q
asked on
subnet not available
Here is the problem, which started a few days ago.
A windows 2003 domain has 9 subnets, 2 DC's.
MOST of the servers are in Subnet A, which so far is reachable from the other subnets except for one, subnet T for Trouble.
There is a secondary DC in subnet B, which is also reachable.
3 servers, including the remote licensing server, are in subnet T and cannot be reached from anywhere, even from within the same subnet. Error logs say no domain controller is available, or the time server cannot be reached.
So far people can logon to the network, but people can no longer use RDS on the server in subnet A because (I think) the remote licensing server which is in subnet T, is out of reach. Error is Access Denied. RDS was working this morning.
I also cannot remote to other servers, except the DC, in subnet A- getting the error "there are no logon servers to access the request" strange because the DC's are both running, Exchange is running.
I can ping, access shares in subnet A from subnet T, but not vice versa.
NSlookup gives correct results from a server in subnet A, but times out in 2 seconds and says server unknown from subnet T. There are PTR records for the DCs in the correct places, but any advice on this is welcome.
I seems like there is no route to subnet T from subnet A, but I don't control the SonicWall firewall. I am attaching a document with the domain firewall policy and a script I recently applied to the workstations ONLY, to make Lansweeper work. I did not apply it to the servers because they were being scanned ok. Before I go back to the people managing the routing, I would appreciate any help I can get on this.
A windows 2003 domain has 9 subnets, 2 DC's.
MOST of the servers are in Subnet A, which so far is reachable from the other subnets except for one, subnet T for Trouble.
There is a secondary DC in subnet B, which is also reachable.
3 servers, including the remote licensing server, are in subnet T and cannot be reached from anywhere, even from within the same subnet. Error logs say no domain controller is available, or the time server cannot be reached.
So far people can logon to the network, but people can no longer use RDS on the server in subnet A because (I think) the remote licensing server which is in subnet T, is out of reach. Error is Access Denied. RDS was working this morning.
I also cannot remote to other servers, except the DC, in subnet A- getting the error "there are no logon servers to access the request" strange because the DC's are both running, Exchange is running.
I can ping, access shares in subnet A from subnet T, but not vice versa.
NSlookup gives correct results from a server in subnet A, but times out in 2 seconds and says server unknown from subnet T. There are PTR records for the DCs in the correct places, but any advice on this is welcome.
I seems like there is no route to subnet T from subnet A, but I don't control the SonicWall firewall. I am attaching a document with the domain firewall policy and a script I recently applied to the workstations ONLY, to make Lansweeper work. I did not apply it to the servers because they were being scanned ok. Before I go back to the people managing the routing, I would appreciate any help I can get on this.
ASKER
Thanks trgrassijr55,
more on this...
exchange says it can't find the DC, but dcdiag and netdiag check out OK.
the time service doesn't stay synched: i made it sync to a external source last night, this morning it's back to ignoring the source. I tweaked some settings according to http://support.microsoft.com/kb/884776
Inside the LAN things are still running, including sharepoint, exchange, shares, mappings..
Correction on a statement above, I can ping subnet T from subnet A so maybe a firewall problem? will ask the routing guys this am
it's only the servers that have the DC cannot be found errors, will check PC's for that and post results
i re-uploaded the file, a pdf, which has my domain firewall settings
exchange says it can't find the DC, but dcdiag and netdiag check out OK.
the time service doesn't stay synched: i made it sync to a external source last night, this morning it's back to ignoring the source. I tweaked some settings according to http://support.microsoft.com/kb/884776
Inside the LAN things are still running, including sharepoint, exchange, shares, mappings..
Correction on a statement above, I can ping subnet T from subnet A so maybe a firewall problem? will ask the routing guys this am
it's only the servers that have the DC cannot be found errors, will check PC's for that and post results
i re-uploaded the file, a pdf, which has my domain firewall settings
ASKER
i still don't see the file so i'm pasting the results:
Network/Network Connections/Windows Firewall/Domain Profile
PolicySetting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from:
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Enabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
PolicySetting
Windows Firewall: Allow local port exceptions Enabled
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and
name:%systemroot%\system32 \LogFiles\ Firewall\p firewall.l og
Size limit (KB):4096
PolicySetting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Network/Network Connections/Windows Firewall/Standard Profile
PolicySetting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Enabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
PolicySetting
Windows Firewall: Allow local port exceptions Enabled
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and
name:%systemroot%\system32 \LogFiles\ Firewall\p firewall.l og
Size limit (KB):4096
PolicySetting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub net,10.3.4 .0/24
PolicySetting
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
here is the script i mentioned above to open ports for Lansweeper, applied to workstations only:
Echo refreshing system policies....... > c:\swss.log
rem gpupdate /force
ipconfig /flushdns
Echo Opening Required Ports, please wait........ >> c:\swss.log
netsh firewall add portopening TCP 135 RPC >> c:\swss.log
netsh firewall add portopening TCP 445 SMB >> c:\swss.log
netsh firewall add portopening UDP 137 NetBIOS >> c:\swss.log
Echo Opening Dynamic Ports for WMI..... >> c:\swss.log
for /l %%i in (1024,1,1030) do netsh firewall add portopening TCP %%i "Dynamic WMI %i"
Echo Setting Firewall Services.......... >> c:\swss.log
netsh firewall set service REMOTEADMIN enable >> c:\swss.log
netsh firewall set service type=upnp mode=enable scope=subnet >> c:\swss.log
Echo Enabling DCOM....... >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ol e /v EnableDCOM /t REG_SZ /d "Y" /f >> c:\swss.log
Echo Configuring DCOM.... >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ol e /v LegacyAuthenticationLevel /t REG_DWORD /d "2" /f >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ol e /v LegacyImpersonationLevel /t REG_DWORD /d "3" /f >> c:\swss.log
Echo Changing Service Startup..... >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\winmgmt \Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\rpcss\S tart=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\rpcloca tor\Start= 2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\remoter egistry\St art=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\wmiapsr v\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\eventsy stem\Start =2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\rasauto \Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl Set\Servic es\lanmanw orkstation \Start=2 /y >> c:\swss.log
