Solved

subnet not available

Posted on 2013-12-09
13
386 Views
Last Modified: 2013-12-10
Here is the problem, which started a few days ago.

A windows 2003 domain has 9 subnets, 2 DC's.

MOST of the servers are in Subnet A, which so far is reachable from the other subnets except for one, subnet T for Trouble.

There is a secondary DC in subnet B, which is also reachable.

3 servers, including the remote licensing server, are in subnet T and cannot be reached from anywhere, even from within the same subnet.   Error logs say no domain controller is available, or the time server cannot be reached.

So far people can logon to the network, but people can no longer use RDS on the server in subnet A because (I think) the remote licensing server which is in subnet T, is out of reach.  Error is Access Denied.  RDS was working this morning.

I also cannot remote to other servers, except the DC,  in  subnet A- getting the error "there are no logon servers to access the request" strange because the DC's are both running, Exchange is running.

I can ping, access shares in subnet A from subnet T, but not vice versa.

NSlookup gives correct results from a server in subnet A, but times out in 2 seconds and says server unknown from subnet T.  There are PTR records for the DCs in the correct places, but any advice on this is welcome.

I seems like there is no route to subnet T from subnet A, but I don't control the SonicWall firewall.  I am attaching a document with the domain firewall policy and a script I recently applied to the workstations ONLY, to make Lansweeper work.  I did not apply it to the servers because they were being scanned ok.  Before I go back to the people managing the routing, I would appreciate any help I can get on this.
0
Comment
Question by:quaybj
  • 7
  • 6
13 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
I would check the routers logs sounds like a link is down

Your attachment is not on the site

Check that you are using a valid file type for attaching
0
 

Author Comment

by:quaybj
Comment Utility
Thanks trgrassijr55,

more on this...  

exchange says it can't find the DC, but dcdiag and netdiag check out OK.

the time service doesn't stay synched: i made it sync to a external source last night, this morning it's back to ignoring the source.  I tweaked some settings according to http://support.microsoft.com/kb/884776

Inside the LAN things are still running, including sharepoint, exchange, shares, mappings..

Correction on a statement above, I can ping subnet T from subnet A so  maybe a firewall problem?  will ask the routing guys this am

it's only the servers that have the DC cannot be found errors, will check PC's for that and post results

i re-uploaded the file, a pdf, which has my domain firewall settings
0
 

Author Comment

by:quaybj
Comment Utility
i still don't see the file so i'm pasting the results:

Network/Network Connections/Windows Firewall/Domain Profile
      PolicySetting
      Windows Firewall: Allow file and printer sharing exception  Enabled
            Allow unsolicited incoming messages from:
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Allow ICMP exceptions  Enabled
            Allow outbound destination unreachable  Enabled
            Allow outbound source quench  Disabled
            Allow redirect  Disabled
            Allow inbound echo request  Enabled
            Allow inbound router request  Disabled
            Allow outbound time exceeded  Disabled
            Allow outbound parameter problem  Disabled
            Allow inbound timestamp request  Disabled
            Allow inbound mask request  Disabled
            Allow outbound packet too big  Disabled

      PolicySetting
      Windows Firewall: Allow local port exceptions  Enabled
      Windows Firewall: Allow local program exceptions  Enabled
      Windows Firewall: Allow logging  Enabled
            Log dropped packets  Enabled
            Log successful connections  Enabled
            Log file path and
            name:%systemroot%\system32\LogFiles\Firewall\pfirewall.log
            Size limit (KB):4096

      PolicySetting
      Windows Firewall: Allow remote administration exception  Enabled
            Allow unsolicited incoming messages from:*
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Allow Remote Desktop exception  Enabled
            Allow unsolicited incoming messages from:*
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Prohibit notifications  Disabled
      Windows Firewall: Prohibit unicast response to multicast or broadcast
      requests  Disabled

Network/Network Connections/Windows Firewall/Standard Profile
      PolicySetting
      Windows Firewall: Allow file and printer sharing exception  Enabled
            Allow unsolicited incoming messages from:*
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Allow ICMP exceptions  Enabled
            Allow outbound destination unreachable  Enabled
            Allow outbound source quench  Disabled
            Allow redirect  Disabled
            Allow inbound echo request  Enabled
            Allow inbound router request  Disabled
            Allow outbound time exceeded  Disabled
            Allow outbound parameter problem  Disabled
            Allow inbound timestamp request  Disabled
            Allow inbound mask request  Disabled
            Allow outbound packet too big  Disabled

      PolicySetting
      Windows Firewall: Allow local port exceptions  Enabled
      Windows Firewall: Allow local program exceptions  Enabled
      Windows Firewall: Allow logging  Enabled
            Log dropped packets  Enabled
            Log successful connections  Enabled
            Log file path and
            name:%systemroot%\system32\LogFiles\Firewall\pfirewall.log
            Size limit (KB):4096

