st3v32k2
asked on
No Replication Between 2 AD servers
Just got a new client with a messed up situation...
Server 1 "SERVER1"= Windows 2008 running Active Directory, DNS, DHCP (although clients have static IP's).
Server 2 "SERVER2" = Windows 2008 running AD, DNS, DHCP
SERVER1 is the Master. Both are on the same subnet.
When I run repadmin /showrepl on either I get a whole whack of messages like this:
DC=domain,DC=local
Default-First-Site-Name\SE RVER1 via RPC
DSA object GUID: 66b6cd8b-a7c5-4079-989f-c8 5c898b9604
Last attempt @ 2015-09-03 21:10:00 failed, result 8614 (0x21a6): The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. 7213 consecutive failure(s). Last success @ 2014-12-08 10:39:41
So it has been over 9 months since these two server spoke to each other.
SERVER1 is getting a bunch of Event ID 2042 and Event ID 2092. One cause could be lingering objects in ADUC, how could I verify this?
What other causes/troubleshooting steps could reestablish replication between the servers?
Server 1 "SERVER1"= Windows 2008 running Active Directory, DNS, DHCP (although clients have static IP's).
Server 2 "SERVER2" = Windows 2008 running AD, DNS, DHCP
SERVER1 is the Master. Both are on the same subnet.
When I run repadmin /showrepl on either I get a whole whack of messages like this:
DC=domain,DC=local
Default-First-Site-Name\SE
DSA object GUID: 66b6cd8b-a7c5-4079-989f-c8
Last attempt @ 2015-09-03 21:10:00 failed, result 8614 (0x21a6): The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. 7213 consecutive failure(s). Last success @ 2014-12-08 10:39:41
So it has been over 9 months since these two server spoke to each other.
SERVER1 is getting a bunch of Event ID 2042 and Event ID 2092. One cause could be lingering objects in ADUC, how could I verify this?
What other causes/troubleshooting steps could reestablish replication between the servers?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does server2 confirms that server1 is the master.
double check the DNS on the side where the replication failure event is reflected to make sure they are using ad integrated zone, versus the DNS on one side has the wrong information.
presumably there are no rid type errors meaning the master was restored from backup.
To which sever do the clients point to?
Any ip conflict errors on either DC?
double check the DNS on the side where the replication failure event is reflected to make sure they are using ad integrated zone, versus the DNS on one side has the wrong information.
presumably there are no rid type errors meaning the master was restored from backup.
To which sever do the clients point to?
Any ip conflict errors on either DC?
ASKER
I think this WAS a firewall issue as the Network was set to Public (not sure how that happened) so I first set it to Private and then decided to disable the firewall. Last night the server was rebooted and this morning the errors seem to have been resolved:
Replication Summary Start Time: 2015-09-07 07:52:15
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
SERVER1 >60 days 2 / 5 40 (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
SERVER2 57m:29s 0 / 5 0
Destination DSA largest delta fails/total %% error
SERVER1 57m:29s 0 / 5 0
SERVER2 >60 days 2 / 5 40 (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SE RVER1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 66b6cd8b-a7c5-4079-989f-c8 5c898b9604
DSA invocationID: 66b6cd8b-a7c5-4079-989f-c8 5c898b9604
==== INBOUND NEIGHBORS ========================== ========== ==
DC=DOMAIN,DC=local
Default-First-Site-Name\SE RVER2 via RPC
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d d3eb9c7104
Last attempt @ 2015-09-07 06:58:37 was successful.
CN=Configuration,DC=DOMAIN ,DC=local
Default-First-Site-Name\SE RVER2 via RPC
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d d3eb9c7104
Last attempt @ 2015-09-07 06:54:46 was successful.
CN=Schema,CN=Configuration ,DC=DOMAIN ,DC=local
Default-First-Site-Name\SE RVER2 via RPC
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d d3eb9c7104
Last attempt @ 2015-09-07 06:54:46 was successful.
DC=DomainDnsZones,DC=DOMAI N,DC=local
Default-First-Site-Name\SE RVER2 via RPC
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d d3eb9c7104
Last attempt @ 2015-09-07 06:54:46 was successful.
DC=ForestDnsZones,DC=DOMAI N,DC=local
Default-First-Site-Name\SE RVER2 via RPC
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d d3eb9c7104
Last attempt @ 2015-09-07 06:54:46 was successful.