Echo Resyncing WMI....... >> c:\swss.log
winmgmt.exe /resyncperf >> c:\swss.log
Echo Initializing restart.......... >> c:\swss.log
rem shutdown /i >> c:\swss.log
Network/Network Connections/Windows Firewall/Domain Profile
PolicySetting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from:
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Enabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
PolicySetting
Windows Firewall: Allow local port exceptions Enabled
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and
name:%systemroot%\system32
Size limit (KB):4096
PolicySetting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Network/Network Connections/Windows Firewall/Standard Profile
PolicySetting
Windows Firewall: Allow file and printer sharing exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Allow ICMP exceptions Enabled
Allow outbound destination unreachable Enabled
Allow outbound source quench Disabled
Allow redirect Disabled
Allow inbound echo request Enabled
Allow inbound router request Disabled
Allow outbound time exceeded Disabled
Allow outbound parameter problem Disabled
Allow inbound timestamp request Disabled
Allow inbound mask request Disabled
Allow outbound packet too big Disabled
PolicySetting
Windows Firewall: Allow local port exceptions Enabled
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow logging Enabled
Log dropped packets Enabled
Log successful connections Enabled
Log file path and
name:%systemroot%\system32
Size limit (KB):4096
PolicySetting
Windows Firewall: Allow remote administration exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Allow Remote Desktop exception Enabled
Allow unsolicited incoming messages from:*
Syntax:
Type "*" to allow messages from any network, or
else type a comma-separated list that contains
any number or combination of these:
IP addresses, such as 10.0.0.1
Subnet descriptions, such as 10.2.3.0/24
The string "localsubnet"
Example: to allow messages from 10.0.0.1,
10.0.0.2, and from any system on the
local subnet or on the 10.3.4.x subnet,
type the following:
10.0.0.1,10.0.0.2,localsub
PolicySetting
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
here is the script i mentioned above to open ports for Lansweeper, applied to workstations only:
Echo refreshing system policies....... > c:\swss.log
rem gpupdate /force
ipconfig /flushdns
Echo Opening Required Ports, please wait........ >> c:\swss.log
netsh firewall add portopening TCP 135 RPC >> c:\swss.log
netsh firewall add portopening TCP 445 SMB >> c:\swss.log
netsh firewall add portopening UDP 137 NetBIOS >> c:\swss.log
Echo Opening Dynamic Ports for WMI..... >> c:\swss.log
for /l %%i in (1024,1,1030) do netsh firewall add portopening TCP %%i "Dynamic WMI %i"
Echo Setting Firewall Services.......... >> c:\swss.log
netsh firewall set service REMOTEADMIN enable >> c:\swss.log
netsh firewall set service type=upnp mode=enable scope=subnet >> c:\swss.log
Echo Enabling DCOM....... >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ol
Echo Configuring DCOM.... >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ol
reg add HKLM\SOFTWARE\Microsoft\Ol
Echo Changing Service Startup..... >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
REG ADD HKLM\SYSTEM\CurrentControl
Echo Resyncing WMI....... >> c:\swss.log
winmgmt.exe /resyncperf >> c:\swss.log
Echo Initializing restart.......... >> c:\swss.log
rem shutdown /i >> c:\swss.log
I still think you have a router problem.
Could be DNS to.
Are all your DC's a Global Catalog? they need to be.
Who owns the FSMO Roles?
How many domains do you have?
Can you post the DCDIAG's and netdiag you ran
Here is a script I run weekly on my network DC's
@echo off
netdiag >dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDNHERE >>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
Post results
Could be DNS to.
Are all your DC's a Global Catalog? they need to be.
Who owns the FSMO Roles?
How many domains do you have?
Can you post the DCDIAG's and netdiag you ran
Here is a script I run weekly on my network DC's
@echo off
netdiag >dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDNHERE >>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt
Post results
ASKER
some answers:
Are all your DC's a Global Catalog? they need to be. yes
How many domains do you have? 1
FSMO info coming shortly
here are the results from your test: and it failed., i see.my .test not was not good enough
.......................... .......... .
Computer Name: JALANI
DNS Host Name: Jalani.xxxxxx.org
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912919
KB914388
KB914389
KB917159
KB917344
KB917422
KB917537
KB917734
KB917953
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922616
KB922760
KB922819
KB923191
KB924191
KB924496
KB925486
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : Jalani
IP Address . . . . . . . . : 192.168.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.10
192.168.0.202
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A1B8D37F-7FA1 -4B51-9D88 -136CB09EA 29B}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A1B8D37F-7FA1 -4B51-9D88 -136CB09EA 29B}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A1B8D37F-7FA1 -4B51-9D88 -136CB09EA 29B}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA LANI
Starting test: Connectivity
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA LANI
Starting test: Replications
......................... JALANI passed test Replications
Starting test: NCSecDesc
......................... JALANI passed test NCSecDesc
Starting test: NetLogons
......................... JALANI passed test NetLogons
Starting test: Advertising
......................... JALANI passed test Advertising
Starting test: KnowsOfRoleHolders
......................... JALANI passed test KnowsOfRoleHolders
Starting test: RidManager
......................... JALANI passed test RidManager
Starting test: MachineAccount
......................... JALANI passed test MachineAccount
Starting test: Services
......................... JALANI passed test Services
Starting test: ObjectsReplicated
......................... JALANI passed test ObjectsReplicated
Starting test: frssysvol
......................... JALANI passed test frssysvol
Starting test: frsevent
......................... JALANI passed test frsevent
Starting test: kccevent
......................... JALANI passed test kccevent
Starting test: systemlog
......................... JALANI passed test systemlog
Starting test: VerifyReferences
......................... JALANI passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
......................... xxxxxx.org passed test FsmoCheck
Starting test: RegisterInDNS
This domain controller cannot register domain controller Locator DNS
records. This is because it cannot locate a DNS server authoritative for
the zone FQDNHERE. This is due to one of the following:
1. One or more DNS servers involved in the name resolution of the
FQDNHERE name are not responding or contain incorrect delegation of the
DNS zones; or
2. The DNS server that this computer is configured with contains
incorrect root hints.
The list of such DNS servers might include the DNS servers with which
this computer is configured for name resolution and the DNS servers
responsible for the following zones: FQDNHERE
Verify the correctness of the specified domain name and contact your
network/DNS administrator to fix the problem.
