Server 2008 (NOT R2) Issues

So recently our outsource IT company tried to install RRAS on our DC and it would seem that something went wrong... very wrong.
This happened last week some time and the day after the were all sorts of issues on the DC, and if you were wondering, the DC was running 100% before they got their hands on it. I had to remove RRAS as the server was inaccessible.
Some of the symptoms we are experiencing:
Server is extremely slow, wasn't an issue before.
Sysvol and Netlogon are not accessible so XP (yes I know..) workstations aren't able to make use of logon scripts

And then there's a whole lot of fun error events... Not sure where to start to get this issue resolved.

Some of the errors:

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2015/06/23 11:38:11
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:38:11.000Z" />
    <EventRecordID>896343</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">{8BC3F05E-D86B-11D0-A075-00C04FB68820}</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-WinRM
Date:          2015/06/23 11:35:29
Event ID:      10154
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
The WinRM service failed to create the following SPNs: WSMAN/PDC.domain.com; WSMAN/PDC.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
    <EventID Qualifiers="7">10154</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:35:29.000Z" />
    <EventRecordID>896339</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="spn1">WSMAN/PDC.domain.com</Data>
    <Data Name="spn2">WSMAN/PDC</Data>
    <Data Name="error">8344</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2015/06/23 11:35:24
Event ID:      10005
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
DCOM got error "230" attempting to start the service BITS with arguments "" in order to run the server:
{4991D34B-80A1-4291-83B6-3328366B9097}
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10005</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:35:24.000Z" />
    <EventRecordID>896337</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">230</Data>
    <Data Name="param2">BITS</Data>
    <Data Name="param3">
    </Data>
    <Data Name="param4">{4991D34B-80A1-4291-83B6-3328366B9097}</Data>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2015/06/23 11:35:18
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
The server {DD522ACC-F821-461A-A407-50B198B896DC} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:35:18.000Z" />
    <EventRecordID>896336</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">{DD522ACC-F821-461A-A407-50B198B896DC}</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Application Error
Date:          2015/06/23 11:33:25
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
Faulting application svchost.exe_RemoteAccess, version 6.0.6001.18000, time stamp 0x47919291, faulting module mprdim.dll, version 6.0.6001.18000, time stamp 0x4791ad32, exception code 0xc0000005, fault offset 0x000000000000e352, process id 0x248, application start time 0x01d0ad975db964d6.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:33:25.000Z" />
    <EventRecordID>69921</EventRecordID>
    <Channel>Application</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>svchost.exe_RemoteAccess</Data>
    <Data>6.0.6001.18000</Data>
    <Data>47919291</Data>
    <Data>mprdim.dll</Data>
    <Data>6.0.6001.18000</Data>
    <Data>4791ad32</Data>
    <Data>c0000005</Data>
    <Data>000000000000e352</Data>
    <Data>248</Data>
    <Data>01d0ad975db964d6</Data>
  </EventData>
</Event>

Log Name:      System
Source:        RemoteAccess
Date:          2015/06/23 11:33:23
Event ID:      20103
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
Unable to load C:\Windows\System32\iprtrmgr.dll.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="RemoteAccess" />
    <EventID Qualifiers="0">20103</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:33:23.000Z" />
    <EventRecordID>896254</EventRecordID>
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Windows\System32\iprtrmgr.dll</Data>
    <Binary>1F000000</Binary>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          2015/06/23 11:32:38
Event ID:      6006
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
The winlogon notification subscriber <GPClient> took 72 second(s) to handle the notification event (CreateSession).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6006</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:32:38.000Z" />
    <EventRecordID>69892</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>GPClient</Data>
    <Data>72</Data>
    <Data>CreateSession</Data>
    <Binary>04000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-WinRM
Date:          2015/06/23 11:28:39
Event ID:      10149
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.com
Description:
The WinRM service is not listening for WS-Management requests.

 User Action
 If you did not intentionally stop the service, use the following command to see the WinRM configuration:

 winrm enumerate winrm/config/listener
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
    <EventID Qualifiers="7">10149</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-23T09:28:39.000Z" />
    <EventRecordID>896207</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.com</Computer>
    <Security />
  </System>
  <EventData Name="Stopped Listening">
  </EventData>
</Event>
LVL 1
DJMohrAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
hi!

please run dcdiag command on the dc and post output to me.

how many domain controllers? operating system levels? physical or virtuals? what version of AD are you running 2003, 2008, 2008R2, 2012 or 2012R2.

thanks.

firstly it is wrong to assume RRAS being installed did this. RRAS has nothing to do with netlogon dir for a start.

