asked on

For no apparant reason today, cannot log into domain console & users cannot access domain

I have a primary and secondary DC on Windows Server 2008. Users called this morning could not access domain resources. After I arrived I could not log in as Administrator even to the console of either controller. Had to hard power off BOTH machines! I am seeing a lot of messages in event viewer pertaining to GP (Event ID 1006) and KDC (Event ID 29) but that is all. Could this have anything to do with the leap second?

Emmanuel Adebayo

Are these errors on the client workstation?.

After hard power off both DCs were you able to log on.?

Not sure if this is related to leap second.

Check the local host files on both servers to see if you will see any entries apart from the normal ones that were commented out.

regards

Kirk Miller

ASKER

After I hard powered both servers I was able to get logged in as well as workstations. You are referring to the host file located at C:\Windows\System32\drivers\etc, correct? If so, there are no entries entered, just the normal commented out examples...no entries. The primary DC runs DNS server service though. What other even id entries may indicate problem this morning?

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mark Bill

run this command on both dc lets pay particular attention to the primary though for now have both DC powered on when running these commands too please

Kirk Miller

ASKER

Thanks Mark! Here are the DC Diagnostics Results:

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = dcod1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Connectivity
......................... DCOD1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Advertising
......................... DCOD1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DCOD1 passed test FrsEvent
Starting test: DFSREvent
......................... DCOD1 passed test DFSREvent
Starting test: SysVolCheck
......................... DCOD1 passed test SysVolCheck
Starting test: KccEvent
......................... DCOD1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DCOD1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DCOD1 passed test MachineAccount
Starting test: NCSecDesc
......................... DCOD1 passed test NCSecDesc
Starting test: NetLogons
......................... DCOD1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DCOD1 passed test ObjectsReplicated
Starting test: Replications
......................... DCOD1 passed test Replications
Starting test: RidManager
......................... DCOD1 passed test RidManager
Starting test: Services
......................... DCOD1 passed test Services
Starting test: SystemLog
......................... DCOD1 passed test SystemLog
Starting test: VerifyReferences
......................... DCOD1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq
Starting test: CheckSDRefDom
......................... ciscoeq passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com
Starting test: LocatorCheck
......................... ciscoeq.com passed test LocatorCheck
Starting test: Intersite
......................... ciscoeq.com passed test Intersite

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

This is the DC Diag for the secondary:

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = dcod2

* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Connectivity

......................... DCOD2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Advertising

Warning: DCOD2 is not advertising as a time server.

......................... DCOD2 failed test Advertising

Starting test: FrsEvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... DCOD2 passed test FrsEvent

Starting test: DFSREvent

......................... DCOD2 passed test DFSREvent

Starting test: SysVolCheck

......................... DCOD2 passed test SysVolCheck

Starting test: KccEvent

......................... DCOD2 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DCOD2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DCOD2 passed test MachineAccount

Starting test: NCSecDesc

......................... DCOD2 passed test NCSecDesc

Starting test: NetLogons

......................... DCOD2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DCOD2 passed test ObjectsReplicated

Starting test: Replications

......................... DCOD2 passed test Replications

Starting test: RidManager

......................... DCOD2 passed test RidManager

Starting test: Services

......................... DCOD2 passed test Services

Starting test: SystemLog

......................... DCOD2 passed test SystemLog

Starting test: VerifyReferences

......................... DCOD2 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq

Starting test: CheckSDRefDom

......................... ciscoeq passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com

Starting test: LocatorCheck

......................... ciscoeq.com passed test LocatorCheck

Starting test: Intersite

......................... ciscoeq.com passed test Intersite

Mark Bill

Is the time set correctly on both servers and the time service started on both servers?

what do you see in the event logs errors, warnings and criticals?

Kirk Miller

ASKER

Mark, The two controllers were off by about 2 minutes. I need a better understanding of the time service and advised configuration. I suppose them being off could be the cuplrit, correct? If so, do you recommend using the time service installed or a third party utility and how about for the workstations?

Kirk Miller

ASKER

Mark, I also just discovered that on the secondary machine the Time Service is set up as "manual" vs. "Automatic" on the primary machine!

Mark Bill

no we can set the time manually for now and then set the time service to use an external source once weve pinpointed the issue.

try this.

on DC1 set the time to the correct time. verify this in whatever locale your in.
on DC2 set the time to the correct time.
Restart the time service on DC1
Restart the time service on DC2

run dcdiag again
run netdiag command also

see where we are at, at this point.

