Active Directory problems/dcdiag error
in [Windows Servers]
|
Prev: CAL's
Next: File Has No Owner, Cannot Be Deleted
From: Wael on 23 Mar 2010 13:44 I have some problems when i do dcdiag. In the directory service I have a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles on the MS Websites, but still can't figure out how to resolve the problem. We have two locations connected over the internet with two VPN servers. One of the sites has a slow 5MB DSL connection. Also notice the Time service error at the end. Any help is appreciated. Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Location1\MyServer1 Starting test: Connectivity .......................... MyServer1 passed test Connectivity Doing primary tests Testing server: Location1\MyServer1 Starting test: Replications .......................... MyServer1 passed test Replications Starting test: NCSecDesc .......................... MyServer1 passed test NCSecDesc Starting test: NetLogons .......................... MyServer1 passed test NetLogons Starting test: Advertising Warning: MyServer1 is not advertising as a time server. .......................... MyServer1 failed test Advertising Starting test: KnowsOfRoleHolders .......................... MyServer1 passed test KnowsOfRoleHolders Starting test: RidManager .......................... MyServer1 passed test RidManager Starting test: MachineAccount .......................... MyServer1 passed test MachineAccount Starting test: Services Could not open IsmServ Service on [MyServer1]:failed with 1060: The specified service does not exist as an installed service. .......................... MyServer1 failed test Services Starting test: ObjectsReplicated .......................... MyServer1 passed test ObjectsReplicated Starting test: frssysvol .......................... MyServer1 passed test frssysvol Starting test: frsevent .......................... MyServer1 passed test frsevent Starting test: kccevent An Error Event occured. EventID: 0xC0000520 Time Generated: 03/22/2010 14:39:41 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/22/2010 14:39:41 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/22/2010 14:39:41 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/22/2010 14:39:41 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/22/2010 14:39:41 Event String: The Knowledge Consistency Checker (KCC) was .......................... MyServer1 failed test kccevent Starting test: systemlog .......................... MyServer1 passed test systemlog Starting test: VerifyReferences .......................... MyServer1 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation .......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom .......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation .......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom .......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation .......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom .......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation .......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom .......................... Configuration passed test CheckSDRefDom Running partition tests on : MyOrganization Starting test: CrossRefValidation .......................... MyOrganization passed test CrossRefValidation Starting test: CheckSDRefDom .......................... MyOrganization passed test CheckSDRefDom Running enterprise tests on : MyOrganization.local Starting test: Intersite .......................... MyOrganization.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. .......................... MyOrganization.local failed test FsmoCheck
From: kj [SBS MVP] on 23 Mar 2010 15:20 Run the test using; dcdiag /c /v /e just by chance are you using Small Business Server for one of your 'sites'? and do you have seperate domain controllers in each of the sites? ISMserv and a fucntioning PDCe role seems to be the heart of the issue. Wael wrote: > I have some problems when i do dcdiag. In the directory service I have > a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles on the > MS Websites, but still can't figure out how to resolve the problem. We > have two locations connected over the internet with two VPN servers. > One of the sites has a slow 5MB DSL connection. > > Also notice the Time service error at the end. > > Any help is appreciated. > > Domain Controller Diagnosis > > Performing initial setup: > Done gathering initial info. > > Doing initial required tests > > Testing server: Location1\MyServer1 > Starting test: Connectivity > ......................... MyServer1 passed test Connectivity > > Doing primary tests > > Testing server: Location1\MyServer1 > Starting test: Replications > ......................... MyServer1 passed test Replications > Starting test: NCSecDesc > ......................... MyServer1 passed test NCSecDesc > Starting test: NetLogons > ......................... MyServer1 passed test NetLogons > Starting test: Advertising > Warning: MyServer1 is not advertising as a time server. > ......................... MyServer1 failed test Advertising > Starting test: KnowsOfRoleHolders > ......................... MyServer1 passed test KnowsOfRoleHolders > Starting test: RidManager > ......................... MyServer1 passed test RidManager > Starting test: MachineAccount > ......................... MyServer1 passed test MachineAccount > Starting test: Services > Could not open IsmServ Service on [MyServer1]:failed with 1060: The > specified service does not exist as an installed service. > ......................... MyServer1 failed test Services > Starting test: ObjectsReplicated > ......................... MyServer1 passed test ObjectsReplicated > Starting test: frssysvol > ......................... MyServer1 passed test frssysvol > Starting test: frsevent > ......................... MyServer1 passed test frsevent > Starting test: kccevent > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/22/2010 14:39:41 > Event String: A call to the Intersite Messaging service that > > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) has > > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) was > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/22/2010 14:39:41 > Event String: A call to the Intersite Messaging service that > > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) has > > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) was > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/22/2010 14:39:41 > Event String: A call to the Intersite Messaging service that > > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) has > > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) was > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/22/2010 14:39:41 > Event String: A call to the Intersite Messaging service that > > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) has > > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/22/2010 14:39:41 > Event String: The Knowledge Consistency Checker (KCC) was > > ......................... MyServer1 failed test kccevent > Starting test: systemlog > ......................... MyServer1 passed test systemlog > Starting test: VerifyReferences > ......................... MyServer1 passed test VerifyReferences > > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test CheckSDRefDom > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : MyOrganization > Starting test: CrossRefValidation > ......................... MyOrganization passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... MyOrganization passed test CheckSDRefDom > > Running enterprise tests on : MyOrganization.local > Starting test: Intersite > ......................... MyOrganization.local passed test Intersite > Starting test: FsmoCheck > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error > 1355 > A Good Time Server could not be located. > ......................... MyOrganization.local failed test FsmoCheck -- /kj
From: Wael on 23 Mar 2010 16:55 There you go. One of the servers is an SBS and yes i have another domain controller in the branch office. The DC is a member server (obviously) ipconfig /all (SBS) Windows IP Configuration Host Name . . . . . . . . . . . . : Server1 Primary Dns Suffix . . . . . . . : MyOrganization.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : MyOrganization.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8169 Gigabit Ethernet Adapter Physical Address. . . . . . . . . : 00-18-E7-16-B4-0D DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.168.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.168.81 DNS Servers . . . . . . . . . . . : 192.168.168.1 Primary WINS Server . . . . . . . : 192.168.168.1 ----------------------------------------- ipconfig /all on the member domain controller Windows IP Configuration Host Name . . . . . . . . . . . . : Server2 Primary Dns Suffix . . . . . . . : MyOrganization.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : MyOrganization.local Ethernet adapter LAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-14-22-78-06-EE DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.169.2 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.169.19 DNS Servers . . . . . . . . . . . : 192.168.168.1 Primary WINS Server . . . . . . . : 192.168.169.2 Ethernet adapter WAN: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port Server Adapter Physical Address. . . . . . . . . : 00-04-23-C2-4A-0E DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : No IP Address. . . . . . . . . . . . : 0.0.0.0 Subnet Mask . . . . . . . . . . . : 0.0.0.0 Default Gateway . . . . . . . . . : DHCP Server . . . . . . . . . . . : 0.0.0.0 NetBIOS over Tcpip. . . . . . . . : Disabled ----------------------------------------- Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine Server1, is a DC. * Connecting to directory service on server Server1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 2 of them. Done gathering initial info. Doing initial required tests Testing server: Location1\Server1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... Server1 passed test Connectivity Testing server: Branch-Office\Server2 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... Server2 passed test Connectivity Doing primary tests Testing server: Location1\Server1 Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... Server1 passed test Replications Starting test: Topology * Configuration Topology Integrity Check [Topology Integrity Check,Server1] Intra-site topology generation is disabled in this site. * Analyzing the connection topology for DC=ForestDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... Server1 passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... Server1 passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC Server1. * Security Permissions Check for DC=ForestDnsZones,DC=MyOrganization,DC=local (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=MyOrganization,DC=local (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=MyOrganization,DC=local (Configuration,Version 2) * Security Permissions Check for DC=MyOrganization,DC=local (Domain,Version 2) ......................... Server1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\Server1\netlogon Verified share \\Server1\sysvol ......................... Server1 passed test NetLogons Starting test: Advertising The DC Server1 is advertising itself as a DC and having a DS. The DC Server1 is advertising as an LDAP server The DC Server1 is advertising as having a writeable directory The DC Server1 is advertising as a Key Distribution Center Warning: Server1 is not advertising as a time server. The DS Server1 is advertising as a GC. ......................... Server1 failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Domain Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role PDC Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Rid Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local ......................... Server1 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 6609 to 1073741823 * Server1.MyOrganization.local