M
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
ill make it a bit easier for you, paste me only the errors from dcdiag command. thanks.

and run it on all domain controllers too pls.
DJMohrAuthor Commented:
Just have one DC, Domain Level is 2008, it's a physical box

dcdiag below:

C:\Users\Administrator.PDC>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = PDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Advertising
         ......................... PDC passed test Advertising
      Starting test: FrsEvent
         ......................... PDC passed test FrsEvent
      Starting test: DFSREvent
         ......................... PDC passed test DFSREvent
      Starting test: SysVolCheck
         ......................... PDC passed test SysVolCheck
      Starting test: KccEvent
         ......................... PDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... PDC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         Unable to connect to the NETLOGON share! (\\PDC\netlogon)
         [PDC] An net use or LsaPolicy operation failed with error 67,
         Win32 Error 67.
         ......................... PDC failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... PDC passed test Replications
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: Services
         ......................... PDC passed test Services
      Starting test: SystemLog
         ......................... PDC passed test SystemLog
      Starting test: VerifyReferences
         ......................... PDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.com
      Starting test: LocatorCheck
         ......................... domain.com passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.com passed test Intersite
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
is this an sbs box?

what happens if you try access \\localhost\netlogon from the dc? can you access the files?

can you please run the following command and reboot afterwards, DCDIAG /FIXALL

once youve rebooted please check all automatic services are started.

and report back on the issue. :o
DJMohrAuthor Commented:
nope, this is standard, \\localhost\netlogon doesn't display any files.
Will run the command this evening and report back
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
you can even do a service check in the day , cool waiting to hear from you.

at first glance i think this is a service crashed or something tbh.
DJMohrAuthor Commented:
Just had a look, all the services are running, well all the services that are set to start Automatically.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
good, i still would like the command and reboot for now anyway. services can be crashed when running, id also like them all restarted too which is why i asked a reboot will accomplish that.

can we try access netlogon again?

I gave you the wrong command it should be \\ip\netlogon or \\hostname\netlogon also try \\fqdn\netlogon

can you also turn off windows firewall and try again? do not disable the service please, just turn off windows firewall from within CP.

ta
DJMohrAuthor Commented:
\\ip\netlogon, \\hostname\netlogon, \\fqdn\netlogon none of these produce any results even with the firewall turned off

will run the command in about 15min
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
leave the firewall turned off, try running the dcdiag now see if the error is gone.

what is the ipconfig /all of the machine? it should be pointing to itself and itself only for DNS.
DJMohrAuthor Commented:
same results, and yes it's pointing to itself for DNS
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
we can also try restarting the netlogon service and running dcdiag again, failing that id like that command run so just let me know. ill watch out for this one.
DJMohrAuthor Commented:
Ok, so the dcdiag \fix was run, the server was rebooted, when I log in there was a quick error about some server, didn't have chance to see what it was, but other than that when I logged in it looked like the server had lost it's User Profile, desktop was rearranged, not desktop icons, had to restart the server to get it working again.
DJMohrAuthor Commented:
This is the error that came up when logging in

Profile error
From what I can see all Automatic Services have started except .Net Framework Services.
Group Policies as fail to load, so just adds to the errors popping up on this DC
DJMohrAuthor Commented:
The server's performance is also extremely poor, very sluggish, opening anything results in it hanging for a couple of minutes.
DJMohrAuthor Commented:
I am considering doing a restore to before the outsourced company got their hands on this server...
DJMohrAuthor Commented:
Another issue popping up now is this:

Logon Error
This doesn't go away unless on shutdown the server.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
This is a DC and a Terminal server? that isnt good.

Can you tell me what the specs of the server are in more detail.