Repadmin: running command /bridgeheads against full DC localhost
Gathering topology from site Default-First-Site-Name (SERVER1.DOMAIN.local):
Bridgeheads for site Default-First-Site-Name (SERVER2.DOMAIN.local):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === ========
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: FrsEvent
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER1 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: Services
......................... SERVER1 passed test Services
Starting test: SystemLog
......................... SERVER1 passed test SystemLog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: LocatorCheck
......................... DOMAIN.local passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
......................... SERVER1 passed test RegisterInDNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERVER1, is a Directory Server.
Home Server = SERVER1
* Connecting to directory service on server SERVER1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=D OMAIN,DC=l ocal,LDAP_ SCOPE_SUBT REE,(objec tCategory= ntDSSiteSe ttings),.. .....
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=D OMAIN,DC=l ocal
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=D OMAIN,DC=l ocal,LDAP_ SCOPE_SUBT REE,(objec tClass=ntD SDsa),.... ...
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERVER2,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: Advertising
The DC SERVER1 is advertising itself as a DC and having a DS.
The DC SERVER1 is advertising as an LDAP server
The DC SERVER1 is advertising as having a writeable directory
The DC SERVER1 is advertising as a Key Distribution Center
The DC SERVER1 is advertising as a time server
The DS SERVER1 is advertising as a GC.
......................... SERVER1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERVER1 for domain DOMAIN.local in site Default-First-Site-Name
Checking machine account for DC SERVER1 on DC SERVER1.
* SPN found :LDAP/SERVER1.DOMAIN.local /DOMAIN.lo cal
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1
* SPN found :LDAP/SERVER1.DOMAIN.local /JFT
* SPN found :LDAP/66b6cd8b-a7c5-4079-9 89f-c85c89 8b9604._ms dcs.DOMAIN .local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/66b6cd8b -a7c5-4079 -989f-c85c 898b9604/D OMAIN.loca l
* SPN found :HOST/SERVER1.DOMAIN.local /DOMAIN.lo cal
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1
* SPN found :HOST/SERVER1.DOMAIN.local /JFT
* SPN found :GC/SERVER1.DOMAIN.local/D OMAIN.loca l
[SERVER1] No security related replication errors were found on this DC!
To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERVER1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAI N,DC=local .
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAI N,DC=local .
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration ,DC=DOMAIN ,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN ,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DOMAIN,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVER1 on DC SERVER1.
* SPN found :LDAP/SERVER1.DOMAIN.local /DOMAIN.lo cal
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1
* SPN found :LDAP/SERVER1.DOMAIN.local /JFT
* SPN found :LDAP/66b6cd8b-a7c5-4079-9 89f-c85c89 8b9604._ms dcs.DOMAIN .local
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/66b6cd8b -a7c5-4079 -989f-c85c 898b9604/D OMAIN.loca l
* SPN found :HOST/SERVER1.DOMAIN.local /DOMAIN.lo cal
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1
* SPN found :HOST/SERVER1.DOMAIN.local /JFT
* SPN found :GC/SERVER1.DOMAIN.local/D OMAIN.loca l
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER1.
* Security Permissions Check for
DC=ForestDnsZones,DC=DOMAI N,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=DOMAI N,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=DOMAIN ,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=DOMAIN ,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=DOMAIN,DC=local
(Domain,Version 3)
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVER1\netlogon
Verified share \\SERVER1\sysvol
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
SERVER1 is in domain DC=DOMAIN,DC=local
Checking for CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l ocal in domain DC=DOMAIN,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local in domain CN=Configuration,DC=DOMAIN ,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SERVER1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERVER1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... SERVER1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* SERVER1.DOMAIN.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1175
......................... SERVER1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVER1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAI N,DC=local .
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAI N,DC=local .
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration ,DC=DOMAIN ,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=DOMAIN ,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DOMAIN,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SERVER1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l ocal and backlink on
CN=SERVER1,CN=Servers,CN=D efault-Fir st-Site-Na me,CN=Site s,CN=Confi guration,D C=DOMAIN,D C=local
are correct.
The system object reference (serverReferenceBL)
CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAI N,DC=local
and backlink on
CN=NTDS Settings,CN=SERVER1,CN=Ser vers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =DOMAIN,DC =local
are correct.
