No Replication Between 2 AD servers

Just got a new client with a messed up situation...

Server 1 "SERVER1"= Windows 2008 running Active Directory, DNS, DHCP (although clients have static IP's).

Server 2 "SERVER2" = Windows 2008 running AD, DNS, DHCP

SERVER1 is the Master.  Both are on the same subnet.

When I run repadmin /showrepl on either I get a whole whack of messages like this:

DC=domain,DC=local    
Default-First-Site-Name\SERVER1 via RPC        
DSA object GUID: 66b6cd8b-a7c5-4079-989f-c85c898b9604        
Last attempt @ 2015-09-03 21:10:00 failed, result 8614 (0x21a6):            The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.        7213 consecutive failure(s).        Last success @ 2014-12-08 10:39:41

So it has been over 9 months since these two server spoke to each other.

SERVER1 is getting a bunch of Event ID 2042 and Event ID 2092.  One cause could be lingering objects in ADUC, how could I verify this?

What other causes/troubleshooting steps could reestablish replication between the servers?
LVL 1
st3v32k2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Thomas GrassiSystems AdministratorCommented:
Check your DNS
run these

repadmin /replsum >>c:\util\dclogx.txt
repadmin /showrepl >>c:\util\dclogx.txt
repadmin /bridgeheads >>c:\util\dclogx.txt

dcdiag >>dclogx.txt
dcdiag /test:registerindns /dnsdomain:FDQN>>dclogx.txt
dcdiag /c /v >>dclogx.txt
dcdiag /test:dns >>dclogx.txt


If you need help with the reports post them
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
D_VanteCommented:
check your firewall
Turn them off and see if replication starts
0
arnoldCommented:
Does server2 confirms that server1 is the master.  

double check the DNS on the side where the replication failure event is reflected to make sure they are using ad integrated zone, versus the DNS on one side has the wrong information.

presumably there are no rid type errors meaning the master was restored from backup.

To which sever do the clients point to?

Any ip conflict errors on either DC?
0
st3v32k2Author Commented:
I think this WAS a firewall issue as the Network was set to Public (not sure how that happened) so I first set it to Private and then decided to disable the firewall.  Last night the server was rebooted and this morning the errors seem to have been resolved:

Replication Summary Start Time: 2015-09-07 07:52:15



Beginning data collection for replication summary, this may take awhile:

  .....





Source DSA          largest delta    fails/total %%   error

 SERVER1           >60 days            2 /   5   40  (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.

 SERVER2                    57m:29s    0 /   5    0  





Destination DSA     largest delta    fails/total %%   error

 SERVER1                    57m:29s    0 /   5    0  

 SERVER2           >60 days            2 /   5   40  (8614) The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.







Repadmin: running command /showrepl against full DC localhost

Default-First-Site-Name\SERVER1

DSA Options: IS_GC

Site Options: (none)

DSA object GUID: 66b6cd8b-a7c5-4079-989f-c85c898b9604

DSA invocationID: 66b6cd8b-a7c5-4079-989f-c85c898b9604



==== INBOUND NEIGHBORS ======================================



DC=DOMAIN,DC=local

    Default-First-Site-Name\SERVER2 via RPC

        DSA object GUID: 2b997e59-aea3-4a3f-93df-8dd3eb9c7104

        Last attempt @ 2015-09-07 06:58:37 was successful.



CN=Configuration,DC=DOMAIN,DC=local

    Default-First-Site-Name\SERVER2 via RPC

        DSA object GUID: 2b997e59-aea3-4a3f-93df-8dd3eb9c7104

        Last attempt @ 2015-09-07 06:54:46 was successful.



CN=Schema,CN=Configuration,DC=DOMAIN,DC=local

    Default-First-Site-Name\SERVER2 via RPC

        DSA object GUID: 2b997e59-aea3-4a3f-93df-8dd3eb9c7104

        Last attempt @ 2015-09-07 06:54:46 was successful.



DC=DomainDnsZones,DC=DOMAIN,DC=local

    Default-First-Site-Name\SERVER2 via RPC

        DSA object GUID: 2b997e59-aea3-4a3f-93df-8dd3eb9c7104

        Last attempt @ 2015-09-07 06:54:46 was successful.



DC=ForestDnsZones,DC=DOMAIN,DC=local

    Default-First-Site-Name\SERVER2 via RPC

        DSA object GUID: 2b997e59-aea3-4a3f-93df-8dd3eb9c7104

        Last attempt @ 2015-09-07 06:54:46 was successful.





