain.com secondary zone, you are facing issues.
Please find below article
http://technet.microsoft.com/en-us/library/cc738991(v=ws.10).aspx
I think you will be fine once you corrected stale DNS server entry....
Thanks
Please find below article
http://technet.microsoft.com/en-us/library/cc738991(v=ws.10).aspx
I think you will be fine once you corrected stale DNS server entry....
Thanks
ASKER
will post back results
ASKER
Here are the results. How do I get rid of DC2? Also, files-ed is not a DC.
C:\Documents and Settings\user>nslookup
Default Server: srvdc1-ed.mydomain.com
Address: 10.10.0.30
> set q=srv
> _ldap._tcp.dc._msdcs.mydom ain.com
Server: srvdc1-ed.mydomain.com
Address: 10.10.0.30
_ldap._tcp.dc._msdcs.mydom ain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = srvdc2-ed.mydomain.com
_ldap._tcp.dc._msdcs.mydom ain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = srvdc1-ed.mydomain.com
_ldap._tcp.dc._msdcs.mydom ain.com SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = srvfiles-ed.mydomain.com
srvdc2-ed.mydomain.com internet address = 10.10.0.201
srvdc2-ed.mydomain.com internet address = 10.10.0.31
srvdc1-ed.mydomain.com internet address = 10.10.0.30
srvfiles-ed.mydomain.com internet address = 10.80.0.106
C:\Documents and Settings\user>nslookup
Default Server: srvdc1-ed.mydomain.com
Address: 10.10.0.30
> set q=srv
> _ldap._tcp.dc._msdcs.mydom
Server: srvdc1-ed.mydomain.com
Address: 10.10.0.30
_ldap._tcp.dc._msdcs.mydom
priority = 0
weight = 100
port = 389
svr hostname = srvdc2-ed.mydomain.com
_ldap._tcp.dc._msdcs.mydom
priority = 0
weight = 100
port = 389
svr hostname = srvdc1-ed.mydomain.com
_ldap._tcp.dc._msdcs.mydom
priority = 0
weight = 100
port = 389
svr hostname = srvfiles-ed.mydomain.com
srvdc2-ed.mydomain.com internet address = 10.10.0.201
srvdc2-ed.mydomain.com internet address = 10.10.0.31
srvdc1-ed.mydomain.com internet address = 10.10.0.30
srvfiles-ed.mydomain.com internet address = 10.80.0.106
have you checked srv records in all DNS partitions ?
_msdcs
_sites
_tcp
_udp
Also there are two records showing for srvdc2.....
I think you can better check netlogon.dns file
Netlogon.dns is located in the %systemroot%\System32\Conf ig
http://technet.microsoft.com/en-us/library/cc738991(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb727055.aspx
Mahesh
_msdcs
_sites
_tcp
_udp
Also there are two records showing for srvdc2.....
I think you can better check netlogon.dns file
Netlogon.dns is located in the %systemroot%\System32\Conf
http://technet.microsoft.com/en-us/library/cc738991(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/bb727055.aspx
Mahesh
Do you have admin access in 2003 domain?
Is AD working correctly in this domain?
Can you upload the result of the following in the 2003 domain : dcdiag /v /e C;\dcdiag_2k3.txt
Is AD working correctly in this domain?
Can you upload the result of the following in the 2003 domain : dcdiag /v /e C;\dcdiag_2k3.txt
ASKER
Yes, I am logged in with a user account in the 'domain admins' group. Attached are the results. I had to add the /f switch to create the logfile
dcdiag-2k3-.txt
dcdiag-2k3-.txt
ASKER
Mahesh - I have attached the contents of the netlogon.dns file
netlogon.dns-.txt
netlogon.dns-.txt
Interestsing, If DC2 is no longer online it should manually be removed from AD and all DNS records removed. I did notice replications errors as well..
Anyway have you tried to create a trust going from 2003 domain to 2008 ?
Anyway have you tried to create a trust going from 2003 domain to 2008 ?
ASKER
Yes. I have tried from either domain to initiate the trust. This domain already has trusts with two other domains, so it's odd that it won't work now. I created the 2nd of the trusts just a couple of weeks ago too.
Has anything changed in the Windows 2003 domain since you created the last trust?
What OS are the other domains running?
What OS are the other domains running?
ASKER
Nothing has changed that I can think of. The DCs in both of those other domains are 2008.
Are they running 2008 R2? How long on DC2 been offline?
ASKER
Sorry, I type-o'd the last comment. I meant to type that both DCs are 2003 server. This new trust that I want to create is a 2008 DC
DC2 has been offline for over 1 year
DC2 has been offline for over 1 year
interesting for kick on your source domain you mentioned that you had a second DC running 2003 have you tried to setup the trust from the 2003 DC???