You can also manually add the records specified in the
%systemroot%\system32\conf ig\netlogo n.dns file.
......................... Jalani failed test RegisterInDNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine Jalani, is a DC.
* Connecting to directory service on server Jalani.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA LANI
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA LANI
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=adcorp ,DC=org
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=adcorp,DC=org
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... JALANI passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration ,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... JALANI passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration ,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... JALANI passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC JALANI.
* Security Permissions Check for
DC=ForestDnsZones,DC=adcor p,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=adcor p,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=adcorp ,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=adcorp,DC=org
(Domain,Version 2)
......................... JALANI passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\JALANI\netlogon
Verified share \\JALANI\sysvol
......................... JALANI passed test NetLogons
Starting test: Advertising
The DC JALANI is advertising itself as a DC and having a DS.
The DC JALANI is advertising as an LDAP server
The DC JALANI is advertising as having a writeable directory
The DC JALANI is advertising as a Key Distribution Center
The DC JALANI is advertising as a time server
The DS JALANI is advertising as a GC.
......................... JALANI passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
......................... JALANI passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13103 to 1073741823
* Jalani.xxxxxx.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 12103 to 12602
* rIDPreviousAllocationPool is 12103 to 12602
* rIDNextRID: 12350
......................... JALANI passed test RidManager
Starting test: MachineAccount
Checking machine account for DC JALANI on DC JALANI.
* SPN found :LDAP/Jalani.xxxxxx.org/xx xxxx.org
* SPN found :LDAP/Jalani.xxxxxx.org
* SPN found :LDAP/JALANI
* SPN found :LDAP/Jalani.xxxxxx.org/AB YSSINIAN
* SPN found :LDAP/1fc261cc-92be-4841-a ba2-00faa8 7d7a21._ms dcs.xxxxxx .org
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1fc261cc -92be-4841 -aba2-00fa a87d7a21/x xxxxx.org
* SPN found :HOST/Jalani.xxxxxx.org/xx xxxx.org
* SPN found :HOST/Jalani.xxxxxx.org
* SPN found :HOST/JALANI
* SPN found :HOST/Jalani.xxxxxx.org/AB YSSINIAN
* SPN found :GC/Jalani.xxxxxx.org/xxxx xx.org
......................... JALANI passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... JALANI passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... JALANI passed test OutboundSecureChannels
Starting test: ObjectsReplicated
JALANI is in domain DC=adcorp,DC=org
Checking for CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o rg in domain DC=adcorp,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org in domain CN=Configuration,DC=adcorp ,DC=org on 1 servers
Object is up-to-date on all servers.
......................... JALANI passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... JALANI passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... JALANI passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... JALANI passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JALANI passed test systemlog
Starting test: VerifyReplicas
......................... JALANI passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o rg and backlink on
CN=JALANI,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =adcorp,DC =org
are correct.
The system object reference (frsComputerReferenceBL)
CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor p,DC=org
and backlink on CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o rg are
correct.
The system object reference (serverReferenceBL)
CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor p,DC=org
and backlink on
CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
are correct.
......................... JALANI passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... JALANI passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC JALANI for domain xxxxxx.org in site Default-First-Site-Name
Checking machine account for DC JALANI on DC JALANI.
* SPN found :LDAP/Jalani.xxxxxx.org/xx xxxx.org
* SPN found :LDAP/Jalani.xxxxxx.org
* SPN found :LDAP/JALANI
* SPN found :LDAP/Jalani.xxxxxx.org/AB YSSINIAN
* SPN found :LDAP/1fc261cc-92be-4841-a ba2-00faa8 7d7a21._ms dcs.xxxxxx .org
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/1fc261cc -92be-4841 -aba2-00fa a87d7a21/x xxxxx.org
* SPN found :HOST/Jalani.xxxxxx.org/xx xxxx.org
* SPN found :HOST/Jalani.xxxxxx.org
* SPN found :HOST/JALANI
* SPN found :HOST/Jalani.xxxxxx.org/AB YSSINIAN
* SPN found :GC/Jalani.xxxxxx.org/xxxx xx.org
[JALANI] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... JALANI passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
PDC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
Time Server Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
KDC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
......................... xxxxxx.org passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: Jalani.xxxxxx.org
Domain: xxxxxx.org
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:14:22:1A:DC:30
IP address is static
IP address: 192.168.1.10
DNS servers:
192.168.1.10 (<name unavailable>) [Valid]
192.168.0.202 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
4.2.2.2 (<name unavailable>) [Valid]
8.8.8.8 (<name unavailable>) [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone xxxxxx.org.
Test record _dcdiag_test_record added successfully in zone xxxxxx.org.
Test record _dcdiag_test_record deleted successfully in zone xxxxxx.org.
TEST: Records registration (RReg)
Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
Matching A record found at DNS server 192.168.1.10:
Jalani.xxxxxx.org
Matching CNAME record found at DNS server 192.168.1.10:
1fc261cc-92be-4841-aba2-00 faa87d7a21 ._msdcs.xx xxxx.org
Matching DC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.dc._msdcs.xxxxx x.org
Matching GC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.gc._msdcs.xxxxx x.org
Matching PDC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.pdc._msdcs.xxxx xx.org
Matching A record found at DNS server 192.168.0.202:
Jalani.xxxxxx.org
Matching CNAME record found at DNS server 192.168.0.202:
1fc261cc-92be-4841-aba2-00 faa87d7a21 ._msdcs.xx xxxx.org
Matching DC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.dc._msdcs.xxxxx x.org
Matching GC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.gc._msdcs.xxxxx x.org
Matching PDC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.pdc._msdcs.xxxx xx.org
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.168.0.202 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.10 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 4.2.2.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: xxxxxx.org
Jalani PASS PASS FAIL PASS PASS PASS n/a
......................... xxxxxx.org failed test DNS
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA LANI
Starting test: Connectivity
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA LANI
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : adcorp
Running enterprise tests on : xxxxxx.org
Starting test: DNS
Test results for domain controllers:
DC: Jalani.xxxxxx.org
Domain: xxxxxx.org
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ ________
Domain: xxxxxx.org
Jalani PASS PASS FAIL PASS PASS PASS n/a
......................... xxxxxx.org failed test DNS
DC test 2
.......................... .......... .