Repadmin: running command /bridgeheads against full DC localhost

Gathering topology from site Default-First-Site-Name (SERVER1.DOMAIN.local):



Bridgeheads for site Default-First-Site-Name (SERVER2.DOMAIN.local):

             Source Site    Local Bridge  Trns         Fail. Time    #    Status

         ===============  ==============  ====  =================   ===  ========




Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER1

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER1

      Starting test: Connectivity

         ......................... SERVER1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SERVER1

      Starting test: Advertising

         ......................... SERVER1 passed test Advertising

      Starting test: FrsEvent

         ......................... SERVER1 passed test FrsEvent

      Starting test: DFSREvent

         ......................... SERVER1 passed test DFSREvent

      Starting test: SysVolCheck

         ......................... SERVER1 passed test SysVolCheck

      Starting test: KccEvent

         ......................... SERVER1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         ......................... SERVER1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         ......................... SERVER1 passed test MachineAccount

      Starting test: NCSecDesc

         ......................... SERVER1 passed test NCSecDesc

      Starting test: NetLogons

         ......................... SERVER1 passed test NetLogons

      Starting test: ObjectsReplicated

         ......................... SERVER1 passed test ObjectsReplicated

      Starting test: Replications

         ......................... SERVER1 passed test Replications

      Starting test: RidManager

         ......................... SERVER1 passed test RidManager

      Starting test: Services

         ......................... SERVER1 passed test Services

      Starting test: SystemLog

         ......................... SERVER1 passed test SystemLog

      Starting test: VerifyReferences

         ......................... SERVER1 passed test VerifyReferences

   
   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : DOMAIN

      Starting test: CheckSDRefDom

         ......................... DOMAIN passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DOMAIN passed test CrossRefValidation

   
   Running enterprise tests on : DOMAIN.local

      Starting test: LocatorCheck

         ......................... DOMAIN.local passed test LocatorCheck

      Starting test: Intersite

         ......................... DOMAIN.local passed test Intersite

   Starting test: RegisterInDNS

      DNS configuration is sufficient to allow this domain controller to

      dynamically register the domain controller Locator records in DNS.
     
      The DNS configuration is sufficient to allow this computer to dynamically

      register the A record corresponding to its DNS name.
     
      ......................... SERVER1 passed test RegisterInDNS


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine SERVER1, is a Directory Server.
   Home Server = SERVER1

   * Connecting to directory service on server SERVER1.

   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 2 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER1

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity
         * Active Directory RPC Services Check
         ......................... SERVER1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SERVER1

      Starting test: Advertising

         The DC SERVER1 is advertising itself as a DC and having a DS.
         The DC SERVER1 is advertising as an LDAP server
         The DC SERVER1 is advertising as having a writeable directory
         The DC SERVER1 is advertising as a Key Distribution Center
         The DC SERVER1 is advertising as a time server
         The DS SERVER1 is advertising as a GC.
         ......................... SERVER1 passed test Advertising

      Starting test: CheckSecurityError

         * Dr Auth:  Beginning security errors check!
         Found KDC SERVER1 for domain DOMAIN.local in site Default-First-Site-Name
         Checking machine account for DC SERVER1 on DC SERVER1.
         * SPN found :LDAP/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/SERVER1.DOMAIN.local
         * SPN found :LDAP/SERVER1
         * SPN found :LDAP/SERVER1.DOMAIN.local/JFT
         * SPN found :LDAP/66b6cd8b-a7c5-4079-989f-c85c898b9604._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/66b6cd8b-a7c5-4079-989f-c85c898b9604/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local
         * SPN found :HOST/SERVER1
         * SPN found :HOST/SERVER1.DOMAIN.local/JFT
         * SPN found :GC/SERVER1.DOMAIN.local/DOMAIN.local
         [SERVER1] No security related replication errors were found on this DC!

          To target the connection to a specific source DC use

         /ReplSource:<DC>.

         ......................... SERVER1 passed test CheckSecurityError

      Starting test: CutoffServers

         * Configuration Topology Aliveness Check
         * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the alive system replication topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERVER1 passed test CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test
         ......................... SERVER1 passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log.
         Skip the test because the server is running FRS.