      PolicySetting
      Windows Firewall: Allow remote administration exception  Enabled
            Allow unsolicited incoming messages from:*
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Allow Remote Desktop exception  Enabled
            Allow unsolicited incoming messages from:*
            Syntax:
            Type "*" to allow messages from any network, or
            else type a comma-separated list that contains
            any number or combination of these:
            IP addresses, such as 10.0.0.1
            Subnet descriptions, such as 10.2.3.0/24
            The string "localsubnet"
            Example: to allow messages from 10.0.0.1,
            10.0.0.2, and from any system on the
            local subnet or on the 10.3.4.x subnet,
            type the following:
            10.0.0.1,10.0.0.2,localsubnet,10.3.4.0/24

      PolicySetting
      Windows Firewall: Prohibit notifications  Disabled
      Windows Firewall: Prohibit unicast response to multicast or broadcast
      requests  Disabled

here is the script i mentioned above to open ports for Lansweeper, applied to workstations only:

Echo refreshing system policies....... > c:\swss.log
rem gpupdate /force
ipconfig /flushdns
Echo Opening Required Ports, please wait........ >> c:\swss.log  
netsh firewall add portopening TCP 135 RPC >> c:\swss.log
netsh firewall add portopening TCP 445 SMB >> c:\swss.log
netsh firewall add portopening UDP 137 NetBIOS >> c:\swss.log
Echo Opening Dynamic Ports for WMI..... >> c:\swss.log
for /l %%i in (1024,1,1030) do netsh firewall add portopening TCP %%i "Dynamic WMI %i"
Echo Setting Firewall Services.......... >> c:\swss.log  
netsh firewall set service REMOTEADMIN enable >> c:\swss.log  
netsh firewall set service type=upnp mode=enable scope=subnet >> c:\swss.log  
Echo Enabling DCOM....... >> c:\swss.log  
reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ /d "Y" /f >> c:\swss.log
Echo Configuring DCOM.... >> c:\swss.log  
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d "2" /f >> c:\swss.log
reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyImpersonationLevel /t REG_DWORD /d "3" /f >> c:\swss.log
Echo Changing Service Startup..... >> c:\swss.log  
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\winmgmt\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\rpcss\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\rpclocator\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\remoteregistry\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\wmiapsrv\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\eventsystem\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\rasauto\Start=2 /y >> c:\swss.log
REG ADD HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation\Start=2 /y >> c:\swss.log
Echo Resyncing WMI....... >> c:\swss.log
winmgmt.exe /resyncperf >> c:\swss.log  
Echo Initializing restart.......... >> c:\swss.log  
rem shutdown /i >> c:\swss.log
0
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
I still think you have a router problem.



Could be DNS to.

Are all your DC's a Global Catalog? they need to be.

Who owns the FSMO Roles?

How many domains do you have?

Can you post the DCDIAG's  and netdiag you ran

Here is a script I run weekly on my network DC's

@echo off
netdiag >dclogx.txt
dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FQDNHERE >>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt


Post results
0
 

Author Comment

by:quaybj
Comment Utility
some answers:
Are all your DC's a Global Catalog? they need to be.   yes
How many domains do you have?  1
FSMO info coming shortly
   here are the results from your test: and it failed., i see.my .test not was not good    enough

.....................................

    Computer Name: JALANI
    DNS Host Name: Jalani.xxxxxx.org
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB905414
        KB908519
        KB908531
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911927
        KB912919
        KB914388
        KB914389
        KB917159
        KB917344
        KB917422
        KB917537
        KB917734
        KB917953
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922616
        KB922760
        KB922819
        KB923191
        KB924191
        KB924496
        KB925486
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : Jalani
        IP Address . . . . . . . . : 192.168.1.10
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.1.1
        Dns Servers. . . . . . . . : 192.168.1.10
                                     192.168.0.202


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{A1B8D37F-7FA1-4B51-9D88-136CB09EA29B}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.10' and other DCs also have some of the names registered.
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{A1B8D37F-7FA1-4B51-9D88-136CB09EA29B}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{A1B8D37F-7FA1-4B51-9D88-136CB09EA29B}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\JALANI
      Starting test: Connectivity
         ......................... JALANI passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\JALANI
      Starting test: Replications
         ......................... JALANI passed test Replications
      Starting test: NCSecDesc
         ......................... JALANI passed test NCSecDesc
      Starting test: NetLogons
         ......................... JALANI passed test NetLogons
      Starting test: Advertising
         ......................... JALANI passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... JALANI passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... JALANI passed test RidManager
      Starting test: MachineAccount
         ......................... JALANI passed test MachineAccount
      Starting test: Services
         ......................... JALANI passed test Services
      Starting test: ObjectsReplicated
         ......................... JALANI passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... JALANI passed test frssysvol
      Starting test: frsevent
         ......................... JALANI passed test frsevent
      Starting test: kccevent
         ......................... JALANI passed test kccevent
      Starting test: systemlog
         ......................... JALANI passed test systemlog
      Starting test: VerifyReferences
         ......................... JALANI passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : adcorp
      Starting test: CrossRefValidation
         ......................... adcorp passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... adcorp passed test CheckSDRefDom
   