Computer Name: KIZO
DNS Host Name: KIZO.xxxxxx.org
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 9, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB908519
KB908531
KB909520
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912919
KB914388
KB914389
KB914783
KB917344
KB917422
KB917734
KB917953
KB918118
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB924667
KB925398_WMP64
KB925486
KB926247
KB926436
KB928090
KB928255
KB928843
KB929969
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : KIZO
IP Address . . . . . . . . : 192.168.0.202
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.202
192.168.1.10
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{70AB8E98-DD10 -43A6-8D72 -E683CA274 398}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.1.10, ERROR_TIMEOUT.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{70AB8E98-DD10 -43A6-8D72 -E683CA274 398}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{70AB8E98-DD10 -43A6-8D72 -E683CA274 398}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'ABYSSINIAN' is broken. [ERROR_NO_LOGON_SERVERS]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot open an LDAP session to 'Jalani.xxxxxx.org' at '192.168.1.10'.
[WARNING] Failed to query SPN registration on DC 'Jalani.xxxxxx.org'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KI ZO
Starting test: Connectivity
......................... KIZO passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KI ZO
Starting test: Replications
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=ForestDnsZones,DC=adcor p,DC=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
20 failures have occurred since the last success.
[JALANI] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=DomainDnsZones,DC=adcor p,DC=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
22 failures have occurred since the last success.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 08:50:57.
The last success occurred at 2013-12-09 15:48:08.
20 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Configuration,DC=adcorp ,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:35:18.
The last success occurred at 2013-12-09 15:48:08.
44 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=adcorp,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:41:09.
The last success occurred at 2013-12-09 15:55:03.
156 failures have occurred since the last success.
The source remains down. Please check the machine.
REPLICATION-RECEIVED LATENCY WARNING
KIZO: Current time is 2013-12-10 09:42:18.
DC=ForestDnsZones,DC=adcor p,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:09.
DC=DomainDnsZones,DC=adcor p,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Configuration,DC=adcorp ,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
DC=adcorp,DC=org
Last replication recieved from JALANI at 2013-12-09 15:55:03.
......................... KIZO passed test Replications
Starting test: NCSecDesc
......................... KIZO passed test NCSecDesc
Starting test: NetLogons
......................... KIZO passed test NetLogons
Starting test: Advertising
......................... KIZO passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
[JALANI] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... KIZO failed test KnowsOfRoleHolders
Starting test: RidManager
......................... KIZO failed test RidManager
Starting test: MachineAccount
......................... KIZO passed test MachineAccount
Starting test: Services
......................... KIZO passed test Services
Starting test: ObjectsReplicated
......................... KIZO passed test ObjectsReplicated
Starting test: frssysvol
......................... KIZO passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... KIZO failed test frsevent
Starting test: kccevent
......................... KIZO passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:36:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:38:21
(Event String could not be retrieved)
......................... KIZO failed test systemlog
Starting test: VerifyReferences
......................... KIZO passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... xxxxxx.org failed test FsmoCheck
Starting test: RegisterInDNS
This domain controller cannot register domain controller Locator DNS
records. This is because it cannot locate a DNS server authoritative for
the zone FQDNHERE. This is due to one of the following:
1. One or more DNS servers involved in the name resolution of the
FQDNHERE name are not responding or contain incorrect delegation of the
DNS zones; or
2. The DNS server that this computer is configured with contains
incorrect root hints.
The list of such DNS servers might include the DNS servers with which
this computer is configured for name resolution and the DNS servers
responsible for the following zones: FQDNHERE
Verify the correctness of the specified domain name and contact your
network/DNS administrator to fix the problem.
You can also manually add the records specified in the
%systemroot%\system32\conf ig\netlogo n.dns file.
......................... KIZO failed test RegisterInDNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine KIZO, is a DC.
* Connecting to directory service on server KIZO.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KI ZO
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... KIZO passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KI ZO
Starting test: Replications
* Replications Check
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=ForestDnsZones,DC=adcor p,DC=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
20 failures have occurred since the last success.
[JALANI] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=DomainDnsZones,DC=adcor p,DC=org
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
22 failures have occurred since the last success.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 08:50:57.
The last success occurred at 2013-12-09 15:48:08.
20 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Configuration,DC=adcorp ,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:35:18.
The last success occurred at 2013-12-09 15:48:08.
44 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=adcorp,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:41:09.
The last success occurred at 2013-12-09 15:55:03.
156 failures have occurred since the last success.
The source remains down. Please check the machine.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
KIZO: Current time is 2013-12-10 09:43:23.
DC=ForestDnsZones,DC=adcor p,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:09.
DC=DomainDnsZones,DC=adcor p,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=adcorp ,DC=org
Last replication recieved from JALANI at 2013-12-09 15:48:08.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=adcorp,DC=org
Last replication recieved from JALANI at 2013-12-09 15:55:03.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... KIZO passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration ,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... KIZO passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcor p,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration ,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=adcorp ,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... KIZO passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=adcor p,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=adcor p,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=adcorp ,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=adcorp ,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=adcorp,DC=org
(Domain,Version 2)
......................... KIZO passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... KIZO passed test NetLogons
Starting test: Advertising
The DC KIZO is advertising itself as a DC and having a DS.
The DC KIZO is advertising as an LDAP server
The DC KIZO is advertising as having a writeable directory
The DC KIZO is advertising as a Key Distribution Center
The DC KIZO is advertising as a time server
The DS KIZO is advertising as a GC.
......................... KIZO passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati ve Templates/System/Remote Procedure Call" to enable it.
[JALANI] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati ve Templates/System/Remote Procedure Call" to enable it.
Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati ve Templates/System/Remote Procedure Call" to enable it.
Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati ve Templates/System/Remote Procedure Call" to enable it.
Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= adcorp,DC= org
Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati ve Templates/System/Remote Procedure Call" to enable it.
Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... KIZO failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13103 to 1073741823
* Jalani.xxxxxx.org is the RID Master
......................... KIZO failed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/KIZO.xxxxxx.org/xxxx xx.org
* SPN found :LDAP/KIZO.xxxxxx.org
* SPN found :LDAP/KIZO
* SPN found :LDAP/KIZO.xxxxxx.org/ABYS SINIAN
* SPN found :LDAP/4ed61186-31ad-4ef1-8 30c-deb79c 53bc78._ms dcs.xxxxxx .org
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/4ed61186 -31ad-4ef1 -830c-deb7 9c53bc78/x xxxxx.org
* SPN found :HOST/KIZO.xxxxxx.org/xxxx xx.org
* SPN found :HOST/KIZO.xxxxxx.org
* SPN found :HOST/KIZO
* SPN found :HOST/KIZO.xxxxxx.org/ABYS SINIAN
* SPN found :GC/KIZO.xxxxxx.org/xxxxxx .org
......................... KIZO passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KIZO passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... KIZO passed test OutboundSecureChannels
Starting test: ObjectsReplicated
KIZO is in domain DC=adcorp,DC=org
Checking for CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o rg in domain DC=adcorp,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KIZO,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=ad corp,DC=or g in domain CN=Configuration,DC=adcorp ,DC=org on 1 servers
Object is up-to-date on all servers.
......................... KIZO passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KIZO passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 12/09/2013 18:00:41
(Event String could not be retrieved)
......................... KIZO failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... KIZO passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:36:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:38:21
(Event String could not be retrieved)
......................... KIZO failed test systemlog
Starting test: VerifyReplicas
......................... KIZO passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o rg and backlink on
CN=KIZO,CN=Servers,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=a dcorp,DC=o rg
are correct.
The system object reference (frsComputerReferenceBL)
CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor p,DC=org
and backlink on CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o rg are
correct.
The system object reference (serverReferenceBL)
CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor p,DC=org
and backlink on
CN=NTDS Settings,CN=KIZO,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=ad corp,DC=or g
are correct.
......................... KIZO passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... KIZO passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
KDC Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
......................... xxxxxx.org failed test FsmoCheck
Test not found. Please re-enter a valid test name.
Are all your DC's a Global Catalog? they need to be. yes
How many domains do you have? 1
FSMO info coming shortly
here are the results from your test: and it failed., i see.my .test not was not good enough
..........................
Computer Name: JALANI
DNS Host Name: Jalani.xxxxxx.org
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB905414
KB908519
KB908531
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912919
KB914388
KB914389
KB917159
KB917344
KB917422
KB917537
KB917734
KB917953
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922616
KB922760
KB922819
KB923191
KB924191
KB924496
KB925486
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : Jalani
IP Address . . . . . . . . : 192.168.1.10
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.1.1
Dns Servers. . . . . . . . : 192.168.1.10
192.168.0.202
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{A1B8D37F-7FA1
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10' and other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{A1B8D37F-7FA1
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{A1B8D37F-7FA1
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA
Starting test: Connectivity
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA
Starting test: Replications
......................... JALANI passed test Replications
Starting test: NCSecDesc
......................... JALANI passed test NCSecDesc
Starting test: NetLogons
......................... JALANI passed test NetLogons
Starting test: Advertising
......................... JALANI passed test Advertising
Starting test: KnowsOfRoleHolders
......................... JALANI passed test KnowsOfRoleHolders
Starting test: RidManager
......................... JALANI passed test RidManager
Starting test: MachineAccount
......................... JALANI passed test MachineAccount
Starting test: Services
......................... JALANI passed test Services
Starting test: ObjectsReplicated
......................... JALANI passed test ObjectsReplicated
Starting test: frssysvol
......................... JALANI passed test frssysvol
Starting test: frsevent
......................... JALANI passed test frsevent
Starting test: kccevent
......................... JALANI passed test kccevent
Starting test: systemlog
......................... JALANI passed test systemlog
Starting test: VerifyReferences
......................... JALANI passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
......................... xxxxxx.org passed test FsmoCheck
Starting test: RegisterInDNS
This domain controller cannot register domain controller Locator DNS
records. This is because it cannot locate a DNS server authoritative for
the zone FQDNHERE. This is due to one of the following:
1. One or more DNS servers involved in the name resolution of the
FQDNHERE name are not responding or contain incorrect delegation of the
DNS zones; or
2. The DNS server that this computer is configured with contains
incorrect root hints.
The list of such DNS servers might include the DNS servers with which
this computer is configured for name resolution and the DNS servers
responsible for the following zones: FQDNHERE
Verify the correctness of the specified domain name and contact your
network/DNS administrator to fix the problem.
You can also manually add the records specified in the
%systemroot%\system32\conf
......................... Jalani failed test RegisterInDNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine Jalani, is a DC.
* Connecting to directory service on server Jalani.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=adcorp
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=adcorp,DC=org
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... JALANI passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=adcorp
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... JALANI passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=adcorp
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... JALANI passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC JALANI.
* Security Permissions Check for
DC=ForestDnsZones,DC=adcor
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=adcor
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=adcorp
(Configuration,Version 2)
* Security Permissions Check for
DC=adcorp,DC=org
(Domain,Version 2)
......................... JALANI passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\JALANI\netlogon
Verified share \\JALANI\sysvol
......................... JALANI passed test NetLogons
Starting test: Advertising
The DC JALANI is advertising itself as a DC and having a DS.
The DC JALANI is advertising as an LDAP server
The DC JALANI is advertising as having a writeable directory
The DC JALANI is advertising as a Key Distribution Center
The DC JALANI is advertising as a time server
The DS JALANI is advertising as a GC.
......................... JALANI passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
......................... JALANI passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13103 to 1073741823
* Jalani.xxxxxx.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 12103 to 12602
* rIDPreviousAllocationPool is 12103 to 12602
* rIDNextRID: 12350
......................... JALANI passed test RidManager
Starting test: MachineAccount
Checking machine account for DC JALANI on DC JALANI.
