bturnerpcg
asked on
Losing Trust Relationship
Over the last 2 days, I have had client machines lose their trust relationship with the domain.
The machines are a mix of Win10 and Win7 machines connecting to a Windows server 2008 domain controller.
Have a Windows 2008 Server environment with an old 2003 server DC (it can go away if needed) that is having an issue with client machines connecting to the domain and losing their trust relationship.
I am getting 4321 NETBT errors on the primary Win 2008 DC saying "The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer."
I am also getting NETLOGON 5741 errors saying "Netlogon could not register the IPLAW<1B> name for the following reason:
\Device\NetBT_Tcpip_{1A0C2 C27-5B62-4 89A-8578-6 32E175F7CA 9}" Again on the 2008 DC.
I did a restart of the 2003 domain and got an error immediately saying it could not find a domain to connect to. after 3/4 attempts it logged in
What can I do to correct this issue s
I need to fix this and am not sure where to start while making sure I do not lose the domain entirely.
The machines are a mix of Win10 and Win7 machines connecting to a Windows server 2008 domain controller.
Have a Windows 2008 Server environment with an old 2003 server DC (it can go away if needed) that is having an issue with client machines connecting to the domain and losing their trust relationship.
I am getting 4321 NETBT errors on the primary Win 2008 DC saying "The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer."
I am also getting NETLOGON 5741 errors saying "Netlogon could not register the IPLAW<1B> name for the following reason:
\Device\NetBT_Tcpip_{1A0C2
I did a restart of the 2003 domain and got an error immediately saying it could not find a domain to connect to. after 3/4 attempts it logged in
What can I do to correct this issue s
I need to fix this and am not sure where to start while making sure I do not lose the domain entirely.
Run dcdiag /v from both the servers from elevated cmd and post back results here
ASKER
From the 08 Server
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine MM-FS1, is a Directory Server.
Home Server = MM-FS1
* Connecting to directory service on server MM-FS1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=I PLAW,DC=MS MBPATENTLA W,DC=COM,L DAP_SCOPE_ SUBTREE,(o bjectCateg ory=ntDSSi teSettings ),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First- Site-Name, CN=Sites,C N=Configur ation,DC=I PLAW,DC=MS MBPATENTLA W,DC=COM
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld, CN=Sites,C N=Configur ation,DC=I PLAW,DC=MS MBPATENTLA W,DC=COM,L DAP_SCOPE_ SUBTREE,(o bjectClass =ntDSDsa), .......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MM-FS1,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MM-FS2,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MM -FS1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... MM-FS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MM -FS1
Starting test: Advertising
The DC MM-FS1 is advertising itself as a DC and having a DS.
The DC MM-FS1 is advertising as an LDAP server
The DC MM-FS1 is advertising as having a writeable directory
The DC MM-FS1 is advertising as a Key Distribution Center
The DC MM-FS1 is advertising as a time server
The DS MM-FS1 is advertising as a GC.
......................... MM-FS1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 08/22/2019 12:27:18
Event String:
The File Replication Service is having trouble enabling replication from MM-FS2 to MM-FS1 for c:\windows\sysvol\domain using the DNS name MM-FS2.IPLAW.MSMBPATENTLAW .COM. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name MM-FS2.IPLAW.MSMBPATENTLAW .COM from this computer.
[2] FRS is not running on MM-FS2.IPLAW.MSMBPATENTLAW .COM.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... MM-FS1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... MM-FS1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MM-FS1 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An error event occurred. EventID: 0xC00007FA
Time Generated: 08/22/2019 16:39:43
Event String:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object would be recreated in the local Active Directory Domain Services database.
Time of last successful replication:
2019-05-23 15:37:18
Invocation ID of source directory server:
79b96c52-9467-4180-b1c0-f9 74099a6823
Name of source directory server:
79b96c52-9467-4180-b1c0-f9 74099a6823 ._msdcs.IP LAW.MSMBPA TENTLAW.CO M
Tombstone lifetime (days):
60
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControl Set\Servic es\NTDS\Pa rameters\A llow Replication With Divergent and Corrupt Partner
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
......................... MM-FS1 failed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MM-FS1,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM
Role Domain Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role PDC Owner = CN=NTDS Settings,CN=MM-FS1,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM
Role Rid Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
......................... MM-FS1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC MM-FS1 on DC MM-FS1.
