Solved

AD domain controller suddenly cannot open DNS console and replication stopped ?

Posted on 2016-11-17
28
51 Views
Last Modified: 2016-11-26
People

Can anyone here please assist me in troubleshooting this AD replication between two domain controllers ?

There are two VM running as domain controllers:

PRODDC01-VM
PRODDC01-VM Status
PRODDC02-VM
PRODDC02-VM Status
AD replication cannot be forced from PRODDC01-VM into PRODDC02-VM, and also I cannot open the DNS console in PRODDC02-VM.

So not sure what is happening here.
0
Comment
  • 12
  • 10
  • 3
  • +3
28 Comments
 
LVL 6

Expert Comment

by:Andy
ID: 41891159
Hi,

Are the DC's both on the same virtual host?
If not, can you migrate one of them to the same host as the other?
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891160
Yes, they are:

Additional data:

PRODDC01-VM DCDIAG:
PS C:\> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = PRODDC01-VM
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SYDNEY\PRODDC01-VM
      Starting test: Connectivity
         ......................... PRODDC01-VM passed test Connectivity

Doing primary tests

   Testing server: SYDNEY\PRODDC01-VM
      Starting test: Advertising
         ......................... PRODDC01-VM passed test Advertising
      Starting test: FrsEvent
         ......................... PRODDC01-VM passed test FrsEvent
      Starting test: DFSREvent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
         ......................... PRODDC01-VM failed test DFSREvent
      Starting test: SysVolCheck
         ......................... PRODDC01-VM passed test SysVolCheck
      Starting test: KccEvent
         ......................... PRODDC01-VM passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... PRODDC01-VM passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... PRODDC01-VM passed test MachineAccount
      Starting test: NCSecDesc
         ......................... PRODDC01-VM passed test NCSecDesc
      Starting test: NetLogons
         ......................... PRODDC01-VM passed test NetLogons
      Starting test: ObjectsReplicated
         ......................... PRODDC01-VM passed test ObjectsReplicated
      Starting test: Replications
         REPLICATION LATENCY WARNING
         ERROR: Expected notification link is missing.
         Source PRODDC02-VM
         Replication of new changes along this path will be delayed.
         This problem should self-correct on the next periodic sync.
         ......................... PRODDC01-VM passed test Replications
      Starting test: RidManager
         ......................... PRODDC01-VM passed test RidManager
      Starting test: Services
         ......................... PRODDC01-VM passed test Services
      Starting test: SystemLog
         A warning event occurred.  EventID: 0x0000000C
            Time Generated: 11/17/2016   20:44:40
            Event String:
            Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source
, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain
hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domai
n, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function a
s the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this c
omputer, you may choose to disable the NtpClient.
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 11/17/2016   20:44:45
            Event String:
            The WinRM service failed to create the following SPNs: WSMAN/PRODDC01-VM.KTM.COM; WSMAN/PRODDC01-VM.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/17/2016   20:44:57
            Event String:
            Name resolution for the name KTM.COM timed out after none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x0000168D
            Time Generated: 11/17/2016   20:45:31
            Event String:
            The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates:
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/17/2016   20:45:31
            Event String:
            Name resolution for the name KTM.COM timed out after none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/17/2016   20:46:02
            Event String:
            Name resolution for the name KTM.COM timed out after none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x00001796
            Time Generated: 11/17/2016   20:54:40
            Event String:
            Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
         ......................... PRODDC01-VM passed test SystemLog
      Starting test: VerifyReferences
         ......................... PRODDC01-VM passed test VerifyReferences


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : KTM
      Starting test: CheckSDRefDom
         ......................... KTM passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... KTM passed test CrossRefValidation

   Running enterprise tests on : KTM.COM
      Starting test: LocatorCheck
         ......................... KTM.COM passed test LocatorCheck
      Starting test: Intersite
         ......................... KTM.COM passed test Intersite
PS C:\>

Open in new window


PRODDC02-VM DCDIAG:
PS C:\Users\Administrator.KTM> dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = PRODDC02-VM
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SYDNEY\PRODDC02-VM
      Starting test: Connectivity
         The host 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM could not be resolved to an IP address. Check the
         DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... PRODDC02-VM failed test Connectivity

Doing primary tests

   Testing server: SYDNEY\PRODDC02-VM
      Skipping all tests, because server PRODDC02-VM is not responding to directory service requests.