Mark Bill

bingo, time service not started right? set it to automatic and start it.

Emmanuel Adebayo

AD automatically sets each DC to sync time with the master DC

I would suggest that you set your master DC to get the time source from time.windows.com
The workstation will by default use the DC as the time server.

Emmanuel Adebayo

Sorry, I'll leave Mark to go through this with you.

All the best

Mark Bill

hey op!

we can set the time service once we verify we are in better situation ;)

M

Kirk Miller

ASKER

Ok Mark. Thank You. I will follow your steps. One question though. Do I run netdiag from elevated command prompt with any parameters. When I attempt to simply type in netdiag I get a return that it is not a recognized command.

Kirk Miller

ASKER

C:\>netdiag
'netdiag' is not recognized as an internal or external command,
operable program or batch file.

C:\>

Mark Bill

hi we need to install the support tools for this operating system if it is returning this when you run netdiag

we can ignore this for now

is the dcdiag clean now on both servers?

are the workstations able to log on?

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

New DIAG Results:

DC1 -

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = dcod1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Connectivity
......................... DCOD1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Advertising
......................... DCOD1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... DCOD1 passed test FrsEvent
Starting test: DFSREvent
......................... DCOD1 passed test DFSREvent
Starting test: SysVolCheck
......................... DCOD1 passed test SysVolCheck
Starting test: KccEvent
......................... DCOD1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DCOD1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DCOD1 passed test MachineAccount
Starting test: NCSecDesc
......................... DCOD1 passed test NCSecDesc
Starting test: NetLogons
......................... DCOD1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DCOD1 passed test ObjectsReplicated
Starting test: Replications
......................... DCOD1 passed test Replications
Starting test: RidManager
......................... DCOD1 passed test RidManager
Starting test: Services
......................... DCOD1 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x0000000C
Time Generated: 07/01/2015 10:34:31
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x0000000C
Time Generated: 07/01/2015 10:44:25
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x0000000C
Time Generated: 07/01/2015 10:45:29
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
......................... DCOD1 passed test SystemLog
Starting test: VerifyReferences
......................... DCOD1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq
Starting test: CheckSDRefDom
......................... ciscoeq passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com
Starting test: LocatorCheck
......................... ciscoeq.com passed test LocatorCheck
Starting test: Intersite
......................... ciscoeq.com passed test Intersite

Kirk Miller

ASKER

DC2 -

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = dcod2

* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Connectivity

......................... DCOD2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Advertising

Warning: DCOD2 is not advertising as a time server.

......................... DCOD2 failed test Advertising

Starting test: FrsEvent

There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may cause

Group Policy problems.
......................... DCOD2 passed test FrsEvent

Starting test: DFSREvent

......................... DCOD2 passed test DFSREvent

Starting test: SysVolCheck

......................... DCOD2 passed test SysVolCheck

Starting test: KccEvent

......................... DCOD2 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DCOD2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DCOD2 passed test MachineAccount

Starting test: NCSecDesc

......................... DCOD2 passed test NCSecDesc

Starting test: NetLogons

......................... DCOD2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DCOD2 passed test ObjectsReplicated

Starting test: Replications

......................... DCOD2 passed test Replications

Starting test: RidManager

......................... DCOD2 passed test RidManager

Starting test: Services

......................... DCOD2 passed test Services

Starting test: SystemLog

A warning event occurred. EventID: 0x0000008E

Time Generated: 07/01/2015 10:23:16

Event String:

The time service has stopped advertising as a time source because the local clock is not synchronized.

A warning event occurred. EventID: 0x0000008E

Time Generated: 07/01/2015 10:26:16

Event String:

The time service has stopped advertising as a time source because the local clock is not synchronized.

......................... DCOD2 passed test SystemLog

Starting test: VerifyReferences

......................... DCOD2 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq

Starting test: CheckSDRefDom

......................... ciscoeq passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com

Starting test: LocatorCheck

......................... ciscoeq.com passed test LocatorCheck

Starting test: Intersite

......................... ciscoeq.com passed test Intersite

Kirk Miller

ASKER

Ok, so above are the new dcdiag results from both servers. Yes, my clients have been logged on for several hours now. Just trying to get this correct so doesn't happen again. That being said I did a GPUPDATE /F from my workstation and it changed the time which is off by a minute or two from the DC1.
What should I do next?

Kirk Miller

ASKER

From the command you suggested above "w32tm /query /source" on DC1 it shows the source is the Local CMOS Clock

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

The output for DC1 & DC2:

Local CMOS Clock

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mark Bill

sorry the second post above, i am pretty busy here got lost in that post, i specify the command to run in the end at the bottom of the post.