   Running enterprise tests on : xxxxxx.org
      Starting test: Intersite
         ......................... xxxxxx.org passed test Intersite
      Starting test: FsmoCheck
         ......................... xxxxxx.org passed test FsmoCheck
   Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS

      records. This is because it cannot locate a DNS server authoritative for

      the zone FQDNHERE. This is due to one of the following:
     
      1. One or more DNS servers involved in the name resolution of the

      FQDNHERE name are not responding or contain incorrect delegation of the

      DNS zones; or
     
      2. The DNS server that this computer is configured with contains

      incorrect root hints.
     
      The list of such DNS servers might include the DNS servers with which

      this computer is configured for name resolution and the DNS servers

      responsible for the following zones: FQDNHERE
     
      Verify the correctness of the specified domain name and contact your

      network/DNS administrator to fix the problem.
     
      You can also manually add the records specified in the

      %systemroot%\system32\config\netlogon.dns file.
     
     
      ......................... Jalani failed test RegisterInDNS

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine Jalani, is a DC.
   * Connecting to directory service on server Jalani.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\JALANI
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... JALANI passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\JALANI
      Starting test: Replications
         * Replications Check
         * Replication Latency Check
            CN=Schema,CN=Configuration,DC=adcorp,DC=org
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=adcorp,DC=org
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=adcorp,DC=org
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... JALANI passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... JALANI passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... JALANI passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions check for all NC's on DC JALANI.
         * Security Permissions Check for
           DC=ForestDnsZones,DC=adcorp,DC=org
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=adcorp,DC=org
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=adcorp,DC=org
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=adcorp,DC=org
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=adcorp,DC=org
            (Domain,Version 2)
         ......................... JALANI passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         Verified share \\JALANI\netlogon
         Verified share \\JALANI\sysvol
         ......................... JALANI passed test NetLogons
      Starting test: Advertising
         The DC JALANI is advertising itself as a DC and having a DS.
         The DC JALANI is advertising as an LDAP server
         The DC JALANI is advertising as having a writeable directory
         The DC JALANI is advertising as a Key Distribution Center
         The DC JALANI is advertising as a time server
         The DS JALANI is advertising as a GC.
         ......................... JALANI passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         ......................... JALANI passed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 13103 to 1073741823
         * Jalani.xxxxxx.org is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 12103 to 12602
         * rIDPreviousAllocationPool is 12103 to 12602
         * rIDNextRID: 12350
         ......................... JALANI passed test RidManager
      Starting test: MachineAccount
         Checking machine account for DC JALANI on DC JALANI.
         * SPN found :LDAP/Jalani.xxxxxx.org/xxxxxx.org
         * SPN found :LDAP/Jalani.xxxxxx.org
         * SPN found :LDAP/JALANI
         * SPN found :LDAP/Jalani.xxxxxx.org/ABYSSINIAN
         * SPN found :LDAP/1fc261cc-92be-4841-aba2-00faa87d7a21._msdcs.xxxxxx.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1fc261cc-92be-4841-aba2-00faa87d7a21/xxxxxx.org
         * SPN found :HOST/Jalani.xxxxxx.org/xxxxxx.org
         * SPN found :HOST/Jalani.xxxxxx.org
         * SPN found :HOST/JALANI
         * SPN found :HOST/Jalani.xxxxxx.org/ABYSSINIAN
         * SPN found :GC/Jalani.xxxxxx.org/xxxxxx.org
         ......................... JALANI passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... JALANI passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... JALANI passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         JALANI is in domain DC=adcorp,DC=org
         Checking for CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=org in domain DC=adcorp,DC=org on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org in domain CN=Configuration,DC=adcorp,DC=org on 1 servers
            Object is up-to-date on all servers.
         ......................... JALANI passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... JALANI passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         ......................... JALANI passed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... JALANI passed test kccevent
      Starting test: systemlog
         * The System Event log test
         Found no errors in System Event log in the last 60 minutes.
         ......................... JALANI passed test systemlog
      Starting test: VerifyReplicas
         ......................... JALANI passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=org and backlink on

         CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcorp,DC=org

         and backlink on CN=JALANI,OU=Domain Controllers,DC=adcorp,DC=org are

         correct.
         The system object reference (serverReferenceBL)