   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : KTM
      Starting test: CheckSDRefDom
         ......................... KTM passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... KTM passed test CrossRefValidation

   Running enterprise tests on : KTM.COM
      Starting test: LocatorCheck
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
         A Time Server could not be located.
         The server holding the PDC role is down.
         Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
         A Good Time Server could not be located.
         ......................... KTM.COM failed test LocatorCheck
      Starting test: Intersite
         ......................... KTM.COM passed test Intersite
PS C:\Users\Administrator.KTM>

Open in new window

0
 
LVL 6

Expert Comment

by:Andy
ID: 41891164
OK, first steps, have you tried rebooting both servers individually?
Have you checked all services are running as expected?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891166
Yes already done.

All automatic services are up and running.
0
 
LVL 6

Expert Comment

by:Andy
ID: 41891167
Also, is the time on both servers correct?

You may want to try the steps listed in the article here if not already tried:
http://searchwindowsserver.techtarget.com/tip/Quick-fix-for-a-non-replicating-DC
1
 

Accepted Solution

by:
A D earned 125 total points
ID: 41891185
Confirm if the servers are properly cloned or each have been built from scratch? If they are not initially installed properly, Tried and tested, easy and quick option would be to see if FSMO roles can be transferred, remove instances of problematic server from domain and build again from scratch and promote as a DC again.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891195
Yes, both of the time on the DCs are correctly synched as well as my workstation.

The both VM was built manually not from cloned VM.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891199
I have tried this powershell code:

Import-Module ActiveDirectory

$DCs = (Get-ADForest).Domains | %{ Get-ADDomainController -Filter * -Server $_ } | select HostName

foreach ($DC in $DCs)   {
        repadmin /syncall $DC.HostName
    }

Open in new window


But so far it is still returning the error:
CALLBACK MESSAGE: The following replication is in progress:
    From: 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM
    To  : f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM
CALLBACK MESSAGE: The following replication completed successfully:
    From: 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM
    To  : f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
CALLBACK MESSAGE: The following replication is in progress:
    From: f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM
    To  : 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM
CALLBACK MESSAGE: Error issuing replication: 5 (0x5):
    Access is denied.
    From: f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM
    To  : 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM
CALLBACK MESSAGE: SyncAll Finished.
SyncAll reported the following errors:
Error issuing replication: 5 (0x5):
    Access is denied.
    From: f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM
    To  : 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM
0
 
LVL 6

Assisted Solution

by:Andy
Andy earned 125 total points
ID: 41891200
Just some other steps to check:
Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones
Each DC has just one IP address and one network adapter enabled (disable unused NICs).
If multiple NICs (enabled and disabled) are present on server, make sure the active NIC is on top in NIC binding.

Once completed, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service on each DC and workstation.
2
 
LVL 6

Expert Comment

by:Andy
ID: 41891205
It could be a permissions issue from your last output, have you checked this article:
https://support.microsoft.com/en-gb/kb/2002013

It goes through some further steps regarding permissions/security.
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891244
Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones

Here it is the setting:

PRODDC01-VM Network IP address details:
Primary DNS: 192.168.1.200 (itself)
Secondary DNS: 192.168.1.1 (Router)

PRODDC02-VM Network IP address details:
Primary DNS: 192.168.1.201 (itself)
Secondary DNS: 192.168.1.1 (Router)

Each VM has just one vNIC so single NIC connection not multiple.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891318
When I test to create AD object:

From PRODDC01-VM, it does not replicated to PRODDC02-VM:
AD replication from PRODDC01-VM to PRODDC02-VM not working ?
From PRODDC02-VM, it is replicated succesfully to PRODDC01-VM:
AD replication from PRODDC02-VM to PRODDC01-VM working !
However, the DNS console for PRODDC02-VM is still cannot be opened from both AD domain controller MMC console ?
0
 
LVL 6

Expert Comment

by:Andy
ID: 41891321
Have you tried reinstalling DNS on PRODDC02-VM?
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41891348
How to do that ?
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41891418
You need to go to the Server Manager so that you can uninstall/install DNS.
0
 
LVL 37

Assisted Solution

by:Neil Russell
Neil Russell earned 125 total points
ID: 41891473
NEVER have a DNS server setting on a DC that is NOT a DC in an active directory  environment.