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM /IPLAW.MSM BPATENTLAW .COM
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM
* SPN found :LDAP/MM-FS1
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM /IPLAW
* SPN found :LDAP/f78f9a99-c72b-4115-8 41a-9ac468 4ec846._ms dcs.IPLAW. MSMBPATENT LAW.COM
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/f78f9a99 -c72b-4115 -841a-9ac4 684ec846/I PLAW.MSMBP ATENTLAW.C OM
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM /IPLAW.MSM BPATENTLAW .COM
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM
* SPN found :HOST/MM-FS1
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT ENTLAW.COM /IPLAW
* SPN found :GC/MM-FS1.IPLAW.MSMBPATEN TLAW.COM/I PLAW.MSMBP ATENTLAW.C OM
......................... MM-FS1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MM-FS1.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
* Security Permissions Check for
DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
(Configuration,Version 3)
* Security Permissions Check for
DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
(Domain,Version 3)
......................... MM-FS1 failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MM-FS1\netlogon
Verified share \\MM-FS1\sysvol
......................... MM-FS1 passed test NetLogons
Starting test: ObjectsReplicated
MM-FS1 is in domain DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
Checking for CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM in domain DC=IPLAW,DC=MSMBPATENTLAW, DC=COM on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MM-FS1,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM in domain CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM on 1 servers
Object is up-to-date on all servers.
......................... MM-FS1 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 02:47:10.
207 failures have occurred since the last success.
[MM-FS2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 2 (RPC runtime)
Status is 1722 The RPC server is unavailable.
Detection location is 501
NumberOfParameters is 4
Unicode string: ncacn_ip_tcp
Unicode string:
0abf6cef-e857-4feb-9cf4-d0 b8fb90ceff ._msdcs.IP LAW.MSMBPA TENTLAW.CO M
Long val: -481213899
Long val: 1722
Error Record 2, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1722 The RPC server is unavailable.
Detection location is 1442
NumberOfParameters is 1
Unicode string:
0abf6cef-e857-4feb-9cf4-d0 b8fb90ceff ._msdcs.IP LAW.MSMBPA TENTLAW.CO M
Error Record 3, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1722 The RPC server is unavailable.
Detection location is 323
Error Record 4, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1237
The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 5, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 10060
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 6, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 10060
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-05-23 14:55:13.
2192 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 03:17:01.
207 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-05-23 14:55:07.
2204 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context:
CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:14.
The last success occurred at 2019-05-23 14:54:58.
2192 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context:
CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-08-14 02:47:10.
207 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:52:14.
The last success occurred at 2019-08-14 03:06:54.
206 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:29:09.
The last success occurred at 2019-05-23 15:04:11.
2252 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 03:18:26.
207 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:43:48.
The last success occurred at 2019-05-23 15:37:18.
3301 failures have occurred since the last success.
......................... MM-FS1 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2605 to 1073741823
* ROOT.IPLAW.MSMBPATENTLAW.C OM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1605 to 2104
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1629
......................... MM-FS1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MM-FS1 passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:31:59
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:44:12
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:45:44
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:45:55
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:06
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:17
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:28
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
......................... MM-FS1 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM and
backlink on
CN=MM-FS1,CN=Servers,CN=De fault-Firs t-Site-Nam e,CN=Sites ,CN=Config uration,DC =IPLAW,DC= MSMBPATENT LAW,DC=COM
are correct.
The system object reference (serverReferenceBL)
CN=MM-FS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
and backlink on
CN=NTDS Settings,CN=MM-FS1,CN=Serv ers,CN=Def ault-First -Site-Name ,CN=Sites, CN=Configu ration,DC= IPLAW,DC=M SMBPATENTL AW,DC=COM
are correct.
The system object reference (frsComputerReferenceBL)
CN=MM-FS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
and backlink on
CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM are
correct.
......................... MM-FS1 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : IPLAW
Starting test: CheckSDRefDom
......................... IPLAW passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... IPLAW passed test CrossRefValidation
Running enterprise tests on : IPLAW.MSMBPATENTLAW.COM
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\MM-FS1.IPLAW.MSMBPATENTL AW.COM
Locator Flags: 0xe00031fd
PDC Name: \\MM-FS1.IPLAW.MSMBPATENTL AW.COM
Locator Flags: 0xe00031fd
Time Server Name: \\MM-FS1.IPLAW.MSMBPATENTL AW.COM
Locator Flags: 0xe00031fd
Preferred Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW .COM
Locator Flags: 0xe00003f9
KDC Name: \\MM-FS1.IPLAW.MSMBPATENTL AW.COM
Locator Flags: 0xe00031fd
......................... IPLAW.MSMBPATENTLAW.COM passed test
LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... IPLAW.MSMBPATENTLAW.COM passed test
Intersite
From the 03 Server
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine ROOT, is a DC.