is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 5609 to 6108 * rIDPreviousAllocationPool is 4109 to 4608 * rIDNextRID: 4485 ......................... Server1 passed test RidManager Starting test: MachineAccount Checking machine account for DC Server1 on DC Server1. * SPN found :LDAP/Server1.MyOrganization.local/ MyOrganization.local * SPN found :LDAP/Server1.MyOrganization.local * SPN found :LDAP/Server1 * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization * SPN found :LDAP/c022f83e- c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- c0aa-451c-8fa4-2a089356de62/MyOrganization.local * SPN found :HOST/Server1.MyOrganization.local/ MyOrganization.local * SPN found :HOST/Server1.MyOrganization.local * SPN found :HOST/Server1 * SPN found :HOST/Server1.MyOrganization.local/MyOrganization * SPN found :GC/Server1.MyOrganization.local/ MyOrganization.local ......................... Server1 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ Could not open IsmServ Service on [Server1]:failed with 1060: The specified service does not exist as an installed service. * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... Server1 failed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... Server1 passed test OutboundSecureChannels Starting test: ObjectsReplicated Server1 is in domain DC=MyOrganization,DC=local Checking for CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local in domain DC=MyOrganization,DC=local on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local in domain CN=Configuration,DC=MyOrganization,DC=local on 2 servers Object is up-to-date on all servers. ......................... Server1 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... Server1 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... Server1 passed test frsevent Starting test: kccevent * The KCC Event log test An Error Event occured. EventID: 0xC0000520 Time Generated: 03/23/2010 16:39:59 Event String: A call to the Intersite Messaging service that specifies the following transport failed. Transport: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local As a result, the Knowledge Consistency Checker (KCC) cannot configure a correct intersite replication topology. User Action Verify that the Intersite Messaging service is running. Additional Data Error value: 1722 The RPC server is unavailable. An Error Event occured. EventID: 0xC000051F Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: DC=MyOrganization,DC=local There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site. If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers. An Warning Event occured. EventID: 0x80000749 Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. Sites: CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local An Error Event occured. EventID: 0xC0000520 Time Generated: 03/23/2010 16:39:59 Event String: A call to the Intersite Messaging service that specifies the following transport failed. Transport: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local As a result, the Knowledge Consistency Checker (KCC) cannot configure a correct intersite replication topology. User Action Verify that the Intersite Messaging service is running. Additional Data Error value: 1722 The RPC server is unavailable. An Error Event occured. EventID: 0xC000051F Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: DC=ForestDnsZones,DC=MyOrganization,DC=local There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site. If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers. An Warning Event occured. EventID: 0x80000749 Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. Sites: CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local An Error Event occured. EventID: 0xC0000520 Time Generated: 03/23/2010 16:39:59 Event String: A call to the Intersite Messaging service that specifies the following transport failed. Transport: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local As a result, the Knowledge Consistency Checker (KCC) cannot configure a correct intersite replication topology. User Action Verify that the Intersite Messaging service is running. Additional Data Error value: 1722 The RPC server is unavailable. An Error Event occured. EventID: 0xC000051F Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: DC=DomainDnsZones,DC=MyOrganization,DC=local There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site. If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers. An Warning Event occured. EventID: 0x80000749 Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. Sites: CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local An Error Event occured. EventID: 0xC0000520 Time Generated: 03/23/2010 16:39:59 Event String: A call to the Intersite Messaging service that specifies the following transport failed. Transport: CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local As a result, the Knowledge Consistency Checker (KCC) cannot configure a correct intersite replication topology. User Action Verify that the Intersite Messaging service is running. Additional Data Error value: 1722 The RPC server is unavailable. An Error Event occured. EventID: 0xC000051F Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition. Directory partition: CN=Configuration,DC=MyOrganization,DC=local There is insufficient site connectivity information in Active Directory Sites and Services for the KCC to create a spanning tree replication topology. Or, one or more domain controllers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible domain controllers. User Action Use Active Directory Sites and Services to perform one of the following actions: - Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option. - Add a Connection object to a domain controller that contains the directory partition in this site from a domain controller that contains the same directory partition in another site. If neither of the Active Directory Sites and Services tasks correct this condition, see previous events logged by the KCC that