The system object reference (frsComputerReferenceBL)
CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAI N,DC=local
and backlink on CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l ocal are
correct.
......................... SERVER1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERVER1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: SERVER1.DOMAIN.local
Domain: DOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000014] Intel(R) Advanced Network Services Virtual Adapter:
MAC address is 00:11:43:F0:02:59
IP Address is static
IP address: 10.10.2.1
DNS servers:
10.10.2.1 (SERVER1.DOMAIN.local.) [Valid]
10.10.2.2 (SERVER2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.10.2.2 (SERVER2) [Valid]
207.181.101.4 (<name unavailable>) [Valid]
207.181.101.5 (<name unavailable>) [Valid]
24.200.241.37 (<name unavailable>) [Valid]
24.201.245.77 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: DOMAIN.local.
Delegated domain name: _msdcs.DOMAIN.local.
DNS server: SERVER1.DOMAIN.local. IP:10.10.2.1 [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
[Error details: 9017 (Type: Win32 - Description: DNS bad key.)]
Test record dcdiag-test-record deleted successfully in zone DOMAIN.local
TEST: Records registration (RReg)
Network Adapter
[00000014] Intel(R) Advanced Network Services Virtual Adapter:
Matching CNAME record found at DNS server 10.10.2.1:
66b6cd8b-a7c5-4079-989f-c8 5c898b9604 ._msdcs.DO MAIN.local
Matching A record found at DNS server 10.10.2.1:
SERVER1.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.9b2ff477-a1f9-4 4f5-a5da-c 1a2835a41a 8.domains. _msdcs.DOM AIN.local
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.dc._msdcs.D OMAIN.loca l
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.dc._msdcs.DOMAI N.local
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.DOMAIN.loca l
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._udp.DOMAIN.loca l
Matching SRV record found at DNS server 10.10.2.1:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S ite-Name._ sites.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. DOMAIN.loc al
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. DOMAIN.loc al
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.gc._msdcs.DOMAI N.local
Matching A record found at DNS server 10.10.2.1:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_gc._tcp.Default-First-Sit e-Name._si tes.DOMAIN .local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.pdc._msdcs.DOMA IN.local
Matching CNAME record found at DNS server 10.10.2.2:
66b6cd8b-a7c5-4079-989f-c8 5c898b9604 ._msdcs.DO MAIN.local
Matching A record found at DNS server 10.10.2.2:
SERVER1.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.9b2ff477-a1f9-4 4f5-a5da-c 1a2835a41a 8.domains. _msdcs.DOM AIN.local
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.dc._msdcs.D OMAIN.loca l
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.dc._msdcs.DOMAI N.local
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.DOMAIN.loca l
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._udp.DOMAIN.loca l
Matching SRV record found at DNS server 10.10.2.2:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S ite-Name._ sites.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. dc._msdcs. DOMAIN.loc al
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S ite-Name._ sites.dc._ msdcs.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.Default-Fir st-Site-Na me._sites. DOMAIN.loc al
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.gc._msdcs.DOMAI N.local
Matching A record found at DNS server 10.10.2.2:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_gc._tcp.Default-First-Sit e-Name._si tes.DOMAIN .local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S ite-Name._ sites.gc._ msdcs.DOMA IN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.pdc._msdcs.DOMA IN.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.10.2.1 (SERVER1.DOMAIN.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.DOMAIN.local. is operational on IP 10.10.2.1
DNS server: 10.10.2.2 (SERVER2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 207.181.101.4 (<name unavailable>)
All tests passed on this DNS server
DNS server: 207.181.101.5 (<name unavailable>)
All tests passed on this DNS server
DNS server: 24.200.241.37 (<name unavailable>)
All tests passed on this DNS server
DNS server: 24.201.245.77 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________ __________ __________ __________ _________
Domain: DOMAIN.local
SERVER1 PASS PASS PASS PASS WARN PASS n/a
......................... DOMAIN.local passed test DNS
Starting test: LocatorCheck
GC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
PDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
KDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
......................... DOMAIN.local passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
PDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
KDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
......................... DOMAIN.local passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... DOMAIN.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE RVER1
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... SERVER1 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : DOMAIN
Running enterprise tests on : DOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: SERVER1.DOMAIN.local
Domain: DOMAIN.local
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
SERVER1 PASS PASS PASS PASS WARN PASS n/a
......................... DOMAIN.local passed test DNS
Replication Summary Start Time: 2015-09-07 07:52:15
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error
SERVER1 >60 days 2 / 5 40 (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
SERVER2 57m:29s 0 / 5 0
Destination DSA largest delta fails/total %% error
SERVER1 57m:29s 0 / 5 0
SERVER2 >60 days 2 / 5 40 (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
Repadmin: running command /showrepl against full DC localhost
Default-First-Site-Name\SE
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: 66b6cd8b-a7c5-4079-989f-c8
DSA invocationID: 66b6cd8b-a7c5-4079-989f-c8
==== INBOUND NEIGHBORS ==========================
DC=DOMAIN,DC=local
Default-First-Site-Name\SE
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d
Last attempt @ 2015-09-07 06:58:37 was successful.