* Connecting to directory service on server ROOT.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RO OT
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ROOT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RO OT
Starting test: Replications
* Replications Check
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
[MM-FS2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
50 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
61 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
50 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:29.
The last success occurred at 2019-05-23 15:03:55.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:11:51.
The last success occurred at 2019-05-23 15:03:53.
113 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 15:37:17.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:48:33.
The last success occurred at 2019-05-23 15:37:03.
8572 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
ROOT: Current time is 2019-08-22 16:48:22.
DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
Last replication recieved from MM-FS2 at 2019-05-23 15:03:55.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 15:03:53.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
Last replication recieved from MM-FS2 at 2019-05-23 15:37:17.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 15:37:16.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
* Replication Site Latency Check
......................... ROOT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ROOT.
* Security Permissions Check for
DC=ForestDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration ,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM
(Configuration,Version 2)
* Security Permissions Check for
DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
(Domain,Version 2)
......................... ROOT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ROOT\netlogon
Verified share \\ROOT\sysvol
......................... ROOT passed test NetLogons
Starting test: Advertising
The DC ROOT is advertising itself as a DC and having a DS.
The DC ROOT is advertising as an LDAP server
The DC ROOT is advertising as having a writeable directory
The DC ROOT is advertising as a Key Distribution Center
The DC ROOT is advertising as a time server
......................... ROOT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role Domain Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role PDC Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role Rid Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
......................... ROOT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2605 to 1073741823
* ROOT.IPLAW.MSMBPATENTLAW.C OM is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1105 to 1604
* rIDPreviousAllocationPool is 1105 to 1604
* rIDNextRID: 1271
......................... ROOT passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ROOT on DC ROOT.
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN TLAW.COM/I PLAW.MSMBP ATENTLAW.C OM
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN TLAW.COM
* SPN found :LDAP/ROOT
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN TLAW.COM/I PLAW
* SPN found :LDAP/79b96c52-9467-4180-b 1c0-f97409 9a6823._ms dcs.IPLAW. MSMBPATENT LAW.COM
* SPN found :E3514235-4B06-11D1-AB04-0 0C04FC2DCD 2/79b96c52 -9467-4180 -b1c0-f974 099a6823/I PLAW.MSMBP ATENTLAW.C OM
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN TLAW.COM/I PLAW.MSMBP ATENTLAW.C OM
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN TLAW.COM
* SPN found :HOST/ROOT
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN TLAW.COM/I PLAW
* SPN found :GC/ROOT.IPLAW.MSMBPATENTL AW.COM/IPL AW.MSMBPAT ENTLAW.COM
......................... ROOT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ROOT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ROOT is in domain DC=IPLAW,DC=MSMBPATENTLAW, DC=COM
Checking for CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM in domain DC=IPLAW,DC=MSMBPATENTLAW, DC=COM on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM in domain CN=Configuration,DC=IPLAW, DC=MSMBPAT ENTLAW,DC= COM on 1 servers
Object is up-to-date on all servers.
......................... ROOT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ROOT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/22/2019 14:15:45
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/22/2019 14:15:45
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C5
Time Generated: 08/22/2019 14:17:11
(Event String could not be retrieved)
......................... ROOT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ROOT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ROOT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM and
backlink on
CN=ROOT,CN=Servers,CN=Defa ult-First- Site-Name, CN=Sites,C N=Configur ation,DC=I PLAW,DC=MS MBPATENTLA W,DC=COM
are correct.
The system object reference (frsComputerReferenceBL)
CN=ROOT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
and backlink on
CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS MBPATENTLA W,DC=COM are
correct.
The system object reference (serverReferenceBL)
CN=ROOT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW ,DC=MSMBPA TENTLAW,DC =COM
and backlink on
CN=NTDS Settings,CN=ROOT,CN=Server s,CN=Defau lt-First-S ite-Name,C N=Sites,CN =Configura tion,DC=IP LAW,DC=MSM BPATENTLAW ,DC=COM
are correct.