identify the inaccessible domain controllers. An Warning Event occured. EventID: 0x80000749 Time Generated: 03/23/2010 16:39:59 Event String: The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site. Sites: CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local ......................... Server1 failed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0xC0002720 Time Generated: 03/23/2010 16:12:57 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:07 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:07 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:08 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:09 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:09 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:10 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:14 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/23/2010 16:43:31 (Event String could not be retrieved) ......................... Server1 failed test systemlog Starting test: VerifyReplicas ......................... Server1 passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local and backlink on CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local are correct. The system object reference (frsComputerReferenceBL) CN={5af2cfd7-dc82-4e9a-9650-6ac3571706a3},CN=DFSDomainRoot| DFSLink1,CN=LostAndFound,DC=MyOrganization,DC=local and backlink on CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local are correct. The system object reference (serverReferenceBL) CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=MyOrganization,DC=local and backlink on CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local are correct. ......................... Server1 passed test VerifyReferences Starting test: VerifyEnterpriseReferences ......................... Server1 passed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC Server1 for domain MyOrganization.local in site Location1 Checking machine account for DC Server1 on DC Server1. * SPN found :LDAP/Server1.MyOrganization.local/ MyOrganization.local * SPN found :LDAP/Server1.MyOrganization.local * SPN found :LDAP/Server1 * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization * SPN found :LDAP/c022f83e- c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- c0aa-451c-8fa4-2a089356de62/MyOrganization.local * SPN found :HOST/Server1.MyOrganization.local/ MyOrganization.local * SPN found :HOST/Server1.MyOrganization.local * SPN found :HOST/Server1 * SPN found :HOST/Server1.MyOrganization.local/MyOrganization * SPN found :GC/Server1.MyOrganization.local/ MyOrganization.local [Server1] No security related replication errors were found on this DC! To target the connection to a specific source DC use / ReplSource:<DC>. ......................... Server1 passed test CheckSecurityError Testing server: Branch-Office\Server2 Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=MyOrganization,DC=local Latency information for 4 entries in the vector were ignored. 4 were retired Invocations. 0 were either: read- only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... Server2 passed test Replications Starting test: Topology * Configuration Topology Integrity Check [Topology Integrity Check,Server2] Intra-site topology generation is disabled in this site. * Analyzing the connection topology for DC=ForestDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... Server2 passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=MyOrganization,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... Server2 passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC Server2. * Security Permissions Check for DC=ForestDnsZones,DC=MyOrganization,DC=local (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=MyOrganization,DC=local (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=MyOrganization,DC=local (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=MyOrganization,DC=local (Configuration,Version 2) * Security Permissions Check for DC=MyOrganization,DC=local (Domain,Version 2) ......................... Server2 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\Server2\netlogon Verified share \\Server2\sysvol ......................... Server2 passed test NetLogons Starting test: Advertising The DC Server2 is advertising itself as a DC and having a DS. The DC Server2 is advertising as an LDAP server The DC Server2 is advertising as having a writeable directory The DC Server2 is advertising as a Key Distribution Center Warning: Server2 is not advertising as a time server. The DS Server2 is advertising as a GC. ......................... Server2 failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Domain Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role PDC Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Rid Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local ......................... Server2 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 6609 to 1073741823 * Server1.MyOrganization.local is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2109 to 2608 * rIDPreviousAllocationPool is 2109 to 2608 * rIDNextRID: 2146 ......................... Server2 passed test RidManager Starting test: MachineAccount Checking machine account for DC Server2 on DC Server2. * SPN found :LDAP/Server2.MyOrganization.local/ MyOrganization.local * SPN found :LDAP/Server2.MyOrganization.local * SPN found :LDAP/Server2 * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization * SPN found :LDAP/ a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local * SPN found :HOST/Server2.MyOrganization.local/ MyOrganization.local * SPN found :HOST/Server2.MyOrganization.local * SPN found :HOST/Server2 * SPN found :HOST/Server2.MyOrganization.local/MyOrganization * SPN found :GC/Server2.MyOrganization.local/ MyOrganization.local ......................... Server2 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... Server2 passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... Server2 passed test OutboundSecureChannels Starting test: ObjectsReplicated Server2 is in domain