         CN=JALANI,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcorp,DC=org

         and backlink on

         CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org

         are correct.
         ......................... JALANI passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... JALANI passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         * Dr Auth:  Beginning security errors check!
         Found KDC JALANI for domain xxxxxx.org in site Default-First-Site-Name
         Checking machine account for DC JALANI on DC JALANI.
         * SPN found :LDAP/Jalani.xxxxxx.org/xxxxxx.org
         * SPN found :LDAP/Jalani.xxxxxx.org
         * SPN found :LDAP/JALANI
         * SPN found :LDAP/Jalani.xxxxxx.org/ABYSSINIAN
         * SPN found :LDAP/1fc261cc-92be-4841-aba2-00faa87d7a21._msdcs.xxxxxx.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1fc261cc-92be-4841-aba2-00faa87d7a21/xxxxxx.org
         * SPN found :HOST/Jalani.xxxxxx.org/xxxxxx.org
         * SPN found :HOST/Jalani.xxxxxx.org
         * SPN found :HOST/JALANI
         * SPN found :HOST/Jalani.xxxxxx.org/ABYSSINIAN
         * SPN found :GC/Jalani.xxxxxx.org/xxxxxx.org
         [JALANI] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
         ......................... JALANI passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : adcorp
      Starting test: CrossRefValidation
         ......................... adcorp passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... adcorp passed test CheckSDRefDom
   
   Running enterprise tests on : xxxxxx.org
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... xxxxxx.org passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\Jalani.xxxxxx.org
         Locator Flags: 0xe00003fd
         PDC Name: \\Jalani.xxxxxx.org
         Locator Flags: 0xe00003fd
         Time Server Name: \\Jalani.xxxxxx.org
         Locator Flags: 0xe00003fd
         Preferred Time Server Name: \\Jalani.xxxxxx.org
         Locator Flags: 0xe00003fd
         KDC Name: \\Jalani.xxxxxx.org
         Locator Flags: 0xe00003fd
         ......................... xxxxxx.org passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: Jalani.xxxxxx.org
            Domain: xxxxxx.org

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                   Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Service Pack level: 1.0) is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     MAC address is 00:14:22:1A:DC:30
                     IP address is static
                     IP address: 192.168.1.10
                     DNS servers:
                        192.168.1.10 (<name unavailable>) [Valid]
                        192.168.0.202 (<name unavailable>) [Valid]
                  The A record for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found (primary)
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     4.2.2.2 (<name unavailable>) [Valid]
                     8.8.8.8 (<name unavailable>) [Invalid]
                 
               TEST: Delegations (Del)
                  No delegations were found in this zone on this DNS server
                 
               TEST: Dynamic update (Dyn)
                  Dynamic update is enabled on the zone xxxxxx.org.
                  Test record _dcdiag_test_record added successfully in zone xxxxxx.org.
                  Test record _dcdiag_test_record deleted successfully in zone xxxxxx.org.
                 
               TEST: Records registration (RReg)
                  Network Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
                     Matching A record found at DNS server 192.168.1.10:
                     Jalani.xxxxxx.org

                     Matching CNAME record found at DNS server 192.168.1.10:
                     1fc261cc-92be-4841-aba2-00faa87d7a21._msdcs.xxxxxx.org

                     Matching DC SRV record found at DNS server 192.168.1.10:
                     _ldap._tcp.dc._msdcs.xxxxxx.org

                     Matching GC SRV record found at DNS server 192.168.1.10:
                     _ldap._tcp.gc._msdcs.xxxxxx.org

                     Matching PDC SRV record found at DNS server 192.168.1.10:
                     _ldap._tcp.pdc._msdcs.xxxxxx.org

                     Matching A record found at DNS server 192.168.0.202:
                     Jalani.xxxxxx.org

                     Matching CNAME record found at DNS server 192.168.0.202:
                     1fc261cc-92be-4841-aba2-00faa87d7a21._msdcs.xxxxxx.org

                     Matching DC SRV record found at DNS server 192.168.0.202:
                     _ldap._tcp.dc._msdcs.xxxxxx.org

                     Matching GC SRV record found at DNS server 192.168.0.202:
                     _ldap._tcp.gc._msdcs.xxxxxx.org

                     Matching PDC SRV record found at DNS server 192.168.0.202:
                     _ldap._tcp.pdc._msdcs.xxxxxx.org

         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
               [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
               
            DNS server: 192.168.0.202 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 192.168.1.10 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 4.2.2.2 (<name unavailable>)
               All tests passed on this DNS server
               This is a valid DNS server.
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: xxxxxx.org
               Jalani                       PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... xxxxxx.org failed test DNS

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\JALANI
      Starting test: Connectivity
         ......................... JALANI passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\JALANI

DNS Tests are running and not hung. Please wait a few minutes...
   