CN=Configuration,DC=DOMAIN
Default-First-Site-Name\SE
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d
Last attempt @ 2015-09-07 06:54:46 was successful.
CN=Schema,CN=Configuration
Default-First-Site-Name\SE
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d
Last attempt @ 2015-09-07 06:54:46 was successful.
DC=DomainDnsZones,DC=DOMAI
Default-First-Site-Name\SE
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d
Last attempt @ 2015-09-07 06:54:46 was successful.
DC=ForestDnsZones,DC=DOMAI
Default-First-Site-Name\SE
DSA object GUID: 2b997e59-aea3-4a3f-93df-8d
Last attempt @ 2015-09-07 06:54:46 was successful.
Repadmin: running command /bridgeheads against full DC localhost
Gathering topology from site Default-First-Site-Name (SERVER1.DOMAIN.local):
Bridgeheads for site Default-First-Site-Name (SERVER2.DOMAIN.local):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === ========
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: FrsEvent
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER1 passed test SysVolCheck
Starting test: KccEvent
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: Services
......................... SERVER1 passed test Services
Starting test: SystemLog
......................... SERVER1 passed test SystemLog
Starting test: VerifyReferences
......................... SERVER1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: LocatorCheck
......................... DOMAIN.local passed test LocatorCheck
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
......................... SERVER1 passed test RegisterInDNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine SERVER1, is a Directory Server.
Home Server = SERVER1
* Connecting to directory service on server SERVER1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER1,CN=Ser
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERVER2,CN=Ser
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: Advertising
The DC SERVER1 is advertising itself as a DC and having a DS.
The DC SERVER1 is advertising as an LDAP server
The DC SERVER1 is advertising as having a writeable directory
The DC SERVER1 is advertising as a Key Distribution Center
The DC SERVER1 is advertising as a time server
The DS SERVER1 is advertising as a GC.
......................... SERVER1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERVER1 for domain DOMAIN.local in site Default-First-Site-Name
Checking machine account for DC SERVER1 on DC SERVER1.
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/66b6cd8b-a7c5-4079-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :GC/SERVER1.DOMAIN.local/D
[SERVER1] No security related replication errors were found on this DC!
To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERVER1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAI
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAI
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DOMAIN,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser
Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser
Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser
Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Ser
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVER1 on DC SERVER1.
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/SERVER1
* SPN found :LDAP/SERVER1.DOMAIN.local
* SPN found :LDAP/66b6cd8b-a7c5-4079-9
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :HOST/SERVER1
* SPN found :HOST/SERVER1.DOMAIN.local
* SPN found :GC/SERVER1.DOMAIN.local/D
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER1.
* Security Permissions Check for
DC=ForestDnsZones,DC=DOMAI
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=DOMAI
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=DOMAIN
(Configuration,Version 3)
* Security Permissions Check for
DC=DOMAIN,DC=local
(Domain,Version 3)
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVER1\netlogon
Verified share \\SERVER1\sysvol
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
SERVER1 is in domain DC=DOMAIN,DC=local
Checking for CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERVER1,CN=Ser
Object is up-to-date on all servers.
......................... SERVER1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERVER1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... SERVER1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2100 to 1073741823
* SERVER1.DOMAIN.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1175
......................... SERVER1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVER1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAI
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAI
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=DOMAIN
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DOMAIN,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SERVER1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l
CN=SERVER1,CN=Servers,CN=D
are correct.