         ......................... SERVER1 passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERVER1 passed test SysVolCheck

      Starting test: FrsSysVol

         * The File Replication Service SYSVOL ready test
         File Replication Service's SYSVOL is ready
         ......................... SERVER1 passed test FrsSysVol

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... SERVER1 passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... SERVER1 passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC SERVER1 on DC SERVER1.
         * SPN found :LDAP/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :LDAP/SERVER1.DOMAIN.local
         * SPN found :LDAP/SERVER1
         * SPN found :LDAP/SERVER1.DOMAIN.local/JFT
         * SPN found :LDAP/66b6cd8b-a7c5-4079-989f-c85c898b9604._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/66b6cd8b-a7c5-4079-989f-c85c898b9604/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local/DOMAIN.local
         * SPN found :HOST/SERVER1.DOMAIN.local
         * SPN found :HOST/SERVER1
         * SPN found :HOST/SERVER1.DOMAIN.local/JFT
         * SPN found :GC/SERVER1.DOMAIN.local/DOMAIN.local
         ......................... SERVER1 passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC SERVER1.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=DOMAIN,DC=local
            (Domain,Version 3)
         ......................... SERVER1 passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\SERVER1\netlogon
         Verified share \\SERVER1\sysvol
         ......................... SERVER1 passed test NetLogons

      Starting test: ObjectsReplicated

         SERVER1 is in domain DC=DOMAIN,DC=local
         Checking for CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local in domain DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... SERVER1 passed test ObjectsReplicated

      Starting test: OutboundSecureChannels

         * The Outbound Secure Channels test
         ** Did not run Outbound Secure Channels test because /testdomain: was

         not entered

         ......................... SERVER1 passed test OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
         ......................... SERVER1 passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 2100 to 1073741823
         * SERVER1.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 1100 to 1599
         * rIDPreviousAllocationPool is 1100 to 1599
         * rIDNextRID: 1175
         ......................... SERVER1 passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... SERVER1 passed test Services

      Starting test: SystemLog

         * The System Event log test
         Found no errors in "System" Event log in the last 60 minutes.
         ......................... SERVER1 passed test SystemLog

      Starting test: Topology

         * Configuration Topology Integrity Check
         * Analyzing the connection topology for DC=ForestDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DomainDnsZones,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for CN=Configuration,DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         * Analyzing the connection topology for DC=DOMAIN,DC=local.
         * Performing upstream (of target) analysis.
         * Performing downstream (of target) analysis.
         ......................... SERVER1 passed test Topology

      Starting test: VerifyEnterpriseReferences

         ......................... SERVER1 passed test

         VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local and backlink on

         CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct.
         The system object reference (serverReferenceBL)

         CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local

         and backlink on

         CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct.
         The system object reference (frsComputerReferenceBL)

         CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=DOMAIN,DC=local

         and backlink on CN=SERVER1,OU=Domain Controllers,DC=DOMAIN,DC=local are

         correct.
         ......................... SERVER1 passed test VerifyReferences

      Starting test: VerifyReplicas

         ......................... SERVER1 passed test VerifyReplicas

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         See DNS test in enterprise tests section for results
         ......................... SERVER1 passed test DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running partition tests on : DOMAIN

      Starting test: CheckSDRefDom

         ......................... DOMAIN passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DOMAIN passed test CrossRefValidation

   
   Running enterprise tests on : DOMAIN.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: SERVER1.DOMAIN.local

            Domain: DOMAIN.local

           

                 
               TEST: Authentication (Auth)
                  Authentication test: Successfully completed
                 
               TEST: Basic (Basc)
                  The OS

                  Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 1.0)

                  is supported.

                  NETLOGON service is running

                  kdc service is running

                  DNSCACHE service is running

                  DNS service is running

                  DC is a DNS server

                  Network adapters information:

                  Adapter

                  [00000014] Intel(R) Advanced Network Services Virtual Adapter:

                 

                     MAC address is 00:11:43:F0:02:59
                     IP Address is static
                     IP address: 10.10.2.1
                     DNS servers:

                        10.10.2.1 (SERVER1.DOMAIN.local.) [Valid]
                        10.10.2.2 (SERVER2) [Valid]
                  The A host record(s) for this DC was found
                  The SOA record for the Active Directory zone was found
                  The Active Directory zone on this DC/DNS server was found primary
                  Root zone on this DC/DNS server was not found
                 
               TEST: Forwarders/Root hints (Forw)
                  Recursion is enabled
                  Forwarders Information:
                     10.10.2.2 (SERVER2) [Valid]
                     207.181.101.4 (<name unavailable>) [Valid]
                     207.181.101.5 (<name unavailable>) [Valid]
                     24.200.241.37 (<name unavailable>) [Valid]
                     24.201.245.77 (<name unavailable>) [Valid]
                 