   Running partition tests on : ForestDnsZones
   
   Running partition tests on : DomainDnsZones
   
   Running partition tests on : Schema
   
   Running partition tests on : Configuration
   
   Running partition tests on : adcorp
   
   Running enterprise tests on : xxxxxx.org
      Starting test: DNS
         Test results for domain controllers:
           
            DC: Jalani.xxxxxx.org
            Domain: xxxxxx.org

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 8.8.8.8 (<name unavailable>)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 8.8.8.8
               
         Summary of DNS test results:
         
                                            Auth Basc Forw Del  Dyn  RReg Ext  
               ________________________________________________________________
            Domain: xxxxxx.org
               Jalani                       PASS PASS FAIL PASS PASS PASS n/a  
         
         ......................... xxxxxx.org failed test DNS

DC test 2


.....................................

    Computer Name: KIZO
    DNS Host Name: KIZO.xxxxxx.org
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB890046
        KB893756
        KB896358
        KB896424
        KB896428
        KB899587
        KB899588
        KB899589
        KB899591
        KB900725
        KB901017
        KB901214
        KB902400
        KB904706
        KB904942
        KB905414
        KB908519
        KB908531
        KB909520
        KB910437
        KB911280
        KB911562
        KB911564
        KB911567
        KB911927
        KB912919
        KB914388
        KB914389
        KB914783
        KB917344
        KB917422
        KB917734
        KB917953
        KB918118
        KB918439
        KB918899
        KB920213
        KB920214
        KB920670
        KB920683
        KB920685
        KB921398
        KB921883
        KB922582
        KB922616
        KB922819
        KB923191
        KB923414
        KB923689
        KB923694
        KB923980
        KB924191
        KB924496
        KB924667
        KB925398_WMP64
        KB925486
        KB926247
        KB926436
        KB928090
        KB928255
        KB928843
        KB929969
        KB931836
        Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : KIZO
        IP Address . . . . . . . . : 192.168.0.202
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.0.1
        Dns Servers. . . . . . . . : 192.168.0.202
                                     192.168.1.10


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names is missing.
            No remote names have been found.

        WINS service test. . . . . : Skipped
            There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{70AB8E98-DD10-43A6-8D72-E683CA274398}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Service', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.0.202' and other DCs also have some of the names registered.
       [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.1.10, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{70AB8E98-DD10-43A6-8D72-E683CA274398}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{70AB8E98-DD10-43A6-8D72-E683CA274398}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Failed
    [FATAL] Secure channel to domain 'ABYSSINIAN' is broken. [ERROR_NO_LOGON_SERVERS]


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
    [FATAL] Cannot open an LDAP session to 'Jalani.xxxxxx.org' at '192.168.1.10'.
    [WARNING] Failed to query SPN registration on DC 'Jalani.xxxxxx.org'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\KIZO
      Starting test: Connectivity
         ......................... KIZO passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\KIZO
      Starting test: Replications
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=ForestDnsZones,DC=adcorp,DC=org
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2013-12-10 08:50:15.
            The last success occurred at 2013-12-09 15:48:09.
            20 failures have occurred since the last success.
         [JALANI] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=DomainDnsZones,DC=adcorp,DC=org
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2013-12-10 08:50:15.
            The last success occurred at 2013-12-09 15:48:09.
            22 failures have occurred since the last success.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: CN=Schema,CN=Configuration,DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 08:50:57.
            The last success occurred at 2013-12-09 15:48:08.
            20 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: CN=Configuration,DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 09:35:18.
            The last success occurred at 2013-12-09 15:48:08.
            44 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 09:41:09.
            The last success occurred at 2013-12-09 15:55:03.
            156 failures have occurred since the last success.
            The source remains down. Please check the machine.
         REPLICATION-RECEIVED LATENCY WARNING
         KIZO:  Current time is 2013-12-10 09:42:18.
            DC=ForestDnsZones,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:09.
            DC=DomainDnsZones,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
            CN=Schema,CN=Configuration,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
            CN=Configuration,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
            DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:55:03.
         ......................... KIZO passed test Replications
      Starting test: NCSecDesc
         ......................... KIZO passed test NCSecDesc
      Starting test: NetLogons
         ......................... KIZO passed test NetLogons
      Starting test: Advertising
         ......................... KIZO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
         [JALANI] LDAP search failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
         Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
         Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
         Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
         Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
         Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
         Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
         Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... KIZO failed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... KIZO failed test RidManager
      Starting test: MachineAccount
         ......................... KIZO passed test MachineAccount
      Starting test: Services
         ......................... KIZO passed test Services
      Starting test: ObjectsReplicated
         ......................... KIZO passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... KIZO passed test frssysvol
      Starting test: frsevent
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         ......................... KIZO failed test frsevent
      Starting test: kccevent
         ......................... KIZO passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:36:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:37:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:37:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:38:21
            (Event String could not be retrieved)
         ......................... KIZO failed test systemlog
      Starting test: VerifyReferences
         ......................... KIZO passed test VerifyReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : adcorp
      Starting test: CrossRefValidation
         ......................... adcorp passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... adcorp passed test CheckSDRefDom
   