The system object reference (serverReferenceBL)
CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAI
and backlink on
CN=NTDS Settings,CN=SERVER1,CN=Ser
are correct.
The system object reference (frsComputerReferenceBL)
CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAI
and backlink on CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=l
correct.
......................... SERVER1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERVER1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER1 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : DOMAIN
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: SERVER1.DOMAIN.local
Domain: DOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 1.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000014] Intel(R) Advanced Network Services Virtual Adapter:
MAC address is 00:11:43:F0:02:59
IP Address is static
IP address: 10.10.2.1
DNS servers:
10.10.2.1 (SERVER1.DOMAIN.local.) [Valid]
10.10.2.2 (SERVER2) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
10.10.2.2 (SERVER2) [Valid]
207.181.101.4 (<name unavailable>) [Valid]
207.181.101.5 (<name unavailable>) [Valid]
24.200.241.37 (<name unavailable>) [Valid]
24.201.245.77 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone: DOMAIN.local.
Delegated domain name: _msdcs.DOMAIN.local.
DNS server: SERVER1.DOMAIN.local. IP:10.10.2.1 [Valid]
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
[Error details: 9017 (Type: Win32 - Description: DNS bad key.)]
Test record dcdiag-test-record deleted successfully in zone DOMAIN.local
TEST: Records registration (RReg)
Network Adapter
[00000014] Intel(R) Advanced Network Services Virtual Adapter:
Matching CNAME record found at DNS server 10.10.2.1:
66b6cd8b-a7c5-4079-989f-c8
Matching A record found at DNS server 10.10.2.1:
SERVER1.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.9b2ff477-a1f9-4
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.dc._msdcs.D
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.dc._msdcs.DOMAI
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.DOMAIN.loca
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._udp.DOMAIN.loca
Matching SRV record found at DNS server 10.10.2.1:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.1:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.gc._msdcs.DOMAI
Matching A record found at DNS server 10.10.2.1:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.1:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.1:
_ldap._tcp.pdc._msdcs.DOMA
Matching CNAME record found at DNS server 10.10.2.2:
66b6cd8b-a7c5-4079-989f-c8
Matching A record found at DNS server 10.10.2.2:
SERVER1.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.9b2ff477-a1f9-4
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.dc._msdcs.D
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.dc._msdcs.DOMAI
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.DOMAIN.loca
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._udp.DOMAIN.loca
Matching SRV record found at DNS server 10.10.2.2:
_kpasswd._tcp.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.2:
_kerberos._tcp.Default-Fir
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.gc._msdcs.DOMAI
Matching A record found at DNS server 10.10.2.2:
gc._msdcs.DOMAIN.local
Matching SRV record found at DNS server 10.10.2.2:
_gc._tcp.Default-First-Sit
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.Default-First-S
Matching SRV record found at DNS server 10.10.2.2:
_ldap._tcp.pdc._msdcs.DOMA
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.10.2.1 (SERVER1.DOMAIN.local.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.DOMAIN.local. is operational on IP 10.10.2.1
DNS server: 10.10.2.2 (SERVER2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 207.181.101.4 (<name unavailable>)
All tests passed on this DNS server
DNS server: 207.181.101.5 (<name unavailable>)
All tests passed on this DNS server
DNS server: 24.200.241.37 (<name unavailable>)
All tests passed on this DNS server
DNS server: 24.201.245.77 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
__________________________
Domain: DOMAIN.local
SERVER1 PASS PASS PASS PASS WARN PASS n/a
......................... DOMAIN.local passed test DNS
Starting test: LocatorCheck
GC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
PDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
KDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
......................... DOMAIN.local passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
PDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
KDC Name: \\SERVER1.DOMAIN.local
Locator Flags: 0xe00033fd
......................... DOMAIN.local passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... DOMAIN.local passed test Intersite
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = SERVER1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SE
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SE
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... SERVER1 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : DOMAIN
Running enterprise tests on : DOMAIN.local
Starting test: DNS
Test results for domain controllers:
DC: SERVER1.DOMAIN.local
Domain: DOMAIN.local
TEST: Dynamic update (Dyn)
Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
SERVER1 PASS PASS PASS PASS WARN PASS n/a
......................... DOMAIN.local passed test DNS
Turn them off and see if replication starts