Operating System: Full Version
Physical or Virtual: if physical make and model please
Ram:
Storage:

Can we run a full windows update on this server too please.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
I am considering doing a restore to before the outsourced company got their hands on this server.

keep calm, I can even dial in remotely and take a look at this for you if you wanted.

no need to do anything hasty, if things get really bad contact Microsoft Support directly.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Also regarding the performance of the server while its going slow post up a picture of task manager processes, performance and resource monitor

processes sorted by ram or cpu high to low, whichever is in high use.

also post up any recent criticals, errors or warnings from the system log.
DJMohrAuthor Commented:
Thing is Terminal Server isn't installed on the server, this Server is dedicated for AD, DNS and DHCP, that's all it's there for.

Full server spec:

Windows Server 2008 Standard (x64) Service Pack 2 (build 6002)
2.53 gigahertz Intel Xeon X3440
Intel S3420GP Main Board
8GB RAM
2x 500GB (RAID 1)

At this point I can only open Event Viewer, nothing else seems to want to open, not even Explorer.
As for updates, if I remember correctly the last batch was last week, can't confirm though as Control Panel won't open.

According to Task Manager there's not much going on:

TM1
TM2
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
try and boot it up into safe mode with networking, check the events and run a scan with mcafee stinger just to be sure.

is this hp or dell? whichever vendor please run there diagnostics.

very strange your grinding to a halt with a performance graph like that.
DJMohrAuthor Commented:
This is an Intel server, will see if they have any diags available.

As for the safe mode boot, will have to do that this evening.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
can you post up resource monitor? a picture of this please.

something is hammering this server or its got a virus. or a disk failure. I actually think you need to do something about it right away as this is raid1 if you have a failure it is very critical.

Never heard of an 'intel server' of course that maybe thats because i just have not seen one!
The reason I asked was so you could check the raid manager and raid card for errors faults.
DJMohrAuthor Commented:
I'm starting to think there's disk failure, though the server's RAID controller hasn't made a beep to indicate so.

RM
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
i think you need to check the raid manager, check it in the operating system if there is one there or check it on bootup otherwise.

I personally would take the server down as this is an urgent issue.

While your at it get into safe mode too.
DJMohrAuthor Commented:
Oh, I just say Intel Server as it's not a branded server, I spec'ed the server and it contains only Intel componets and Intel tested memory.

I'll shut the server down in a few, will need to go into the RAID controller BIOS see if anything is amiss there, the RAID Manager within Windows doesn't load...
DJMohrAuthor Commented:
The raid is healthy and online.
booting in safe mode... the server's performance was 100% better obviously, event viewer looked better apart from the services complaining about safe mode, had to bring it back online though as my users are about to take my head off, it's the only DC we have.
Booting normally just presents the same issues as before, server is deadly slow, Admin profile isn't loading, but it did in safe mode.
Clearly something is loading up causing this.
DJMohrAuthor Commented:
Some of the errors popping up.

Log Name:      System
Source:        Microsoft-Windows-WinRM
Date:          2015/06/24 12:26:01 PM
Event ID:      10154
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The WinRM service failed to create the following SPNs: WSMAN/PDC.domain.local; WSMAN/PDC.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
    <EventID Qualifiers="7">10154</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T10:26:01.000Z" />
    <EventRecordID>897017</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="spn1">WSMAN/PDC.domain.local</Data>
    <Data Name="spn2">WSMAN/PDC</Data>
    <Data Name="error">8344</Data>
  </EventData>
</Event>

Seem to get this error regardless if the server being shutdown/rebooted properly

Log Name:      DFS Replication
Source:        DFSR
Date:          2015/06/24 12:24:19 PM
Event ID:      2212
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The DFS Replication service has detected an unexpected shutdown on volume C:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process. The service will rebuild the database if it determines it cannot reliably recover. No user action is required.
 
Additional Information:
Volume: C:
GUID: 33B72A9D-4C2F-11E2-9946-806E6F6E6963
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="32768">2212</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T10:24:19.000Z" />
    <EventRecordID>4686</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>33B72A9D-4C2F-11E2-9946-806E6F6E6963</Data>
    <Data>C:</Data>
  </EventData>
</Event>

Then of course all the DCOM errors as well
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
yes , need to do a clean boot and troubleshoot from there, glad to hear the raid is healthy. https://technetfaqs.wordpress.com/2009/05/18/how-to-clean-boot-in-windows-2008-server/

Follow the above link to enable a clean boot, use this to troubleshoot which service or application is causing the issue.
Id also check the event log system for any driver errors or devices writing weird messages in there.