......................... ROOT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : IPLAW
Starting test: CrossRefValidation
......................... IPLAW passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... IPLAW passed test CheckSDRefDom
Running enterprise tests on : IPLAW.MSMBPATENTLAW.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... IPLAW.MSMBPATENTLAW.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\MM-FS1.IPLAW.MSMBPATENTL AW.COM
Locator Flags: 0xe00031fd
PDC Name: \\ROOT.IPLAW.MSMBPATENTLAW .COM
Locator Flags: 0xe00003f9
Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW .COM
Locator Flags: 0xe00003f9
Preferred Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW .COM
Locator Flags: 0xe00003f9
KDC Name: \\ROOT.IPLAW.MSMBPATENTLAW .COM
Locator Flags: 0xe00003f9
......................... IPLAW.MSMBPATENTLAW.COM passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine MM-FS1, is a Directory Server.
Home Server = MM-FS1
* Connecting to directory service on server MM-FS1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=ROOT,CN=Server
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MM-FS1,CN=Serv
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=MM-FS2,CN=Serv
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\MM
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... MM-FS1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\MM
Starting test: Advertising
The DC MM-FS1 is advertising itself as a DC and having a DS.
The DC MM-FS1 is advertising as an LDAP server
The DC MM-FS1 is advertising as having a writeable directory
The DC MM-FS1 is advertising as a Key Distribution Center
The DC MM-FS1 is advertising as a time server
The DS MM-FS1 is advertising as a GC.
......................... MM-FS1 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x800034C4
Time Generated: 08/22/2019 12:27:18
Event String:
The File Replication Service is having trouble enabling replication from MM-FS2 to MM-FS1 for c:\windows\sysvol\domain using the DNS name MM-FS2.IPLAW.MSMBPATENTLAW
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name MM-FS2.IPLAW.MSMBPATENTLAW
[2] FRS is not running on MM-FS2.IPLAW.MSMBPATENTLAW
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... MM-FS1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... MM-FS1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MM-FS1 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An error event occurred. EventID: 0xC00007FA
Time Generated: 08/22/2019 16:39:43
Event String:
It has been too long since this machine last replicated with the named source machine. The time between replications with this source has exceeded the tombstone lifetime. Replication has been stopped with this source.
The reason that replication is not allowed to continue is that the two DCs may contain lingering objects. Objects that have been deleted and garbage collected from an Active Directory Domain Services partition but still exist in the writable partitions of other DCs in the same domain, or read-only partitions of global catalog servers in other domains in the forest are known as "lingering objects". If the local destination DC was allowed to replicate with the source DC, these potential lingering object would be recreated in the local Active Directory Domain Services database.
Time of last successful replication:
2019-05-23 15:37:18
Invocation ID of source directory server:
79b96c52-9467-4180-b1c0-f9
Name of source directory server:
79b96c52-9467-4180-b1c0-f9
Tombstone lifetime (days):
60
The replication operation has failed.
User Action:
The action plan to recover from this error can be found at http://support.microsoft.com/?id=314282.
If both the source and destination DCs are Windows Server 2003 DCs, then install the support tools included on the installation CD. To see which objects would be deleted without actually performing the deletion run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC> /ADVISORY_MODE". The eventlogs on the source DC will enumerate all lingering objects. To remove lingering objects from a source domain controller run "repadmin /removelingeringobjects <Source DC> <Destination DC DSA GUID> <NC>".
If either source or destination DC is a Windows 2000 Server DC, then more information on how to remove lingering objects on the source DC can be found at http://support.microsoft.com/?id=314282 or from your Microsoft support personnel.
If you need Active Directory Domain Services replication to function immediately at all costs and don't have time to remove lingering objects, enable replication by setting the following registry key to a non-zero value:
Registry Key:
HKLM\System\CurrentControl
Replication errors between DCs sharing a common partition can prevent user and compter acounts, trust relationships, their passwords, security groups, security group memberships and other Active Directory Domain Services configuration data to vary between DCs, affecting the ability to log on, find objects of interest and perform other critical operations. These inconsistencies are resolved once replication errors are resolved. DCs that fail to inbound replicate deleted objects within tombstone lifetime number of days will remain inconsistent until lingering objects are manually removed by an administrator from each local DC. Additionally, replication may continue to be blocked after this registry key is set, depending on whether lingering objects are located immediately.