Secondary DNS: 192.168.1.1 (Router)  BAD

You should only ever have the DC itself IP address and another DC in the same environment as a secondary.

NOTHING ELSE
1
 
LVL 6

Expert Comment

by:Andy
ID: 41891475
I thought this would have been changed, Senior IT, did you change it as per my earlier comment:
Each DC / DNS server points to its private IP address as primary DNS server and other internal DNS servers as secondary ones
0
 
LVL 20

Assisted Solution

by:masnrock
masnrock earned 125 total points
ID: 41891483
To further emphasize the point Andy had made and Neil touched further on, this is an example of what would be acceptable for DNS settings...

PRODDC01-VM Network IP address details:
Primary DNS: 192.168.1.200 (itself)
Secondary DNS: 192.168.1.201 (PRODDC02-VM)

PRODDC02-VM Network IP address details:
Primary DNS: 192.168.1.201 (itself)
Secondary DNS: 192.168.1.200 (PRODDC01-VM)

So while this may seem circular, it allows each DC to back up the other for DNS lookups. Some routers do have DNS functionality built in, but it's not designed for networks like AD domains.
1
 
LVL 6

Expert Comment

by:Andy
ID: 41891491
That's correct Senior IT. You can put forwarders into DNS once it's running correctly.
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41892201
As per everyones suggestion, yes I have changed it into that settings to point to each other.
I have not set the forwarders. But for some reason the DNS cannot be opened in PRODDC02-VM?

The AD console is working fine and everytime I created the new AD objects in PRODDC02-VM, it replicated to the othhr D just fine, but not the other way around from PRODDC01-VM to PRODDC02-VM.
0
 
LVL 20

Expert Comment

by:masnrock
ID: 41892217
1
 
LVL 19

Expert Comment

by:compdigit44
ID: 41895137
After changes have been post as suggest by other experts, can you please post the latest results from dcdiag /v /e

Also are you able to manage DNS from either servers using powershell commandlet?

Also please upload a screen shot of the error message you are getting when opening the DNS console
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41897397
Hi All,

Sorry for the late reply.

Here's the result of the DCDIAG /V /E command as requested. Can anyone here please help ?
PRODDC01-VM.txt
PRODDC02-VM.txt
0
 
LVL 6

Expert Comment

by:Andy
ID: 41897410
Your best option may be to demote and rebuild DC02
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41897413
Hi Andy,

If I demote it, how can I ensure that it won't impact any of the existing Exchange server and AD objects ?
0
 
LVL 6

Expert Comment

by:Andy
ID: 41897417
One option is to turn off the server for a while and see if anything is affected, if it is, turn it on again, if not you know it's safe.
1
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 41902277
Here's the result from DCDIAG /V /E command:

C:\>dcdiag /v /e

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   * Verifying that the local machine PRODDC02-VM, is a Directory Server.
   Home Server = PRODDC02-VM
   * Connecting to directory service on server PRODDC02-VM.
   * Identified AD Forest.
   Collecting AD specific global data
   * Collecting site info.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=KTM,DC=COM,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded
   Iterating through the sites
   Looking at base site object: CN=NTDS Site Settings,CN=SYDNEY,CN=Sites,CN=Configuration,DC=KTM,DC=COM
   Getting ISTG and options for the site
   * Identifying all servers.
   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=KTM,DC=COM,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers
   Getting information for the server CN=NTDS Settings,CN=PRODDC01-VM,CN=Servers,CN=SYDNEY,CN=Sites,CN=Configuration,DC=KTM,DC=COM
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PRODDC02-VM,CN=Servers,CN=SYDNEY,CN=Sites,CN=Configuration,DC=KTM,DC=COM
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.
   Ldap search capability attribute search failed on server PRODDC01-VM, return value = 81
   Got error while checking if the DC is using FRS or DFSR. Error: Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error.
   * Found 2 DC(s). Testing 2 of them.
   Done gathering initial info.