;) getting there.
DJMohrAuthor Commented:
followed the link, disabled everything not needed and this:

Sc
Doesn't make sense.

se
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
did it resolve the performance issue?
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
if so just reenable each non windows service and startup item to find out which one is causing the issue.

id start by removing all the avg entrys as AV can be quite a likely one.
DJMohrAuthor Commented:
no difference in performance, disabling those services seem to have made no difference.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
can you go to start run msconfig and remove all the non essential startup entrys pls and try again?

can we also remove RRAS from the server through server manager roles and features?

What is the remote access error in the event viewer you pasted above? give me the details of both the remote access errors above and below the service control manager entrys.
DJMohrAuthor Commented:
The msconfig currently has every disabled, RRAS was removed last week, that's when these errors started happening. Before the attempted RRAS installation by the outsourced company this server was running just fine.

Remote Access Error:

Log Name:      System
Source:        RemoteAccess
Date:          2015/06/24 01:08:58 PM
Event ID:      20103
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
Unable to load C:\Windows\System32\iprtrmgr.dll.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="RemoteAccess" />
    <EventID Qualifiers="0">20103</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:08:58.000Z" />
    <EventRecordID>897076</EventRecordID>
    <Channel>System</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Windows\System32\iprtrmgr.dll</Data>
    <Binary>1F000000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-WinRM
Date:          2015/06/24 01:09:02 PM
Event ID:      10154
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The WinRM service failed to create the following SPNs: WSMAN/PDC.domain.local; WSMAN/PDC.

 Additional Data
 The error received was 8344: %%8344.

 User Action
 The SPNs can be created by an administrator using setspn.exe utility.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WinRM" Guid="{A7975C8F-AC13-49F1-87DA-5A984A4AB417}" EventSourceName="WinRM" />
    <EventID Qualifiers="7">10154</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:09:02.000Z" />
    <EventRecordID>897182</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="spn1">WSMAN/PDC.domain.local</Data>
    <Data Name="spn2">WSMAN/PDC</Data>
    <Data Name="error">8344</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Microsoft-Windows-Winlogon
Date:          2015/06/24 01:14:50 PM
Event ID:      6003
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The winlogon notification subscriber <Profiles> was unavailable to handle a critical notification event.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Winlogon" Guid="{DBE9B383-7CF3-4331-91CC-A3CB16A3B538}" EventSourceName="Wlclntfy" />
    <EventID Qualifiers="32768">6003</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:14:50.000Z" />
    <EventRecordID>70435</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>Profiles</Data>
    <Binary>D9060000</Binary>
  </EventData>
</Event>

Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          2015/06/24 01:15:23 PM
Event ID:      10010
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The server {DD522ACC-F821-461A-A407-50B198B896DC} did not register with DCOM within the required timeout.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10010</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:15:23.000Z" />
    <EventRecordID>897186</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">{DD522ACC-F821-461A-A407-50B198B896DC}</Data>
  </EventData>
</Event>

Log Name:      Application
Source:        Application Error
Date:          2015/06/24 01:08:58 PM
Event ID:      1000
Task Category: (100)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
Faulting application svchost.exe_RemoteAccess, version 6.0.6001.18000, time stamp 0x47919291, faulting module mprdim.dll, version 6.0.6001.18000, time stamp 0x4791ad32, exception code 0xc0000005, fault offset 0x000000000000e352, process id 0xe9c, application start time 0x01d0ae6e077184a8.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Application Error" />
    <EventID Qualifiers="0">1000</EventID>
    <Level>2</Level>
    <Task>100</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:08:58.000Z" />
    <EventRecordID>70430</EventRecordID>
    <Channel>Application</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>svchost.exe_RemoteAccess</Data>
    <Data>6.0.6001.18000</Data>
    <Data>47919291</Data>
    <Data>mprdim.dll</Data>
    <Data>6.0.6001.18000</Data>
    <Data>4791ad32</Data>
    <Data>c0000005</Data>
    <Data>000000000000e352</Data>
    <Data>e9c</Data>
    <Data>01d0ae6e077184a8</Data>
  </EventData>
</Event>

Log Name:      DFS Replication
Source:        DFSR
Date:          2015/06/24 01:07:40 PM
Event ID:      2212
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      PDC.domain.local
Description:
The DFS Replication service has detected an unexpected shutdown on volume C:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process. The service will rebuild the database if it determines it cannot reliably recover. No user action is required.
 