Kirk Miller

ASKER

Sorry Mark. I am a little lost with the posts. I appreciate your help. I am in the United States in the Central Time Zone, so it it 11:24AM here on 7/1/15. What should be the command I type in?

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

Thank You sir!
Did exactly as you specified and it states the command completed successfully, then the output is not as expected:

C:\Windows\system32>w32tm /config /manualpeerlist:0.pool.ntp.org,1.pool.ntp.org,
2.pool.ntp.org /syncfromflags:manual /reliable:yes /update
The command completed successfully.

C:\Windows\system32>w32tm /query /source
Local CMOS Clock

ASKER CERTIFIED SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

Thank You Mark. Here is everything you told me to do, which I did:

C:\>netdom /query fsmo
Schema master dcod1.ciscoeq.com
Domain naming master dcod1.ciscoeq.com
PDC dcod1.ciscoeq.com
RID pool manager dcod1.ciscoeq.com
Infrastructure master dcod1.ciscoeq.com
The command completed successfully.

C:\>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\>w32tm /config /syncfromflags:manual /manualpeerlist:"0.pool.ntp.org 1.pool.n
tp.org 2.pool.ntp.org"
The command completed successfully.

C:\>w32tm /config /reliable:yes
The command completed successfully.

C:\>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\>w32tm /query /source
1.pool.ntp.org

Mark Bill

no problems, sorry things are bit hectic for me with work right now.

What happens if you run the w32tm /query /source on dc02?

Kirk Miller

ASKER

Mark, No problem at all. I completely understand. I normally can figure these things out but this has been a bugger getting time syncing properly across the domain and workstations.

DC2:
Local CMOS Clock

P.S.
By the way, where in UK are you? I am traveling to UK for the first time next month. I should treat you to a pint for all that you have done helping me today!

SOLUTION

Mark Bill

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Kirk Miller

ASKER

Same result after running the above commands:

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\systems>w32tm /config /syncfromflags:domhier /update
The command completed successfully.

C:\Users\systems>w32tm /query /source
Local CMOS Clock

C:\Users\systems>

Mark Bill

im expecting the same result but pls try

on dc2
stop time service
w32tm /config /syncfromflags:domhier /update
start time service

and let me know. we cant be looking at cmos clocks because if the battery dies were in trouble.
the main problem here is sorted anyway the PDC.

add in another step here if we still have the problem on dc2
run this on dc2
w32tm /resync

Kirk Miller

ASKER

Understood. I ran the commands above and the problem is that it will not allow me to do the update with the time service stopped, only with it started. Should I try and configure the same way as dc1?

C:\>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\>w32tm /config /syncfromflags:domhier /update
The following error occurred: The service has not been started. (0x80070426)

C:\>net start w32time
The Windows Time service is starting.
The Windows Time service was started successfully.

C:\>w32tm /config /syncfromflags:domhier /update
The command completed successfully.

Mark Bill

and what does it look like now when we check the source?

Kirk Miller

ASKER

Sorry, forgot to post that. Same result:

C:\>w32tm /query /source
Local CMOS Clock

Mark Bill

Try these steps on DC2

1. Run command below on your DC3:
w32tm /config /syncfromflags:domhier /update
W32tm /resync /rediscover
Net stop w32time && net start w32time
2. If it does not work, reset the time service to default settings on your DC3:
net stop w32time
w32tm /unregister
w32tm /register
net start w32time

Kirk Miller

ASKER

Well my friend. I am calling it a night and a bad day of frustration. :) It tried the commands from above and get various errors with the same result, "Local CMOS clock". I am almost considering demoting this server as a dc2 and making another one but I am open to any other suggestions. I have also tried various other things. Here are the sad reults:

C:\Users\systems>w32tm /config /syncfromflags:domhier /update
The command completed successfully.

C:\Users\systems>W32tm /resync /rediscover
Sending resync command to local computer
The computer did not resync because no time data was available.

C:\Users\systems>Net stop w32time && net start w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

The Windows Time service is starting.
The Windows Time service was started successfully.

C:\Users\systems>w32tm /query /source
Local CMOS Clock

C:\Users\systems>net stop w32time
The Windows Time service is stopping.
The Windows Time service was stopped successfully.

C:\Users\systems>w32tm /unregister
The following error occurred: Access is denied. (0x80070005)

Mark Bill

unregistering may well fix it, can we log on as the administrator account and try it again ?

the account im talking about is part of enterprise admins group in active directory.