* SPN found :LDAP/Jalani.xxxxxx.org/xx
* SPN found :LDAP/Jalani.xxxxxx.org
* SPN found :LDAP/JALANI
* SPN found :LDAP/Jalani.xxxxxx.org/AB
* SPN found :LDAP/1fc261cc-92be-4841-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/Jalani.xxxxxx.org/xx
* SPN found :HOST/Jalani.xxxxxx.org
* SPN found :HOST/JALANI
* SPN found :HOST/Jalani.xxxxxx.org/AB
* SPN found :GC/Jalani.xxxxxx.org/xxxx
......................... JALANI passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... JALANI passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... JALANI passed test OutboundSecureChannels
Starting test: ObjectsReplicated
JALANI is in domain DC=adcorp,DC=org
Checking for CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=JALANI,CN=Serv
Object is up-to-date on all servers.
......................... JALANI passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... JALANI passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... JALANI passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... JALANI passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JALANI passed test systemlog
Starting test: VerifyReplicas
......................... JALANI passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o
CN=JALANI,CN=Servers,CN=De
are correct.
The system object reference (frsComputerReferenceBL)
CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor
and backlink on CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=o
correct.
The system object reference (serverReferenceBL)
CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor
and backlink on
CN=NTDS Settings,CN=JALANI,CN=Serv
are correct.
......................... JALANI passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... JALANI passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC JALANI for domain xxxxxx.org in site Default-First-Site-Name
Checking machine account for DC JALANI on DC JALANI.
* SPN found :LDAP/Jalani.xxxxxx.org/xx
* SPN found :LDAP/Jalani.xxxxxx.org
* SPN found :LDAP/JALANI
* SPN found :LDAP/Jalani.xxxxxx.org/AB
* SPN found :LDAP/1fc261cc-92be-4841-a
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/Jalani.xxxxxx.org/xx
* SPN found :HOST/Jalani.xxxxxx.org
* SPN found :HOST/JALANI
* SPN found :HOST/Jalani.xxxxxx.org/AB
* SPN found :GC/Jalani.xxxxxx.org/xxxx
[JALANI] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... JALANI passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
PDC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
Time Server Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
KDC Name: \\Jalani.xxxxxx.org
Locator Flags: 0xe00003fd
......................... xxxxxx.org passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: Jalani.xxxxxx.org
Domain: xxxxxx.org
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:14:22:1A:DC:30
IP address is static
IP address: 192.168.1.10
DNS servers:
192.168.1.10 (<name unavailable>) [Valid]
192.168.0.202 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
4.2.2.2 (<name unavailable>) [Valid]
8.8.8.8 (<name unavailable>) [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone xxxxxx.org.
Test record _dcdiag_test_record added successfully in zone xxxxxx.org.
Test record _dcdiag_test_record deleted successfully in zone xxxxxx.org.
TEST: Records registration (RReg)
Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
Matching A record found at DNS server 192.168.1.10:
Jalani.xxxxxx.org
Matching CNAME record found at DNS server 192.168.1.10:
1fc261cc-92be-4841-aba2-00
Matching DC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.dc._msdcs.xxxxx
Matching GC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.gc._msdcs.xxxxx
Matching PDC SRV record found at DNS server 192.168.1.10:
_ldap._tcp.pdc._msdcs.xxxx
Matching A record found at DNS server 192.168.0.202:
Jalani.xxxxxx.org
Matching CNAME record found at DNS server 192.168.0.202:
1fc261cc-92be-4841-aba2-00
Matching DC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.dc._msdcs.xxxxx
Matching GC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.gc._msdcs.xxxxx
Matching PDC SRV record found at DNS server 192.168.0.202:
_ldap._tcp.pdc._msdcs.xxxx
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
[Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
DNS server: 192.168.0.202 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.1.10 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 4.2.2.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: xxxxxx.org
Jalani PASS PASS FAIL PASS PASS PASS n/a
......................... xxxxxx.org failed test DNS
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\JA
Starting test: Connectivity
......................... JALANI passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\JA
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : adcorp
Running enterprise tests on : xxxxxx.org
Starting test: DNS
Test results for domain controllers:
DC: Jalani.xxxxxx.org
Domain: xxxxxx.org
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 8.8.8.8 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: xxxxxx.org
Jalani PASS PASS FAIL PASS PASS PASS n/a
......................... xxxxxx.org failed test DNS
DC test 2
..........................
Computer Name: KIZO
DNS Host Name: KIZO.xxxxxx.org
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 9, GenuineIntel
List of installed hotfixes :
KB890046
KB893756
KB896358
KB896424
KB896428
KB899587
KB899588
KB899589
KB899591
KB900725
KB901017
KB901214
KB902400
KB904706
KB904942
KB905414
KB908519
KB908531
KB909520
KB910437
KB911280
KB911562
KB911564
KB911567
KB911927
KB912919
KB914388
KB914389
KB914783
KB917344
KB917422
KB917734
KB917953
KB918118
KB918439
KB918899
KB920213
KB920214
KB920670
KB920683
KB920685
KB921398
KB921883
KB922582
KB922616
KB922819
KB923191
KB923414
KB923689
KB923694
KB923980
KB924191
KB924496
KB924667
KB925398_WMP64
KB925486
KB926247
KB926436
KB928090
KB928255
KB928843
KB929969
KB931836
Q147222
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : KIZO
IP Address . . . . . . . . : 192.168.0.202
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.0.1
Dns Servers. . . . . . . . : 192.168.0.202
192.168.1.10
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{70AB8E98-DD10
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.1.10, ERROR_TIMEOUT.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{70AB8E98-DD10
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{70AB8E98-DD10
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Failed
[FATAL] Secure channel to domain 'ABYSSINIAN' is broken. [ERROR_NO_LOGON_SERVERS]
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
[FATAL] Cannot open an LDAP session to 'Jalani.xxxxxx.org' at '192.168.1.10'.
[WARNING] Failed to query SPN registration on DC 'Jalani.xxxxxx.org'.
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KI
Starting test: Connectivity
......................... KIZO passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KI
Starting test: Replications
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=ForestDnsZones,DC=adcor
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
20 failures have occurred since the last success.
[JALANI] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=DomainDnsZones,DC=adcor
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
22 failures have occurred since the last success.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 08:50:57.
The last success occurred at 2013-12-09 15:48:08.
20 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Configuration,DC=adcorp
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:35:18.
The last success occurred at 2013-12-09 15:48:08.