Additional Information:
Volume: C:
GUID: 33B72A9D-4C2F-11E2-9946-806E6F6E6963
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="DFSR" />
    <EventID Qualifiers="32768">2212</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2015-06-24T11:07:40.000Z" />
    <EventRecordID>4695</EventRecordID>
    <Channel>DFS Replication</Channel>
    <Computer>PDC.domain.local</Computer>
    <Security />
  </System>
  <EventData>
    <Data>33B72A9D-4C2F-11E2-9946-806E6F6E6963</Data>
    <Data>C:</Data>
  </EventData>
</Event>
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Ok this is not looking good.

https://technet.microsoft.com/en-us/library/dd348681(v=ws.10).aspx

https://social.technet.microsoft.com/Forums/windowsserver/en-US/46ad981c-15f7-47e0-b301-e6410d231cce/rras-not-starting-event-id-20103-possible-solution?forum=winserverNIS

I would probably contact MS and log a support case, one of these errors is related to RRAS not starting.

One last thing to try, the service thats failing to start in the logs, stop and disable it and try again.
DJMohrAuthor Commented:
But the RRAS Role is not installed, how could it be causing issues if it's not installed?
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
https://support.microsoft.com/en-us/kb/299013

Thats why i suggested killing the service, especially as its not installed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DJMohrAuthor Commented:
Oh my hat, disable the Routing and Remote Access Service after reading over those links you sent and there is a light at the end of the tunnel...
Rebooted the server and boom, desktop back to normal and the server is a lot more responsive!

Just need to deal with these now:

EL
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
;) some say im a luckbox, nah i think i should be working for microsoft tbh ;).

just kidding.

glad to see that worked. just disable the service, dont worry about the other errors there.

this is a dc, run a dcdiag is it clear now? if so we are all good.
DJMohrAuthor Commented:
I think you should yes ;)

Sadly the dcdiag isn't clear...

C:\>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = PDC
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         ......................... PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Advertising
         ......................... PDC passed test Advertising
      Starting test: FrsEvent
         ......................... PDC passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the
         SYSVOL has been shared.  Failing SYSVOL replication problems may cause
         Group Policy problems.
         ......................... PDC failed test DFSREvent
      Starting test: SysVolCheck
         ......................... PDC passed test SysVolCheck
      Starting test: KccEvent
         An Warning Event occurred.  EventID: 0x80000B46
            Time Generated: 06/24/2015   15:17:36
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = Directory Service) could not be
            retrieved, error 0x3afc)
         ......................... PDC passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... PDC passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... PDC passed test MachineAccount
      Starting test: NCSecDesc
         ......................... PDC passed test NCSecDesc
      Starting test: NetLogons
         ......................... PDC passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... PDC passed test ObjectsReplicated
      Starting test: Replications
         ......................... PDC passed test Replications
      Starting test: RidManager
         ......................... PDC passed test RidManager
      Starting test: Services
         ......................... PDC passed test Services
      Starting test: SystemLog
         An Error Event occurred.  EventID: 0xC000271A
            Time Generated: 06/24/2015   15:02:56
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0x000727A5
            Time Generated: 06/24/2015   15:14:49
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0000007
            Time Generated: 06/24/2015   15:15:04
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0000007
            Time Generated: 06/24/2015   15:15:04
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0x80060005
            Time Generated: 06/24/2015   15:16:53
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0xA0050104
            Time Generated: 06/24/2015   15:16:55
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0xA004001B
            Time Generated: 06/24/2015   15:16:58
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0xA004001B
            Time Generated: 06/24/2015   15:17:04
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0x80001778
            Time Generated: 06/24/2015   15:17:29
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0000424
            Time Generated: 06/24/2015   15:18:19
            EvtFormatMessage failed, error 1815 Win32 Error 1815.
            (Event String (event log = System) could not be retrieved, error
            0x717)
         An Warning Event occurred.  EventID: 0x00002724
            Time Generated: 06/24/2015   15:18:39
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Error Event occurred.  EventID: 0xC0001B58
            Time Generated: 06/24/2015   15:18:53
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0x80000434
            Time Generated: 06/24/2015   15:19:55
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         An Warning Event occurred.  EventID: 0x000727AA
            Time Generated: 06/24/2015   15:20:51
            EvtFormatMessage failed, error 15100 Win32 Error 15100.
            (Event String (event log = System) could not be retrieved, error
            0x3afc)
         ......................... PDC failed test SystemLog
      Starting test: VerifyReferences
         ......................... PDC passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : domain
      Starting test: CheckSDRefDom
         ......................... domain passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... domain passed test CrossRefValidation