   Running enterprise tests on : xxxxxx.org
      Starting test: Intersite
         ......................... xxxxxx.org passed test Intersite
      Starting test: FsmoCheck
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         ......................... xxxxxx.org failed test FsmoCheck
   Starting test: RegisterInDNS
      This domain controller cannot register domain controller Locator DNS

      records. This is because it cannot locate a DNS server authoritative for

      the zone FQDNHERE. This is due to one of the following:
     
      1. One or more DNS servers involved in the name resolution of the

      FQDNHERE name are not responding or contain incorrect delegation of the

      DNS zones; or
     
      2. The DNS server that this computer is configured with contains

      incorrect root hints.
     
      The list of such DNS servers might include the DNS servers with which

      this computer is configured for name resolution and the DNS servers

      responsible for the following zones: FQDNHERE
     
      Verify the correctness of the specified domain name and contact your

      network/DNS administrator to fix the problem.
     
      You can also manually add the records specified in the

      %systemroot%\system32\config\netlogon.dns file.
     
     
      ......................... KIZO failed test RegisterInDNS

Domain Controller Diagnosis

Performing initial setup:
   * Verifying that the local machine KIZO, is a DC.
   * Connecting to directory service on server KIZO.
   * Collecting site info.
   * Identifying all servers.
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\KIZO
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         * Active Directory RPC Services Check
         ......................... KIZO passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\KIZO
      Starting test: Replications
         * Replications Check
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=ForestDnsZones,DC=adcorp,DC=org
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2013-12-10 08:50:15.
            The last success occurred at 2013-12-09 15:48:09.
            20 failures have occurred since the last success.
         [JALANI] DsBindWithSpnEx() failed with error 1722,
         The RPC server is unavailable..
         Printing RPC Extended Error Info:
         Error Record 1, ProcessID is 8852 (DcDiag)        
            System Time is: 12/10/2013 14:43:44:282
            Generating component is 8 (winsock)
            Status is 1722: The RPC server is unavailable.

            Detection location is 323
         Error Record 2, ProcessID is 8852 (DcDiag)        
            System Time is: 12/10/2013 14:43:44:282
            Generating component is 8 (winsock)
            Status is 1237: The operation could not be completed. A retry should be performed.

            Detection location is 313
         Error Record 3, ProcessID is 8852 (DcDiag)        
            System Time is: 12/10/2013 14:43:44:282
            Generating component is 8 (winsock)
            Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

            Detection location is 311
            NumberOfParameters is 3
            Long val: 135
            Pointer val: 0
            Pointer val: 0
         Error Record 4, ProcessID is 8852 (DcDiag)        
            System Time is: 12/10/2013 14:43:44:282
            Generating component is 8 (winsock)
            Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