Alternate User Action:
Force demote or reinstall the DC(s) that were disconnected.
......................... MM-FS1 failed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MM-FS1,CN=Serv
Role Domain Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role PDC Owner = CN=NTDS Settings,CN=MM-FS1,CN=Serv
Role Rid Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ROOT,CN=Server
......................... MM-FS1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC MM-FS1 on DC MM-FS1.
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT
* SPN found :LDAP/MM-FS1
* SPN found :LDAP/MM-FS1.IPLAW.MSMBPAT
* SPN found :LDAP/f78f9a99-c72b-4115-8
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT
* SPN found :HOST/MM-FS1
* SPN found :HOST/MM-FS1.IPLAW.MSMBPAT
* SPN found :GC/MM-FS1.IPLAW.MSMBPATEN
......................... MM-FS1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MM-FS1.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=IPLAW
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=IPLAW
* Security Permissions Check for
DC=DomainDnsZones,DC=IPLAW
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=IPLAW
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=IPLAW,
(Configuration,Version 3)
* Security Permissions Check for
DC=IPLAW,DC=MSMBPATENTLAW,
(Domain,Version 3)
......................... MM-FS1 failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MM-FS1\netlogon
Verified share \\MM-FS1\sysvol
......................... MM-FS1 passed test NetLogons
Starting test: ObjectsReplicated
MM-FS1 is in domain DC=IPLAW,DC=MSMBPATENTLAW,
Checking for CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MM-FS1,CN=Serv
Object is up-to-date on all servers.
......................... MM-FS1 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=ForestDnsZones,DC=IPLAW
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 02:47:10.
207 failures have occurred since the last success.
[MM-FS2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 2 (RPC runtime)
Status is 1722 The RPC server is unavailable.
Detection location is 501
NumberOfParameters is 4
Unicode string: ncacn_ip_tcp
Unicode string:
0abf6cef-e857-4feb-9cf4-d0
Long val: -481213899
Long val: 1722
Error Record 2, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1722 The RPC server is unavailable.
Detection location is 1442
NumberOfParameters is 1
Unicode string:
0abf6cef-e857-4feb-9cf4-d0
Error Record 3, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1722 The RPC server is unavailable.
Detection location is 323
Error Record 4, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 1237
The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 5, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 10060
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 6, ProcessID is 2812
(DcDiag)
System Time is: 8/22/2019 20:48:0:176
Generating component is 18 (unknown)
Status is 10060
A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=ForestDnsZones,DC=IPLAW
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-05-23 14:55:13.
2192 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=DomainDnsZones,DC=IPLAW
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 03:17:01.
207 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=DomainDnsZones,DC=IPLAW
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-05-23 14:55:07.
2204 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:52:14.
The last success occurred at 2019-05-23 14:54:58.
2192 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context:
CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:52:35.
The last success occurred at 2019-08-14 02:47:10.
207 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: CN=Configuration,DC=IPLAW,
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:52:14.
The last success occurred at 2019-08-14 03:06:54.
206 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: CN=Configuration,DC=IPLAW,
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:29:09.
The last success occurred at 2019-05-23 15:04:11.
2252 failures have occurred since the last success.
[Replications Check,MM-FS1] A recent replication attempt failed:
From MM-FS2 to MM-FS1
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW,
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:51:53.
The last success occurred at 2019-08-14 03:18:26.
207 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,MM-FS1] A recent replication attempt failed:
From ROOT to MM-FS1
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW,
The replication generated an error (8614):
The directory service cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:43:48.
The last success occurred at 2019-05-23 15:37:18.
3301 failures have occurred since the last success.
......................... MM-FS1 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2605 to 1073741823
* ROOT.IPLAW.MSMBPATENTLAW.C
* DsBind with RID Master was successful
* rIDAllocationPool is 1605 to 2104
* rIDPreviousAllocationPool is 1605 to 2104
* rIDNextRID: 1629
......................... MM-FS1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MM-FS1 passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:31:59
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:44:12
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:45:44
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:45:55
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:06
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:17
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
An error event occurred. EventID: 0xC00010E1
Time Generated: 08/22/2019 16:46:28
Event String:
The name "IPLAW :1b" could not be registered on the interface with IP address 192.168.1.6. The computer with the IP address 192.168.1.2 did not allow the name to be claimed by this computer.