   Running enterprise tests on : domain.local
      Starting test: LocatorCheck
         ......................... domain.local passed test LocatorCheck
      Starting test: Intersite
         ......................... domain.local passed test Intersite
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
i see the netlogon failure is not occurring anymore. this is what i was looking for can you confirm this ? earlier in the thread netlogon test was failing. thats what was causing this issue i think well RRAS running amuck in the middle of there somewhere.

Can you also verify netlogon and sysvol are now working?

I would also recommend running all available windows updates after a backup is done of the server.

I would also recommend not to worry about these errros in the dcdiag, we have just been doing major work on the server I see nothing there to worry me too much.
DJMohrAuthor Commented:
Oh never mind, I cleared the event logs and reran dcdiag and it came back clean
DJMohrAuthor Commented:
sysvol and netlogon are present and accessible, however, i can't use \\srvname I need to use \\server ip
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
try access them by \\fqdn\netlogon or \\addomainname\netlogon
DJMohrAuthor Commented:
\\fqdn works
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
ok what about \\addomainname

well if fqdn is working , and short dns name is not that is a dns issue.

presuming this is the dns server the servers ipconfig should be pointing to its own lan ip, no external dns servers in here.

can you confirm this is the case? if you have to change it do an ipconfig /flushdns and an ipconfig /renewdns

so the ipconfig /all of this server should be like.
ip address: servers lan ip
primary dns: servers lan ip
secondary dns: none or another active directory dns server
DJMohrAuthor Commented:
the server is looking at itself for DNS, no secondary DNS is configured, ran /flushdns and /registerdns but no change, what's weird is that I can ping the short name and nslookup, forward and reverse works just fine.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
can you run netdiag command and see if anything is failing? its same deal as dcdiag
DJMohrAuthor Commented:
Mark, you saved me a lot of pain and quite possibly a lot of cracking some heads open.

For the most part and for what this post was started for the errors have been resolved, have some replication problems to deal with now, so will probably have to start a new post.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
no problem. run the netdiag and start a new one.

i recommend to get all of your updates on there once you have new backups and good backups.
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
And what I will add is ive worked for outsource providers in the past.
I would absolutely shit can them for this now that weve seen the end result.
They had physical access to this box or remote and did not diagnose or could not resolve the issue.

Also installing RRAS is not an acceptable remote access solution now adays, id recomend a sonicwall doing VPN at the firewall level or a Watchguard again doing VPN at the firewall level, or preferably if you have a bit of cash put a Sonicwall SSL VPN in behind your firewall and nat it from the outside.
DJMohrAuthor Commented:
DNS test below

C:\>dcdiag /test:dns /v

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine PDC, is a Directory Server.
   Home Server = PDC
   * Connecting to directory service on server PDC.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=za,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=za
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=za,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=PDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=za
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CSM-DC02,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=za
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   * Found 2 DC(s). Testing 1 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\PDC
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... PDC passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\PDC
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         See DNS test in enterprise tests section for results
         ......................... PDC passed test DNS

   Running partition tests on : ForestDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : DomainDnsZones
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Schema
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : Configuration
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running partition tests on : domain
      Test omitted by user request: CheckSDRefDom
      Test omitted by user request: CrossRefValidation

   Running enterprise tests on : domain.za
      Starting test: DNS
         Test results for domain controllers:

            DC: PDC.domain.za
            Domain: domain.za


               TEST: Authentication (Auth)
                  Authentication test: Successfully completed

               TEST: Basic (Basc)
                  Microsoftr Windows Serverr 2008 Standard  (Service Pack level: 2.0)
                   is supported
                  NETLOGON service is running
                  kdc service is running
                  DNSCACHE service is running
                  DNS service is running
                  DC is a DNS server
                  Network adapters information:
                  Adapter
                  [00000006] Intel(R) 82574L Gigabit Network Connection:
                     MAC address is 00:15:17:ED:4C:C8
                     IP Address is static
                     IP address: 192.168.16.253
                     DNS servers:
                        192.168.16.253 (pdc.domain.za.) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found