            Detection location is 318
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=DomainDnsZones,DC=adcorp,DC=org
            The replication generated an error (1256):
            The remote system is not available. For information about network troubleshooting, see Windows Help.
            The failure occurred at 2013-12-10 08:50:15.
            The last success occurred at 2013-12-09 15:48:09.
            22 failures have occurred since the last success.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: CN=Schema,CN=Configuration,DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 08:50:57.
            The last success occurred at 2013-12-09 15:48:08.
            20 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: CN=Configuration,DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 09:35:18.
            The last success occurred at 2013-12-09 15:48:08.
            44 failures have occurred since the last success.
            The source remains down. Please check the machine.
         [Replications Check,KIZO] A recent replication attempt failed:
            From JALANI to KIZO
            Naming Context: DC=adcorp,DC=org
            The replication generated an error (1722):
            The RPC server is unavailable.
            The failure occurred at 2013-12-10 09:41:09.
            The last success occurred at 2013-12-09 15:55:03.
            156 failures have occurred since the last success.
            The source remains down. Please check the machine.
         * Replication Latency Check
         REPLICATION-RECEIVED LATENCY WARNING
         KIZO:  Current time is 2013-12-10 09:43:23.
            DC=ForestDnsZones,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:09.
            DC=DomainDnsZones,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
            CN=Schema,CN=Configuration,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:48:08.
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=adcorp,DC=org
               Last replication recieved from JALANI at 2013-12-09 15:55:03.
               Latency information for 17 entries in the vector were ignored.
                  17 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         * Replication Site Latency Check
         ......................... KIZO passed test Replications
      Starting test: Topology
         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... KIZO passed test Topology
      Starting test: CutoffServers
         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=adcorp,DC=org.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... KIZO passed test CutoffServers
      Starting test: NCSecDesc
         * Security Permissions Check for
           DC=ForestDnsZones,DC=adcorp,DC=org
            (NDNC,Version 2)
         * Security Permissions Check for
           DC=DomainDnsZones,DC=adcorp,DC=org
            (NDNC,Version 2)
         * Security Permissions Check for
           CN=Schema,CN=Configuration,DC=adcorp,DC=org
            (Schema,Version 2)
         * Security Permissions Check for
           CN=Configuration,DC=adcorp,DC=org
            (Configuration,Version 2)
         * Security Permissions Check for
           DC=adcorp,DC=org
            (Domain,Version 2)
         ......................... KIZO passed test NCSecDesc
      Starting test: NetLogons
         * Network Logons Privileges Check
         ......................... KIZO passed test NetLogons
      Starting test: Advertising
         The DC KIZO is advertising itself as a DC and having a DS.
         The DC KIZO is advertising as an LDAP server
         The DC KIZO is advertising as having a writeable directory
         The DC KIZO is advertising as a Key Distribution Center
         The DC KIZO is advertising as a time server
         The DS KIZO is advertising as a GC.
         ......................... KIZO passed test Advertising
      Starting test: KnowsOfRoleHolders
         Role Schema Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Warning: JALANI is the Schema Owner, but is not responding to DS RPC Bind.
         RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
         [JALANI] LDAP search failed with error 58,
         The specified server cannot perform the requested operation..
         Warning: JALANI is the Schema Owner, but is not responding to LDAP Bind.
         Role Domain Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Warning: JALANI is the Domain Owner, but is not responding to DS RPC Bind.
         RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
         Warning: JALANI is the Domain Owner, but is not responding to LDAP Bind.
         Role PDC Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Warning: JALANI is the PDC Owner, but is not responding to DS RPC Bind.
         RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
         Warning: JALANI is the PDC Owner, but is not responding to LDAP Bind.
         Role Rid Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Warning: JALANI is the Rid Owner, but is not responding to DS RPC Bind.
         RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
         Warning: JALANI is the Rid Owner, but is not responding to LDAP Bind.
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=JALANI,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org
         Warning: JALANI is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
         RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it.
         Warning: JALANI is the Infrastructure Update Owner, but is not responding to LDAP Bind.
         ......................... KIZO failed test KnowsOfRoleHolders
      Starting test: RidManager
         * Available RID Pool for the Domain is 13103 to 1073741823
         * Jalani.xxxxxx.org is the RID Master
         ......................... KIZO failed test RidManager
      Starting test: MachineAccount
         * SPN found :LDAP/KIZO.xxxxxx.org/xxxxxx.org
         * SPN found :LDAP/KIZO.xxxxxx.org
         * SPN found :LDAP/KIZO
         * SPN found :LDAP/KIZO.xxxxxx.org/ABYSSINIAN
         * SPN found :LDAP/4ed61186-31ad-4ef1-830c-deb79c53bc78._msdcs.xxxxxx.org
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/4ed61186-31ad-4ef1-830c-deb79c53bc78/xxxxxx.org
         * SPN found :HOST/KIZO.xxxxxx.org/xxxxxx.org
         * SPN found :HOST/KIZO.xxxxxx.org
         * SPN found :HOST/KIZO
         * SPN found :HOST/KIZO.xxxxxx.org/ABYSSINIAN
         * SPN found :GC/KIZO.xxxxxx.org/xxxxxx.org
         ......................... KIZO passed test MachineAccount
      Starting test: Services
         * Checking Service: Dnscache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: RpcSs
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... KIZO passed test Services
      Starting test: OutboundSecureChannels
         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... KIZO passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         KIZO is in domain DC=adcorp,DC=org
         Checking for CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=org in domain DC=adcorp,DC=org on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=KIZO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org in domain CN=Configuration,DC=adcorp,DC=org on 1 servers
            Object is up-to-date on all servers.
         ......................... KIZO passed test ObjectsReplicated
      Starting test: frssysvol
         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... KIZO passed test frssysvol
      Starting test: frsevent
         * The File Replication Service Event log test
         There are warning or error events within the last 24 hours after the

         SYSVOL has been shared.  Failing SYSVOL replication problems may cause

         Group Policy problems.
         An Warning Event occured.  EventID: 0x800034C4
            Time Generated: 12/09/2013   18:00:41
            (Event String could not be retrieved)
         ......................... KIZO failed test frsevent
      Starting test: kccevent
         * The KCC Event log test
         Found no KCC errors in Directory Service Event log in the last 15 minutes.
         ......................... KIZO passed test kccevent
      Starting test: systemlog
         * The System Event log test
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:36:51
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:37:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:37:11
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0x00000457
            Time Generated: 12/10/2013   09:38:21
            (Event String could not be retrieved)
         ......................... KIZO failed test systemlog
      Starting test: VerifyReplicas
         ......................... KIZO passed test VerifyReplicas
      Starting test: VerifyReferences
         The system object reference (serverReference)

         CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=org and backlink on

         CN=KIZO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcorp,DC=org

         and backlink on CN=KIZO,OU=Domain Controllers,DC=adcorp,DC=org are

         correct.
         The system object reference (serverReferenceBL)

         CN=KIZO,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=adcorp,DC=org

         and backlink on

         CN=NTDS Settings,CN=KIZO,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=adcorp,DC=org

         are correct.
         ......................... KIZO passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... KIZO passed test VerifyEnterpriseReferences
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : adcorp
      Starting test: CrossRefValidation
         ......................... adcorp passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... adcorp passed test CheckSDRefDom
   
   Running enterprise tests on : xxxxxx.org
      Starting test: Intersite
         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... xxxxxx.org passed test Intersite
      Starting test: FsmoCheck
         GC Name: \\KIZO.xxxxxx.org
         Locator Flags: 0xe00001fc
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Time Server Name: \\KIZO.xxxxxx.org
         Locator Flags: 0xe00001fc
         Preferred Time Server Name: \\KIZO.xxxxxx.org
         Locator Flags: 0xe00001fc
         KDC Name: \\KIZO.xxxxxx.org
         Locator Flags: 0xe00001fc
         ......................... xxxxxx.org failed test FsmoCheck
Test not found. Please re-enter a valid test name.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
Ok you have many DNS errors here.

We need to review your DNS setup.

On the DC's they all are DNS servers?

The DNS server entry for each DNS server (DC) should be its ip address.
Then the secondary DNS records can be the other DNS server.

ipconfig /all from each DC post.

Can you ping each DC to DC using FQDN?
Can you ping from a workstation to each DC using FQDN?

Are the DNS servers running on the DC servers check the DNS event LOG
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:quaybj
Comment Utility
On the DC's they all are DNS servers?  yes

The DNS server entry for each DNS server (DC) should be its ip address.  correct.
Then the secondary DNS records can be the other DNS server.  correct

ipconfig /all from each DC post.
server 1:

C:\Documents and Settings\Administrator.xxxxxxx>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Jalani
   Primary Dns Suffix  . . . . . . . :xxxx.org
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxxx.org

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-14-22-1A-DC-30
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.1.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DNS Servers . . . . . . . . . . . : 192.168.1.10
                                       192.168.0.202

server 2

C:\Documents and Settings\Administrator.xxxxxxxx>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : KIZO
   Primary Dns Suffix  . . . . . . . : xxxx.org
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : xxxx.org

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-15-C5-5F-62-36
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.202
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.202
                                       192.168.1.10

>

Can you ping each DC to DC using FQDN?  yes
Can you ping from a workstation to each DC using FQDN? yes

Are the DNS servers running on the DC servers check the DNS event LOG .  Yes DNS server and client is running on both. No events except scavenging notices and one informational event on the DC.  8.8.8.8 is a forwarder. No events at all in the secondary server event log for DNS  :

The DNS server encountered an invalid domain name in a packet from 8.8.8.8. The packet will be rejected. The event data contains the DNS packet
0
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
Ok your setup looks good.

Are your DC's running a firewall?

For exchange each DC must be a Global Catalog make sure they are.

Still thinking it is in your routers something went wrong.

Have you had time to check with the routers?
0
 

Author Comment

by:quaybj
Comment Utility
yes, they are running the windows firewall, what if i disable it?

each DC is a GC, just checked with ADSS under NTDS tab

Could the 8.8.8.8 forwarder be causing this ?
What about "the RPC server is unavailable errors" from jalani to kizo, lots of replication errors, and warnings about "jalani is the RID, PDC, IU, owner but not responding to LDAP bind"

dom't know exactly what to ask about the routers, do you have any guidance?  they feel it's the servers, of  course....
0
 
LVL 23

Expert Comment

by:Thomas Grassi
Comment Utility
Yes I would disable the Firewall on the DC's as a test.

Yes the 8.8.8.8 could be a problem can you remove those entries.

I think the errors will go away if we make these changes.
0
 

Author Comment

by:quaybj
Comment Utility
If i remove the 8.8.8.8 don't i need an forwarder from my ISP?  how will the DC know how to get out to the Internet, is that routing done on the edge (please excuse my non-knowledge of that area..)

Is stopping the firewall service enough?  The firewall is a domain policy, unfortunately.  I could just disable those sections and put them back later if necessary.
0
 
LVL 23

Accepted Solution

by:
Thomas Grassi earned 500 total points
Comment Utility
No your DC has the gateway pointing to your router and your router does all the work of getting to the internet.

Stopping the firewall should be first just as a test.

You can always re enable them
0
 

Author Closing Comment

by:quaybj
Comment Utility
Thanks for all your expertise, reading through all the logs, your batch file and assistance!
Stopping the firewall fixed the problem, don't know what the issue is, but i also removed the 8.8.8.8 from the forwarders.
quaybj
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Suggested Solutions

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now