?
Solved

dcdiag with c switch errors. Can they be ignored? is it sufficient to just run dcdiag without any switch

Posted on 2015-02-10
2
Medium Priority
?
1,379 Views
Last Modified: 2015-02-11
Hello,
I ran dcdiag with /c switch and I received so many more errors than with just dcdiag switch? WE promoted 2012 R2 DC. Please let me know about the errors and if they are critical:

from dcdiag with /c switch errors:

 Starting test: SystemLog

         An error event occurred.  EventID: 0x00000456

           

            Event String:

            The processing of Group Policy failed. Windows could not determine if the user and computer accounts are in the same forest. Ensure the user domain name matches the name of a trusted domain that resides in the same forest as the computer account.

         A warning event occurred.  EventID: 0x000727A5

       

            Event String:

            The WinRM service is not listening for WS-Management requests.


         An error event occurred.  EventID: 0x00002720

           

            Event String:

            The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


         An error event occurred.  EventID: 0x00002720

           

            Event String:

            The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


         An error event occurred.  EventID: 0x00002720


            Event String:

            The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


         An error event occurred.  EventID: 0x00002720


            Event String:

            The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


         A warning event occurred.  EventID: 0x00001796

       

            Event String:

            Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.


         An error event occurred.  EventID: 0x00002720

         

            Event String:

            The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID


         A warning event occurred.  EventID: 0x000003F6

           

            Event String:

            Name resolution for the name corp.domain.com timed out after none of the configured DNS servers responded.

         ......................... 2012DC-2 failed test SystemLog
Running enterprise tests on : frd.domain.com

      Starting test: DNS

         Test results for domain controllers:

           
            DC: 2012DC-2.corp.domain.com

            Domain: corp.domain.com

           

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.

                  Error: Both root hints and forwarders are not configured or

                  broken. Please make sure at least one of them works.

                 
               TEST: Records registration (RReg)
                  Network Adapter [00000010] vmxnet3 Ethernet Adapter:

                     Warning:
                     Missing CNAME record at DNS server 10.10.10.5:
                     6d793bee-d510-412b-93c4-bc2d2f90a527._msdcs.frd.domain.com
                     
                     Warning:
                     Missing A record at DNS server 10.10.10.5:
                     2012DC-2.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.2fd61d41-ba73-43b0-9b37-4117fde765bf.domains._msdcs.frd.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kerberos._tcp.dc._msdcs.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.dc._msdcs.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kerberos._tcp.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kerberos._udp.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kpasswd._tcp.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.NYC._sites.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kerberos._tcp.NYC._sites.dc._msdcs.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.NYC._sites.dc._msdcs.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _kerberos._tcp.NYC._sites.corp.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.gc._msdcs.frd.domain.com
                     
                     Warning:
                     Missing A record at DNS server 10.10.10.5:
                     gc._msdcs.frd.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _gc._tcp.NYC._sites.frd.domain.com
                     
                     Error:
                     Missing SRV record at DNS server 10.10.10.5:
                     _ldap._tcp.NYC._sites.gc._msdcs.frd.domain.com
                     
               Error: Record registrations cannot be found for all the network

               adapters

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 10.16.20.21 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 10.16.20.21
               
            DNS server: 2001:7fe::53 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:7fe::53
               
            DNS server: 2001:dc3::35 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:dc3::35
               
            DNS server: 202.12.27.33 (m.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 202.12.27.33
               
            DNS server: 10.17.20.102 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 10.17.20.102
               
            DNS server: 10.18.20.10 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 10.18.20.10
               
            DNS server: 10.18.20.11 (<name unavailable>)

               1 test failure on this DNS server

               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 10.18.20.11
               
            DNS server: 128.63.2.53 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 128.63.2.53
               
            DNS server: 128.8.10.90 (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 128.8.10.90
               
            DNS server: 128.9.0.107 (b.root-domain.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 128.9.0.107
               
            DNS server: 192.112.36.4 (g.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.112.36.4
               
            DNS server: 192.203.230.10 (e.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.203.230.10
               
            DNS server: 192.228.79.201 (b.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.228.79.201
               
            DNS server: 192.33.4.12 (c.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.33.4.12
               
            DNS server: 192.36.148.17 (i.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.36.148.17
               
            DNS server: 192.5.5.241 (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.5.5.241
               
            DNS server: 192.58.128.5 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.5               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 192.58.128.5
               
            DNS server: 193.0.14.129 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 193.0.14.129
               
            DNS server: 198.32.64.12 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 198.32.64.12
               
            DNS server: 198.41.0.4 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 198.41.0.4
               
            DNS server: 199.7.83.42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 199.7.83.42
               
            DNS server: 199.7.91.13 (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 199.7.91.13
               
            DNS server: 2001:500:1::803f:235 (h.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:1::803f:235
               
            DNS server: 2001:500:2::c (c.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2::c               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:2::c
               
            DNS server: 2001:500:2d::d (d.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:2d::d
               
            DNS server: 2001:500:2f::f (f.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:2f::f
               
            DNS server: 2001:500:3::42 (l.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:3::42
               
            DNS server: 2001:500:84::b (b.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:84::b               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:500:84::b
               
            DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:503:ba3e::2:30
               
            DNS server: 2001:503:c27::2:30 (j.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:c27::2:30               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:503:c27::2:30
               
            DNS server: 2001:7fd::1 (k.root-servers.net.)

               1 test failure on this DNS server

               PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1               Name resolution is not functional. _ldap._tcp.frd.domain.com. failed on the DNS server 2001:7fd::1
               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: corp.domain.com

               2012DC-2                PASS PASS FAIL PASS PASS FAIL n/a  
         
         ......................... frd.domain.com failed test DNS

      Starting test: LocatorCheck

         ......................... frd.domain.com passed test LocatorCheck

      Starting test: FsmoCheck

         ......................... frd.domain.com passed test FsmoCheck

      Starting test: Intersite

         ......................... frd.domain.com passed test Intersite
0
Comment
Question by:creative555
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40602629
It seems that dns forwarders are not working

Also there might be having DC stale records left after unsuccessful demotion

U need to cleanup active directory

run dcdiag /v for all error reports

Ensure below
NS records of all domain controllers are correct
Host(A) \ PTR records of all domain controllers are correct
CNAME records of all domain controllers are able to ping correct DC servers
Correct DNS forwarders are defined to resolve internet name resolution
Do metadata cleanup for any stale Domain controllers left in AD configuration and domain controllers OU
http://www.petri.com/delete_failed_dcs_from_ad.htm
https://technet.microsoft.com/en-us/library/cc816907(v=ws.10).aspx

Once that done, on all domain controllers one by one take below steps
navigate to C:\windows\system32\config and rename netlogon.dns to netlogon.dnsold and then restart Netlogon service

After that again run dcdiag /v to identify errors
U can ignore eventlog test
0
 

Author Closing Comment

by:creative555
ID: 40603836
GReat answer!! thanks
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question