               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     192.168.16.1 (<name unavailable>) [Invalid (unreachable)]
                     Error: Forwarders list has invalid forwarder: 192.168.16.1(<name unavailable>)
                     8.8.8.8 (<name unavailable>) [Valid]

               TEST: Delegations (Del)
                  Delegation information for the zone: domain.za.
                     Delegated domain name: _msdcs.domain.za.
                        DNS server: pdc.domain.za. IP:192.168.16.253 [Valid]

               TEST: Dynamic update (Dyn)
                  Test record _dcdiag_test_record added successfully in zone domain.za
                  Test record _dcdiag_test_record deleted successfully in zone domain.za

               TEST: Records registration (RReg)
                  Network Adapter
                  [00000006] Intel(R) 82574L Gigabit Network Connection:
                     Matching CNAME record found at DNS server 192.168.16.253:
                     1ed227de-7dcc-4440-a6a0-f9749d13b58e._msdcs.domain.za

                     Matching A record found at DNS server 192.168.16.253:
                     PDC.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.b3a3126b-7b07-4ad5-93f3-3fcba27dc6bb.domains._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kerberos._tcp.dc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.dc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kerberos._tcp.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kerberos._udp.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kpasswd._tcp.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.Default-First-Site-Name._sites.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _kerberos._tcp.Default-First-Site-Name._sites.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.gc._msdcs.domain.za

                     Matching A record found at DNS server 192.168.16.253:
                     gc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _gc._tcp.Default-First-Site-Name._sites.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.za

                     Matching  SRV record found at DNS server 192.168.16.253:
                     _ldap._tcp.pdc._msdcs.domain.za


         Summary of test results for DNS servers used by the above domain
         controllers:

            DNS server: 192.168.16.1 (<name unavailable>)
               1 test failure on this DNS server
               PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.16.1              
        [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]

            DNS server: 192.168.16.253 (PDC.domain.za.)
               All tests passed on this DNS server
               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.domain.za. is operational on IP 192.168.16.253


            DNS server: 8.8.8.8 (<name unavailable>)
               All tests passed on this DNS server

         Summary of DNS test results:

                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: domain.za
               PDC                       PASS PASS FAIL PASS PASS PASS n/a

         ......................... domain.za failed test DNS
      Test omitted by user request: LocatorCheck
      Test omitted by user request: Intersite
DJMohrAuthor Commented:
Ha, funny you should mention that, we have been in the process of replacing all our firewalls at all our branches with Fortigate units and we requested that they setup client VPN access to our HQ but they made an excuse saying that the client VPN traffic would cause too much congestion on the data and voice VPNs between the branches and said the RRAS was a better solution, at this point I told them they are talking crap and said that I didn't want RRAS on any of my servers, but clearly they thought they knew better...
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
They sound like absolute cowboys, alot of small MSP's are. I will tell you whats going on here.
They have a set way of doing things which they are trying to force through onto there customer base.

Absolute rubbish this is, there reasoning, who in the name of hell does VPN at a windows server level that knows anything about IT these days. The only acceptable reason for this for me is a customer using an ISP router and no firewall and is simply refusing to spend any money, even then id push them onto a TZ100. I dont use Fortigate im sure they are fine though.

regarding that dns test, open up a thread ill watch out for it.
DJMohrAuthor Commented:
Yea, I can't remember the last time I used RRAS, last on 2000 server maybe.

Just hope these guys didn't sell us crap with these Fortigates.

On the DNS side, I cleared event logs and ran it again and all tests passed, dcdiag also comes out clean.

This whole balls up started with the migration to 2012 R2, that's when I noticed something was really amiss. After sorting the RRAS out I was able to promote the 2012 R2 to DC. I'll give both servers some time, see if any errors pop up then open another thread.
DJMohrAuthor Commented:
Thanks again Mark, your willingness to see this through to the end was awesome!
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Its actually an absolute disgrace this situation, that a customer is resolving an MSP's fuck up.

really really bad, they should be loosing a customer here.
DJMohrAuthor Commented:
Yea I hear ya, put it this way, we won't be asking them for anything soon.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.