ASKER
I have not tried that. Let me try now
ASKER
No joy. Same errors
Hum..
1) Are you sure nothing has changed in the 2003 domain? CAn you upload a screen shot of the DNS settings on records.
2) An error in the windows 2003 event logs?
3) Is AV running on the 2003 server
4) Try to create a new stand-alone 2008 DC running a new instance of a domain & forest and try to add it to the 2003 domain
1) Are you sure nothing has changed in the 2003 domain? CAn you upload a screen shot of the DNS settings on records.
2) An error in the windows 2003 event logs?
3) Is AV running on the 2003 server
4) Try to create a new stand-alone 2008 DC running a new instance of a domain & forest and try to add it to the 2003 domain
ASKER
I will work on this and post back
netlogon.dns seems to be perfect for DC1..
In dcdiag output there are some entries for SRVFILES and failed entries for DC2 as below.
" Testing server: Default-First-Site-Name\SRVFILES-ED
Starting test: Replications
* Replications Check
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
SRVFILES-ED: Current time is 2013-11-21 14:44:49.
CN=Schema,CN=Configuration ,DC=mydoma in,DC=com
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiable
I suggest you to check for DC2 metadata cleanup......and also for lingering objects in advisory mode first....may be some hidden issues will get resolve with them
http://technet.microsoft.com/en-us/library/cc785298(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc738018(v=ws.10).aspx
You said that SRVFILE is not a DC...........Can you please logon to this server with domain admins account and check if sysvol and netlogon are shared.......and DNS server status..may be dns is not installed on that..you can install DNS and check if domain DNS zone gets populated there...
Mahesh
In dcdiag output there are some entries for SRVFILES and failed entries for DC2 as below.
" Testing server: Default-First-Site-Name\SRVFILES-ED
Starting test: Replications
* Replications Check
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
SRVFILES-ED: Current time is 2013-11-21 14:44:49.
CN=Schema,CN=Configuration
Last replication recieved from SRVDC2-ED at 2013-04-29 11:45:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from SRVDC2-ED at 2008-05-31 07:54:10.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiable
I suggest you to check for DC2 metadata cleanup......and also for lingering objects in advisory mode first....may be some hidden issues will get resolve with them
http://technet.microsoft.com/en-us/library/cc785298(v=ws.10).aspx
http://technet.microsoft.com/en-us/library/cc738018(v=ws.10).aspx
You said that SRVFILE is not a DC...........Can you please logon to this server with domain admins account and check if sysvol and netlogon are shared.......and DNS server status..may be dns is not installed on that..you can install DNS and check if domain DNS zone gets populated there...
Mahesh
ASKER
I logged into SRVFILES-ED and I can see that NETLOGON and SYSVOL are shared. DNS server is not installed on this server, nor do I want it to be.
Was AD ever installed on SRVFiles-ED? If so you should do a manual clean up of this domain. It sould like there are a number of DC that have been remove inproperly.
http://support.microsoft.com/kb/216498
Can you send a screen shot of the _msdc DNS foleder from the 2003 domain
http://support.microsoft.com/kb/216498
Can you send a screen shot of the _msdc DNS foleder from the 2003 domain
ASKER
I don't think AD was ever installed on that server. How would I be able to tell?
Where do I find the _msdc DNS folder?
Where do I find the _msdc DNS folder?
You already told that SRVFiles-ED is DC
look your earlier comment
"I logged into SRVFILES-ED and I can see that NETLOGON and SYSVOL are shared. DNS server is not installed on this server, nor do I want it to be"
Install DNS server roll on this server and check if all AD integrated DNS zones will get polulated to this DC like i asked you in my previous comment
this will proove that it is DC
Mahesh
look your earlier comment
"I logged into SRVFILES-ED and I can see that NETLOGON and SYSVOL are shared. DNS server is not installed on this server, nor do I want it to be"
Install DNS server roll on this server and check if all AD integrated DNS zones will get polulated to this DC like i asked you in my previous comment
this will proove that it is DC
Mahesh
ASKER
Maybe that's part of the problem. This server is not supposed to be a DC. I did not know it was. We have never used it as a DC in 6 years that I have been here.
Then as suggested by: compdigit44 you should remove the DC role forcefully from that server
Mahesh
Mahesh
ASKER
i will do that over the weekend and post back.
It sounds like the 2003 AD domain needs a lot of clean up and you should inventory all of your servers to make sure everything is as it should be.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
So, I have started trying to clean up replication and DNS. Come to find out that SRVFILES-ED is indeed and DC. I will post back more results later.
Good luck please let us know if you have any further questions..
ASKER
I am continuing to work on this in my "spare time"
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
Sounds like DNS is setup ok.
Thanks
Mike