44 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=adcorp,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:41:09.
The last success occurred at 2013-12-09 15:55:03.
156 failures have occurred since the last success.
The source remains down. Please check the machine.
REPLICATION-RECEIVED LATENCY WARNING
KIZO: Current time is 2013-12-10 09:42:18.
DC=ForestDnsZones,DC=adcor
Last replication recieved from JALANI at 2013-12-09 15:48:09.
DC=DomainDnsZones,DC=adcor
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Schema,CN=Configuration
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Configuration,DC=adcorp
Last replication recieved from JALANI at 2013-12-09 15:48:08.
DC=adcorp,DC=org
Last replication recieved from JALANI at 2013-12-09 15:55:03.
......................... KIZO passed test Replications
Starting test: NCSecDesc
......................... KIZO passed test NCSecDesc
Starting test: NetLogons
......................... KIZO passed test NetLogons
Starting test: Advertising
......................... KIZO passed test Advertising
Starting test: KnowsOfRoleHolders
Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
[JALANI] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... KIZO failed test KnowsOfRoleHolders
Starting test: RidManager
......................... KIZO failed test RidManager
Starting test: MachineAccount
......................... KIZO passed test MachineAccount
Starting test: Services
......................... KIZO passed test Services
Starting test: ObjectsReplicated
......................... KIZO passed test ObjectsReplicated
Starting test: frssysvol
......................... KIZO passed test frssysvol
Starting test: frsevent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... KIZO failed test frsevent
Starting test: kccevent
......................... KIZO passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:36:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:38:21
(Event String could not be retrieved)
......................... KIZO failed test systemlog
Starting test: VerifyReferences
......................... KIZO passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... xxxxxx.org failed test FsmoCheck
Starting test: RegisterInDNS
This domain controller cannot register domain controller Locator DNS
records. This is because it cannot locate a DNS server authoritative for
the zone FQDNHERE. This is due to one of the following:
1. One or more DNS servers involved in the name resolution of the
FQDNHERE name are not responding or contain incorrect delegation of the
DNS zones; or
2. The DNS server that this computer is configured with contains
incorrect root hints.
The list of such DNS servers might include the DNS servers with which
this computer is configured for name resolution and the DNS servers
responsible for the following zones: FQDNHERE
Verify the correctness of the specified domain name and contact your
network/DNS administrator to fix the problem.
You can also manually add the records specified in the
%systemroot%\system32\conf
......................... KIZO failed test RegisterInDNS
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine KIZO, is a DC.
* Connecting to directory service on server KIZO.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KI
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... KIZO passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KI
Starting test: Replications
* Replications Check
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=ForestDnsZones,DC=adcor
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
20 failures have occurred since the last success.
[JALANI] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 8852 (DcDiag)
System Time is: 12/10/2013 14:43:44:282
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=DomainDnsZones,DC=adcor
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2013-12-10 08:50:15.
The last success occurred at 2013-12-09 15:48:09.
22 failures have occurred since the last success.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 08:50:57.
The last success occurred at 2013-12-09 15:48:08.
20 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: CN=Configuration,DC=adcorp
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:35:18.
The last success occurred at 2013-12-09 15:48:08.
44 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,KIZO] A recent replication attempt failed:
From JALANI to KIZO
Naming Context: DC=adcorp,DC=org
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2013-12-10 09:41:09.
The last success occurred at 2013-12-09 15:55:03.
156 failures have occurred since the last success.
The source remains down. Please check the machine.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
KIZO: Current time is 2013-12-10 09:43:23.
DC=ForestDnsZones,DC=adcor
Last replication recieved from JALANI at 2013-12-09 15:48:09.
DC=DomainDnsZones,DC=adcor
Last replication recieved from JALANI at 2013-12-09 15:48:08.
CN=Schema,CN=Configuration
Last replication recieved from JALANI at 2013-12-09 15:48:08.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=adcorp
Last replication recieved from JALANI at 2013-12-09 15:48:08.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=adcorp,DC=org
Last replication recieved from JALANI at 2013-12-09 15:55:03.
Latency information for 17 entries in the vector were ignored.
17 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... KIZO passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=adcorp
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... KIZO passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcor
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=adcorp
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=adcorp,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... KIZO passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=adcor
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=adcor
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=adcorp
(Configuration,Version 2)
* Security Permissions Check for
DC=adcorp,DC=org
(Domain,Version 2)
......................... KIZO passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... KIZO passed test NetLogons
Starting test: Advertising
The DC KIZO is advertising itself as a DC and having a DS.
The DC KIZO is advertising as an LDAP server
The DC KIZO is advertising as having a writeable directory
The DC KIZO is advertising as a Key Distribution Center
The DC KIZO is advertising as a time server
The DS KIZO is advertising as a GC.
......................... KIZO passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati
[JALANI] LDAP search failed with error 58,
The specified server cannot perform the requested operation..
Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati
Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati
Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati
Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Serv
Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrati
Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... KIZO failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 13103 to 1073741823
* Jalani.xxxxxx.org is the RID Master
......................... KIZO failed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/KIZO.xxxxxx.org/xxxx
* SPN found :LDAP/KIZO.xxxxxx.org
* SPN found :LDAP/KIZO
* SPN found :LDAP/KIZO.xxxxxx.org/ABYS
* SPN found :LDAP/4ed61186-31ad-4ef1-8
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/KIZO.xxxxxx.org/xxxx
* SPN found :HOST/KIZO.xxxxxx.org
* SPN found :HOST/KIZO
* SPN found :HOST/KIZO.xxxxxx.org/ABYS
* SPN found :GC/KIZO.xxxxxx.org/xxxxxx
......................... KIZO passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KIZO passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... KIZO passed test OutboundSecureChannels
Starting test: ObjectsReplicated
KIZO is in domain DC=adcorp,DC=org
Checking for CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KIZO,CN=Server
Object is up-to-date on all servers.
......................... KIZO passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KIZO passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 12/09/2013 18:00:41
(Event String could not be retrieved)
......................... KIZO failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... KIZO passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:36:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:37:11
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 12/10/2013 09:38:21
(Event String could not be retrieved)
......................... KIZO failed test systemlog
Starting test: VerifyReplicas
......................... KIZO passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o
CN=KIZO,CN=Servers,CN=Defa
are correct.