......................... MM-FS1 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS
backlink on
CN=MM-FS1,CN=Servers,CN=De
are correct.
The system object reference (serverReferenceBL)
CN=MM-FS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW
and backlink on
CN=NTDS Settings,CN=MM-FS1,CN=Serv
are correct.
The system object reference (frsComputerReferenceBL)
CN=MM-FS1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW
and backlink on
CN=MM-FS1,OU=Domain Controllers,DC=IPLAW,DC=MS
correct.
......................... MM-FS1 passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : IPLAW
Starting test: CheckSDRefDom
......................... IPLAW passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... IPLAW passed test CrossRefValidation
Running enterprise tests on : IPLAW.MSMBPATENTLAW.COM
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\MM-FS1.IPLAW.MSMBPATENTL
Locator Flags: 0xe00031fd
PDC Name: \\MM-FS1.IPLAW.MSMBPATENTL
Locator Flags: 0xe00031fd
Time Server Name: \\MM-FS1.IPLAW.MSMBPATENTL
Locator Flags: 0xe00031fd
Preferred Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW
Locator Flags: 0xe00003f9
KDC Name: \\MM-FS1.IPLAW.MSMBPATENTL
Locator Flags: 0xe00031fd
......................... IPLAW.MSMBPATENTLAW.COM passed test
LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... IPLAW.MSMBPATENTLAW.COM passed test
Intersite
From the 03 Server
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine ROOT, is a DC.
* Connecting to directory service on server ROOT.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\RO
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ROOT passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\RO
Starting test: Replications
* Replications Check
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=ForestDnsZones,DC=IPLAW
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
[MM-FS2] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.
Detection location is 323
Error Record 2, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A retry should be performed.
Detection location is 313
Error Record 3, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 3708 (DcDiag)
System Time is: 8/22/2019 20:48:44:15
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.
Detection location is 318
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=ForestDnsZones,DC=IPLAW
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
50 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=DomainDnsZones,DC=IPLAW
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=DomainDnsZones,DC=IPLAW
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
61 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: CN=Schema,CN=Configuration
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 15:54:50.
The last success occurred at 2019-05-23 14:58:37.
50 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: CN=Configuration,DC=IPLAW,
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:29.
The last success occurred at 2019-05-23 15:03:55.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: CN=Configuration,DC=IPLAW,
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:11:51.
The last success occurred at 2019-05-23 15:03:53.
113 failures have occurred since the last success.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS2 to ROOT
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW,
The replication generated an error (1722):
The RPC server is unavailable.
The failure occurred at 2019-08-22 15:54:08.
The last success occurred at 2019-05-23 15:37:17.
49 failures have occurred since the last success.
The source remains down. Please check the machine.
[Replications Check,ROOT] A recent replication attempt failed:
From MM-FS1 to ROOT
Naming Context: DC=IPLAW,DC=MSMBPATENTLAW,
The replication generated an error (8614):
The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime.
The failure occurred at 2019-08-22 16:48:33.
The last success occurred at 2019-05-23 15:37:03.
8572 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
ROOT: Current time is 2019-08-22 16:48:22.
DC=ForestDnsZones,DC=IPLAW
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=IPLAW
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration
Last replication recieved from MM-FS2 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 14:58:37.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=IPLAW,
Last replication recieved from MM-FS2 at 2019-05-23 15:03:55.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 15:03:53.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=IPLAW,DC=MSMBPATENTLAW,
Last replication recieved from MM-FS2 at 2019-05-23 15:37:17.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
Last replication recieved from MM-FS1 at 2019-05-23 15:37:16.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
* Replication Site Latency Check
......................... ROOT passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ROOT.
* Security Permissions Check for
DC=ForestDnsZones,DC=IPLAW
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=IPLAW
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=IPLAW,
(Configuration,Version 2)
* Security Permissions Check for
DC=IPLAW,DC=MSMBPATENTLAW,
(Domain,Version 2)
......................... ROOT passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ROOT\netlogon
Verified share \\ROOT\sysvol
......................... ROOT passed test NetLogons
Starting test: Advertising
The DC ROOT is advertising itself as a DC and having a DS.