               TEST: Delegations (Del)
                  Delegation information for the zone: DOMAIN.local.
                     Delegated domain name: _msdcs.DOMAIN.local.
                        DNS server: SERVER1.DOMAIN.local. IP:10.10.2.1 [Valid]
                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
                  [Error details: 9017 (Type: Win32 - Description: DNS bad key.)]
                  Test record dcdiag-test-record deleted successfully in zone DOMAIN.local
                 
               TEST: Records registration (RReg)
                  Network Adapter

                  [00000014] Intel(R) Advanced Network Services Virtual Adapter:

                 

                     Matching CNAME record found at DNS server 10.10.2.1:
                     66b6cd8b-a7c5-4079-989f-c85c898b9604._msdcs.DOMAIN.local

                     Matching A record found at DNS server 10.10.2.1:
                     SERVER1.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.9b2ff477-a1f9-44f5-a5da-c1a2835a41a8.domains._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kerberos._tcp.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kerberos._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kerberos._udp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kpasswd._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _kerberos._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.gc._msdcs.DOMAIN.local

                     Matching A record found at DNS server 10.10.2.1:
                     gc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _gc._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.1:
                     _ldap._tcp.pdc._msdcs.DOMAIN.local

                     Matching CNAME record found at DNS server 10.10.2.2:
                     66b6cd8b-a7c5-4079-989f-c85c898b9604._msdcs.DOMAIN.local

                     Matching A record found at DNS server 10.10.2.2:
                     SERVER1.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.9b2ff477-a1f9-44f5-a5da-c1a2835a41a8.domains._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kerberos._tcp.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kerberos._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kerberos._udp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kpasswd._tcp.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _kerberos._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.gc._msdcs.DOMAIN.local

                     Matching A record found at DNS server 10.10.2.2:
                     gc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _gc._tcp.Default-First-Site-Name._sites.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.DOMAIN.local

                     Matching  SRV record found at DNS server 10.10.2.2:
                     _ldap._tcp.pdc._msdcs.DOMAIN.local

         
         Summary of test results for DNS servers used by the above domain

         controllers:

         

            DNS server: 10.10.2.1 (SERVER1.DOMAIN.local.)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               DNS delegation for the domain  _msdcs.DOMAIN.local. is operational on IP 10.10.2.1

               
            DNS server: 10.10.2.2 (SERVER2)

               All tests passed on this DNS server

               Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
               
            DNS server: 207.181.101.4 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 207.181.101.5 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 24.200.241.37 (<name unavailable>)

               All tests passed on this DNS server

               
            DNS server: 24.201.245.77 (<name unavailable>)

               All tests passed on this DNS server

               
         Summary of DNS test results:

         
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: DOMAIN.local

               SERVER1                       PASS PASS PASS PASS WARN PASS n/a  
         
         ......................... DOMAIN.local passed test DNS

      Starting test: LocatorCheck

         GC Name: \\SERVER1.DOMAIN.local

         Locator Flags: 0xe00033fd
         PDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         KDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         ......................... DOMAIN.local passed test LocatorCheck

      Starting test: FsmoCheck

         GC Name: \\SERVER1.DOMAIN.local

         Locator Flags: 0xe00033fd
         PDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         Preferred Time Server Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         KDC Name: \\SERVER1.DOMAIN.local
         Locator Flags: 0xe00033fd
         ......................... DOMAIN.local passed test FsmoCheck

      Starting test: Intersite

         Skipping site Default-First-Site-Name, this site is outside the scope

         provided by the command line arguments provided.
         ......................... DOMAIN.local passed test Intersite


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   Home Server = SERVER1

   * Identified AD Forest.
   Done gathering initial info.


Doing initial required tests

   
   Testing server: Default-First-Site-Name\SERVER1

      Starting test: Connectivity

         ......................... SERVER1 passed test Connectivity



Doing primary tests

   
   Testing server: Default-First-Site-Name\SERVER1

   
      Starting test: DNS

         

         DNS Tests are running and not hung. Please wait a few minutes...

         ......................... SERVER1 passed test DNS

   
   Running partition tests on : ForestDnsZones

   
   Running partition tests on : DomainDnsZones

   
   Running partition tests on : Schema

   
   Running partition tests on : Configuration

   
   Running partition tests on : DOMAIN

   
   Running enterprise tests on : DOMAIN.local

      Starting test: DNS

         Test results for domain controllers:

           
            DC: SERVER1.DOMAIN.local

            Domain: DOMAIN.local

           

                 
               TEST: Dynamic update (Dyn)
                  Warning: Failed to add the test record dcdiag-test-record in zone DOMAIN.local
         
               SERVER1                       PASS PASS PASS PASS WARN PASS n/a  
         ......................... DOMAIN.local passed test DNS
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.