The system object reference (frsComputerReferenceBL)
CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor
and backlink on CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=o
correct.
The system object reference (serverReferenceBL)
CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcor
and backlink on
CN=NTDS Settings,CN=KIZO,CN=Server
are correct.
......................... KIZO passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... KIZO passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : adcorp
Starting test: CrossRefValidation
......................... adcorp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... adcorp passed test CheckSDRefDom
Running enterprise tests on : xxxxxx.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... xxxxxx.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
KDC Name: \\KIZO.xxxxxx.org
Locator Flags: 0xe00001fc
......................... xxxxxx.org failed test FsmoCheck
Test not found. Please re-enter a valid test name.
Ok you have many DNS errors here.
We need to review your DNS setup.
On the DC's they all are DNS servers?
The DNS server entry for each DNS server (DC) should be its ip address.
Then the secondary DNS records can be the other DNS server.
ipconfig /all from each DC post.
Can you ping each DC to DC using FQDN?
Can you ping from a workstation to each DC using FQDN?
Are the DNS servers running on the DC servers check the DNS event LOG
We need to review your DNS setup.
On the DC's they all are DNS servers?
The DNS server entry for each DNS server (DC) should be its ip address.
Then the secondary DNS records can be the other DNS server.
ipconfig /all from each DC post.
Can you ping each DC to DC using FQDN?
Can you ping from a workstation to each DC using FQDN?
Are the DNS servers running on the DC servers check the DNS event LOG
ASKER
On the DC's they all are DNS servers? yes
The DNS server entry for each DNS server (DC) should be its ip address. correct.
Then the secondary DNS records can be the other DNS server. correct
ipconfig /all from each DC post.
server 1:
C:\Documents and Settings\Administrator.xxx xxxx>ipcon fig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jalani
Primary Dns Suffix . . . . . . . :xxxx.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-1A-DC-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.10
192.168.0.202
server 2
C:\Documents and Settings\Administrator.xxx xxxxx>ipco nfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : KIZO
Primary Dns Suffix . . . . . . . : xxxx.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-15-C5-5F-62-36
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.202
192.168.1.10
>
Can you ping each DC to DC using FQDN? yes
Can you ping from a workstation to each DC using FQDN? yes
Are the DNS servers running on the DC servers check the DNS event LOG . Yes DNS server and client is running on both. No events except scavenging notices and one informational event on the DC. 8.8.8.8 is a forwarder. No events at all in the secondary server event log for DNS :
The DNS server encountered an invalid domain name in a packet from 8.8.8.8. The packet will be rejected. The event data contains the DNS packet
The DNS server entry for each DNS server (DC) should be its ip address. correct.
Then the secondary DNS records can be the other DNS server. correct
ipconfig /all from each DC post.
server 1:
C:\Documents and Settings\Administrator.xxx
Windows IP Configuration
Host Name . . . . . . . . . . . . : Jalani
Primary Dns Suffix . . . . . . . :xxxx.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-14-22-1A-DC-30
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.10
192.168.0.202
server 2
C:\Documents and Settings\Administrator.xxx
Windows IP Configuration
Host Name . . . . . . . . . . . . : KIZO
Primary Dns Suffix . . . . . . . : xxxx.org
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : xxxx.org
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-15-C5-5F-62-36
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.202
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.202
192.168.1.10
>
Can you ping each DC to DC using FQDN? yes
Can you ping from a workstation to each DC using FQDN? yes
Are the DNS servers running on the DC servers check the DNS event LOG . Yes DNS server and client is running on both. No events except scavenging notices and one informational event on the DC. 8.8.8.8 is a forwarder. No events at all in the secondary server event log for DNS :
The DNS server encountered an invalid domain name in a packet from 8.8.8.8. The packet will be rejected. The event data contains the DNS packet
Ok your setup looks good.
Are your DC's running a firewall?
For exchange each DC must be a Global Catalog make sure they are.
Still thinking it is in your routers something went wrong.
Have you had time to check with the routers?
Are your DC's running a firewall?
For exchange each DC must be a Global Catalog make sure they are.
Still thinking it is in your routers something went wrong.
Have you had time to check with the routers?
ASKER
yes, they are running the windows firewall, what if i disable it?
each DC is a GC, just checked with ADSS under NTDS tab
Could the 8.8.8.8 forwarder be causing this ?
What about "the RPC server is unavailable errors" from jalani to kizo, lots of replication errors, and warnings about "jalani is the RID, PDC, IU, owner but not responding to LDAP bind"
dom't know exactly what to ask about the routers, do you have any guidance? they feel it's the servers, of course....
each DC is a GC, just checked with ADSS under NTDS tab
Could the 8.8.8.8 forwarder be causing this ?
What about "the RPC server is unavailable errors" from jalani to kizo, lots of replication errors, and warnings about "jalani is the RID, PDC, IU, owner but not responding to LDAP bind"
dom't know exactly what to ask about the routers, do you have any guidance? they feel it's the servers, of course....
Yes I would disable the Firewall on the DC's as a test.
Yes the 8.8.8.8 could be a problem can you remove those entries.
I think the errors will go away if we make these changes.
Yes the 8.8.8.8 could be a problem can you remove those entries.
I think the errors will go away if we make these changes.
ASKER
If i remove the 8.8.8.8 don't i need an forwarder from my ISP? how will the DC know how to get out to the Internet, is that routing done on the edge (please excuse my non-knowledge of that area..)
Is stopping the firewall service enough? The firewall is a domain policy, unfortunately. I could just disable those sections and put them back later if necessary.
Is stopping the firewall service enough? The firewall is a domain policy, unfortunately. I could just disable those sections and put them back later if necessary.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for all your expertise, reading through all the logs, your batch file and assistance!
Stopping the firewall fixed the problem, don't know what the issue is, but i also removed the 8.8.8.8 from the forwarders.
quaybj
Stopping the firewall fixed the problem, don't know what the issue is, but i also removed the 8.8.8.8 from the forwarders.
quaybj
Your attachment is not on the site
Check that you are using a valid file type for attaching