The DC ROOT is advertising as an LDAP server
The DC ROOT is advertising as having a writeable directory
The DC ROOT is advertising as a Key Distribution Center
The DC ROOT is advertising as a time server
......................... ROOT passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role Domain Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role PDC Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role Rid Owner = CN=NTDS Settings,CN=ROOT,CN=Server
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ROOT,CN=Server
......................... ROOT passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2605 to 1073741823
* ROOT.IPLAW.MSMBPATENTLAW.C
* DsBind with RID Master was successful
* rIDAllocationPool is 1105 to 1604
* rIDPreviousAllocationPool is 1105 to 1604
* rIDNextRID: 1271
......................... ROOT passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ROOT on DC ROOT.
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN
* SPN found :LDAP/ROOT
* SPN found :LDAP/ROOT.IPLAW.MSMBPATEN
* SPN found :LDAP/79b96c52-9467-4180-b
* SPN found :E3514235-4B06-11D1-AB04-0
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN
* SPN found :HOST/ROOT
* SPN found :HOST/ROOT.IPLAW.MSMBPATEN
* SPN found :GC/ROOT.IPLAW.MSMBPATENTL
......................... ROOT passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ROOT passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ROOT is in domain DC=IPLAW,DC=MSMBPATENTLAW,
Checking for CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ROOT,CN=Server
Object is up-to-date on all servers.
......................... ROOT passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ROOT passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/22/2019 14:15:45
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/22/2019 14:15:45
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C5
Time Generated: 08/22/2019 14:17:11
(Event String could not be retrieved)
......................... ROOT failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... ROOT passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... ROOT passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS
backlink on
CN=ROOT,CN=Servers,CN=Defa
are correct.
The system object reference (frsComputerReferenceBL)
CN=ROOT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW
and backlink on
CN=ROOT,OU=Domain Controllers,DC=IPLAW,DC=MS
correct.
The system object reference (serverReferenceBL)
CN=ROOT,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=IPLAW
and backlink on
CN=NTDS Settings,CN=ROOT,CN=Server
are correct.
......................... ROOT passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : IPLAW
Starting test: CrossRefValidation
......................... IPLAW passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... IPLAW passed test CheckSDRefDom
Running enterprise tests on : IPLAW.MSMBPATENTLAW.COM
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... IPLAW.MSMBPATENTLAW.COM passed test Intersite
Starting test: FsmoCheck
GC Name: \\MM-FS1.IPLAW.MSMBPATENTL
Locator Flags: 0xe00031fd
PDC Name: \\ROOT.IPLAW.MSMBPATENTLAW
Locator Flags: 0xe00003f9
Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW
Locator Flags: 0xe00003f9
Preferred Time Server Name: \\ROOT.IPLAW.MSMBPATENTLAW
Locator Flags: 0xe00003f9
KDC Name: \\ROOT.IPLAW.MSMBPATENTLAW
Locator Flags: 0xe00003f9
......................... IPLAW.MSMBPATENTLAW.COM passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
How many total DCs you have?
Ping this: got from above tests
79b96c52-9467-4180-b1c0-f9 74099a6823 ._msdcs.IP LAW.MSMBPA TENTLAW.CO M
It is resolving to any working DC...this is stale DC, it must be already removed from network but did not cleaned up from AD
Clean-up AD for this stale DC and then check
Ping this: got from above tests
79b96c52-9467-4180-b1c0-f9
It is resolving to any working DC...this is stale DC, it must be already removed from network but did not cleaned up from AD
Clean-up AD for this stale DC and then check
ASKER
I have 3 DCs. 2 Win08 and 1 Win2K3. I am having an issue with contacting the other 2008 server. If one is down could this be causing the issue?
Can you check my last comment
When you said one is down, how many days it down
Tests showing that one dc is down more than 60 days
When you said one is down, how many days it down
Tests showing that one dc is down more than 60 days
ASKER
Yeah I just tried to get to the other 2008 DC and it is down with a bad hard drive. It was a just a spare machine so it was never really checked or backed up
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Going to do that should I also remove the one that is not allowing the primary 2008 server from capturing the IPLAW domain name?
1st clean up metadata for dc highlighted earlier
Then check if remaining DCs can replicate each other
Then check if remaining DCs can replicate each other
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Accept: 'Mahesh' (https:#a42929356)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer
I have recommended this question be closed as follows:
Accept: 'Mahesh' (https:#a42929356)
If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
seth2740
Experts-Exchange Cleanup Volunteer