Doing initial required tests

   Testing server: SYDNEY\PRODDC01-VM
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
         Neither the the server name (PRODDC01-VM.KTM.COM) nor the Guid DNS name (f74feed0-f342-44e1-9dd5-96cd86f02736._msdcs.KTM.COM) could be resolved by DNS.  Check that the server is up and is registered correctly with the DNS server.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... PRODDC01-VM failed test Connectivity

   Testing server: SYDNEY\PRODDC02-VM
      Starting test: Connectivity
         * Active Directory LDAP Services Check
         The host 94ddd95e-a625-4e14-987d-fca5ab9fdf59._msdcs.KTM.COM could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc.
         Got error while checking LDAP and RPC connectivity. Please check your firewall settings.
         ......................... PRODDC02-VM failed test Connectivity

Doing primary tests

   Testing server: SYDNEY\PRODDC01-VM
      Skipping all tests, because server PRODDC01-VM is not responding to directory service requests.
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

   Testing server: SYDNEY\PRODDC02-VM
      Skipping all tests, because server PRODDC02-VM is not responding to directory service requests.
      Test omitted by user request: Advertising
      Test omitted by user request: CheckSecurityError
      Test omitted by user request: CutoffServers
      Test omitted by user request: FrsEvent
      Test omitted by user request: DFSREvent
      Test omitted by user request: SysVolCheck
      Test omitted by user request: KccEvent
      Test omitted by user request: KnowsOfRoleHolders
      Test omitted by user request: MachineAccount
      Test omitted by user request: NCSecDesc
      Test omitted by user request: NetLogons
      Test omitted by user request: ObjectsReplicated
      Test omitted by user request: OutboundSecureChannels
      Test omitted by user request: Replications
      Test omitted by user request: RidManager
      Test omitted by user request: Services
      Test omitted by user request: SystemLog
      Test omitted by user request: Topology
      Test omitted by user request: VerifyEnterpriseReferences
      Test omitted by user request: VerifyReferences
      Test omitted by user request: VerifyReplicas

      Test omitted by user request: DNS
      Test omitted by user request: DNS

      Test omitted by user request: DNS
      Test omitted by user request: DNS

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
            For the partition (DC=ForestDnsZones,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=43e0fd13-3e9e-423e-b391-d90da04b6d26,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test CheckSDRefDom
      Starting test: CrossRefValidation
            For the partition (DC=ForestDnsZones,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=43e0fd13-3e9e-423e-b391-d90da04b6d26,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... ForestDnsZones failed test CrossRefValidation

   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
            For the partition (DC=DomainDnsZones,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=7c9f5c44-5db6-4ec9-841c-2baba64ec0c9,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test CheckSDRefDom
      Starting test: CrossRefValidation
            For the partition (DC=DomainDnsZones,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=7c9f5c44-5db6-4ec9-841c-2baba64ec0c9,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... DomainDnsZones failed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
            For the partition (CN=Schema,CN=Configuration,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... Schema failed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
            For the partition (CN=Configuration,DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... Configuration failed test CrossRefValidation

   Running partition tests on : KTM
      Starting test: CheckSDRefDom
         ......................... KTM passed test CheckSDRefDom
      Starting test: CrossRefValidation
            For the partition (DC=KTM,DC=COM) we encountered the following error retrieving the cross-ref's  (CN=KTM,CN=Partitions,CN=Configuration,DC=KTM,DC=COM) information:
               LDAP Error 0x3a (58).
         ......................... KTM failed test CrossRefValidation

   Running enterprise tests on : KTM.COM
      Test omitted by user request: DNS
      Test omitted by user request: DNS
      Starting test: LocatorCheck
         GC Name: \\PRODDC02-VM.KTM.COM
         Locator Flags: 0xe000f1fc
         Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
         A Primary Domain Controller could not be located.
         The server holding the PDC role is down.
         Time Server Name: \\PRODDC02-VM.KTM.COM
         Locator Flags: 0xe000f1fc
         Preferred Time Server Name: \\PRODDC02-VM.KTM.COM
         Locator Flags: 0xe000f1fc
         KDC Name: \\PRODDC02-VM.KTM.COM
         Locator Flags: 0xe000f1fc
         ......................... KTM.COM failed test LocatorCheck
      Starting test: Intersite
         Skipping site SYDNEY, this site is outside the scope provided by the command line arguments provided.
         ......................... KTM.COM passed test Intersite

Open in new window


FYI, the other DC which holds all FSMO role is still up and running, but why PRODDC02-VM is not able to talk to it ?
See the below screenshot from PRODDC01-VM which is working fine:

PRODDC01-VM diagnostic
0
 
LVL 7

Author Closing Comment

by:Senior IT System Engineer
ID: 41902788
Thanks all !
adding the missing DNS entry in the Name Servers tab resolve this problem.
0

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now