Kirk Miller

ASKER

Good morning Mark! I just tried again with success on dc2!

C:\Users\systems>w32tm /query /source
dcod1.ciscoeq.com

Mark Bill

nice one, now clear down the event logs, right click and save them somewhere, then run dcdiag on both of the dc with clear logs.

once it passes were all good here once your not experiencing any issues.

Kirk Miller

ASKER

Hello Mate! Sorry I have been out for our holiday. I am going to do as suggested and will let you know but I think all is working well now.
Also, I am a first time user to this forum so what do "Accept Multiple Solution" and "Accept as Solutions" used for/How do I mark your solution as fixed or rate you?

Kirk Miller

ASKER

Ok, after saving the event logs and clearing them here is dcdiag result for DC1 and no events recorded after running:

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = dcod1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Connectivity
......................... DCOD1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD1
Starting test: Advertising
......................... DCOD1 passed test Advertising
Starting test: FrsEvent
......................... DCOD1 passed test FrsEvent
Starting test: DFSREvent
......................... DCOD1 passed test DFSREvent
Starting test: SysVolCheck
......................... DCOD1 passed test SysVolCheck
Starting test: KccEvent
......................... DCOD1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... DCOD1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... DCOD1 passed test MachineAccount
Starting test: NCSecDesc
......................... DCOD1 passed test NCSecDesc
Starting test: NetLogons
......................... DCOD1 passed test NetLogons
Starting test: ObjectsReplicated
......................... DCOD1 passed test ObjectsReplicated
Starting test: Replications
......................... DCOD1 passed test Replications
Starting test: RidManager
......................... DCOD1 passed test RidManager
Starting test: Services
......................... DCOD1 passed test Services
Starting test: SystemLog
......................... DCOD1 failed test SystemLog
Starting test: VerifyReferences
......................... DCOD1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq
Starting test: CheckSDRefDom
......................... ciscoeq passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com
Starting test: LocatorCheck
......................... ciscoeq.com passed test LocatorCheck
Starting test: Intersite
......................... ciscoeq.com passed test Intersite

Kirk Miller

ASKER

And here is the result for DC2, also no errors in the event log:

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

Home Server = dcod2

* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Connectivity

......................... DCOD2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DCOD2

Starting test: Advertising

......................... DCOD2 passed test Advertising

Starting test: FrsEvent

......................... DCOD2 passed test FrsEvent

Starting test: DFSREvent

......................... DCOD2 passed test DFSREvent

Starting test: SysVolCheck

......................... DCOD2 passed test SysVolCheck

Starting test: KccEvent

......................... DCOD2 passed test KccEvent

Starting test: KnowsOfRoleHolders

......................... DCOD2 passed test KnowsOfRoleHolders

Starting test: MachineAccount

......................... DCOD2 passed test MachineAccount

Starting test: NCSecDesc

......................... DCOD2 passed test NCSecDesc

Starting test: NetLogons

......................... DCOD2 passed test NetLogons

Starting test: ObjectsReplicated

......................... DCOD2 passed test ObjectsReplicated

Starting test: Replications

......................... DCOD2 passed test Replications

Starting test: RidManager

......................... DCOD2 passed test RidManager

Starting test: Services

......................... DCOD2 passed test Services

Starting test: SystemLog

......................... DCOD2 passed test SystemLog

Starting test: VerifyReferences

......................... DCOD2 passed test VerifyReferences

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ForestDnsZones passed test

CrossRefValidation

Running partition tests on : DomainDnsZones

Starting test: CheckSDRefDom

......................... DomainDnsZones passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... DomainDnsZones passed test

CrossRefValidation

Running partition tests on : Schema

Starting test: CheckSDRefDom

......................... Schema passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration

Starting test: CheckSDRefDom

......................... Configuration passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... Configuration passed test CrossRefValidation

Running partition tests on : ciscoeq

Starting test: CheckSDRefDom

......................... ciscoeq passed test CheckSDRefDom

Starting test: CrossRefValidation

......................... ciscoeq passed test CrossRefValidation

Running enterprise tests on : ciscoeq.com

Starting test: LocatorCheck

......................... ciscoeq.com passed test LocatorCheck

Starting test: Intersite

......................... ciscoeq.com passed test Intersite

For no apparant reason today, cannot log into domain console &amp; users cannot access domain

For no apparant reason today, cannot log into domain console & users cannot access domain