DC=MyOrganization,DC=local Checking for CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local in domain DC=MyOrganization,DC=local on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch- Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local in domain CN=Configuration,DC=MyOrganization,DC=local on 2 servers Object is up-to-date on all servers. ......................... Server2 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... Server2 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... Server2 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... Server2 passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x40011006 Time Generated: 03/23/2010 16:03:54 Event String: The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server. An Error Event occured. EventID: 0x40011006 Time Generated: 03/23/2010 16:33:54 Event String: The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server. An Error Event occured. EventID: 0x000003F6 Time Generated: 03/23/2010 16:34:11 Event String: The following problem occurred with the Jet database -1032: Jet database read or write operations failed. If the computer or database has just been upgraded, then this message can be safely ignored. If this message appears frequently, either there is not enough disk space to complete the operation or the database or backup database may be corrupt. To correct this problem, either free additional space on your hard disk or restore the database. After you restore the database, ensure that conflict detection is enabled in DHCP server properties. For information about restoring the database, see Help and Support Center. Additional Debug Information: JetBackup. An Error Event occured. EventID: 0x000003F8 Time Generated: 03/23/2010 16:34:11 Event String: The DHCP service encountered the following error when backing up the database: An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. An Error Event occured. EventID: 0x000003F2 Time Generated: 03/23/2010 16:34:11 Event String: The DHCP service encountered the following error while cleaning up the database: An error occurred while accessing the DHCP database. Look at the DHCP server event log for more information on this error. ......................... Server2 failed test systemlog Starting test: VerifyReplicas ......................... Server2 passed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local and backlink on CN=Server2,CN=Servers,CN=Branch- Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local are correct. The system object reference (frsComputerReferenceBL) CN={c7a7beed-3e23-4d59-85c9-fbd36e6c6d43},CN=DFSDomainRoot| HDrive,CN=DFSDomainRoot,CN=DFS Volumes,CN=File Replication Service,CN=System,DC=MyOrganization,DC=local and backlink on CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local are correct. The system object reference (serverReferenceBL) CN=Server2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=MyOrganization,DC=local and backlink on CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch- Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local are correct. ......................... Server2 passed test VerifyReferences Starting test: VerifyEnterpriseReferences ......................... Server2 passed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC Server2 for domain MyOrganization.local in site Branch-Office Checking machine account for DC Server2 on DC Server2. * SPN found :LDAP/Server2.MyOrganization.local/ MyOrganization.local * SPN found :LDAP/Server2.MyOrganization.local * SPN found :LDAP/Server2 * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization * SPN found :LDAP/ a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local * SPN found :HOST/Server2.MyOrganization.local/ MyOrganization.local * SPN found :HOST/Server2.MyOrganization.local * SPN found :HOST/Server2 * SPN found :HOST/Server2.MyOrganization.local/MyOrganization * SPN found :GC/Server2.MyOrganization.local/ MyOrganization.local [Server2] No security related replication errors were found on this DC! To target the connection to a specific source DC use / ReplSource:<DC>. ......................... Server2 passed test CheckSecurityError DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : MyOrganization Starting test: CrossRefValidation ......................... MyOrganization passed test CrossRefValidation Starting test: CheckSDRefDom ......................... MyOrganization passed test CheckSDRefDom Running enterprise tests on : MyOrganization.local Starting test: Intersite Doing intersite inbound replication test on site Location1: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site Location1 is: Server1. Checking for down bridgeheads ... Bridghead Branch-Office\Server2 is up and replicating fine. Bridghead Location1\Server1 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site Location1. Doing intersite inbound replication test on site Branch- Office: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site Branch-Office is: Server2. Checking for down bridgeheads ... Bridghead Location1\Server1 is up and replicating fine. Bridghead Branch-Office\Server2 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site Branch-Office. ......................... MyOrganization.local passed test Intersite Starting test: FsmoCheck GC Name: \\Server1.MyOrganization.local Locator Flags: 0xe00001bd PDC Name: \\Server1.MyOrganization.local Locator Flags: 0xe00001bd Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. KDC Name: \\Server1.MyOrganization.local Locator Flags: 0xe00001bd ......................... MyOrganization.local failed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: Server2.MyOrganization.local Domain: MyOrganization.local TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000003] Intel(R) PRO/1000 MT Network Connection: MAC address is 00:14:22:78:06:EE IP address is static IP address: 192.168.169.2 DNS servers: 192.168.168.1 (Server1.MyOrganization.local.) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found (primary) Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 24.200.241.37 (<name unavailable>) [Valid] 66.28.0.45 (<name unavailable>) [Valid] 66.28.0.61 (<name unavailable>) [Valid] TEST: Delegations (Del) Delegation information for the zone: MyOrganization.local. Delegated domain name: _msdcs.MyOrganization.local. DNS server: Server1.MyOrganization.local. IP: 192.168.168.1 [Valid] DNS server: Server2.MyOrganization.local. IP: 192.168.169.2 [Valid] TEST: Dynamic update (Dyn) Warning: Dynamic update is enabled on the zone but not secure MyOrganization.local. Test record _dcdiag_test_record added successfully in zone MyOrganization.local. Test record _dcdiag_test_record deleted successfully in zone MyOrganization.local. TEST: Records registration (RReg) Network Adapter [00000003] Intel(R) PRO/1000 MT Network Connection: Matching A record found at DNS server 192.168.168.1: Server2.MyOrganization.local Matching CNAME record found at DNS server 192.168.168.1: a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local Matching DC SRV record found at DNS server 192.168.168.1: _ldap._tcp.dc._msdcs.MyOrganization.local Matching GC SRV record found at DNS server 192.168.168.1: _ldap._tcp.gc._msdcs.MyOrganization.local DC: Server1.MyOrganization.local Domain: MyOrganization.local TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003 for Small Business Server (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000012] Realtek RTL8169 Gigabit Ethernet Adapter: MAC address is 00:18:E7:16:B4:0D IP address is static IP address: 192.168.168.1 DNS servers: 192.168.168.1 (Server1.MyOrganization.local.) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found (primary) Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 66.28.0.45 (<name unavailable>) [Valid] 66.28.0.61 (<name unavailable>) [Valid] TEST: Delegations (Del) Delegation information for the zone: MyOrganization.local. Delegated domain name: _msdcs.MyOrganization.local. DNS server: Server1.MyOrganization.local. IP: 192.168.168.1 [Valid] DNS server: Server2.MyOrganization.local. IP: 192.168.169.2 [Valid] TEST: Dynamic update (Dyn) Warning: Dynamic update is enabled on the zone but not secure MyOrganization.local. Test record _dcdiag_test_record added successfully in zone MyOrganization.local. Test record _dcdiag_test_record deleted successfully in zone MyOrganization.local. TEST: Records registration (RReg) Network Adapter [00000012] Realtek RTL8169 Gigabit Ethernet Adapter: Matching A record found at DNS server 192.168.168.1: Server1.MyOrganization.local Matching CNAME record found at DNS server 192.168.168.1: c022f83e- c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local Matching DC SRV record found at DNS server 192.168.168.1: _ldap._tcp.dc._msdcs.MyOrganization.local Matching GC SRV record found at DNS server 192.168.168.1: _ldap._tcp.gc._msdcs.MyOrganization.local Matching PDC SRV record found at DNS server 192.168.168.1: _ldap._tcp.pdc._msdcs.MyOrganization.local Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.168.1 (Server1.MyOrganization.local.) All tests passed on this DNS server This is a valid DNS server Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Delegation to the domain _msdcs.MyOrganization.local. is operational DNS server: 192.168.169.2 (Server2.MyOrganization.local.) All tests passed on this DNS server This is a valid DNS server Delegation to the domain _msdcs.MyOrganization.local. is operational DNS server: 24.200.241.37 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server DNS server: 66.28.0.45 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server DNS server: 66.28.0.61 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext ________________________________________________________________ Domain: MyOrganization.local Server2 PASS PASS PASS PASS WARN PASS n/a Server1 PASS PASS PASS PASS WARN PASS n/a ......................... MyOrganization.local passed test DNS On Mar 23, 3:20 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> wrote: > Run the test using; > > dcdiag /c /v /e > > just by chance are you using Small Business Server for one of your 'sites'? > > and do you have seperate domain controllers in each of the sites? > > ISMserv and a fucntioning PDCe role seems to be the heart of the issue. > > > > > > Wael wrote: > > I have some problems when i do dcdiag. In the directory service I have > > a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles on the > > MS Websites, but still can't figure out how to resolve the problem. We > > have two locations connected over the internet with two VPN servers. > > One of the sites has a slow 5MB DSL connection. > > > Also notice the Time service error at the end. > > > Any help is appreciated. > > > Domain Controller Diagnosis > > > Performing initial setup: > > Done gathering initial info. > > > Doing initial required tests > > > Testing server: Location1\MyServer1 > > Starting test: Connectivity > > ......................... MyServer1 passed test Connectivity > > > Doing primary tests > > > Testing server: Location1\MyServer1 > > Starting test: Replications > > ......................... MyServer1 passed test Replications > > Starting test: NCSecDesc > > ......................... MyServer1 passed test NCSecDesc > > Starting test: NetLogons > > ......................... MyServer1 passed test NetLogons > > Starting test: Advertising > > Warning: MyServer1 is not advertising as a time server. > > ......................... MyServer1 failed test Advertising > > Starting test: KnowsOfRoleHolders > > ......................... MyServer1 passed test KnowsOfRoleHolders > > Starting test: RidManager > > ......................... MyServer1 passed test RidManager > > Starting test: MachineAccount > > ......................... MyServer1 passed test MachineAccount > > Starting test: Services > > Could not open IsmServ Service on [MyServer1]:failed with 1060: The > > specified service does not exist as an installed service. > > ......................... MyServer1 failed test Services > > Starting test: ObjectsReplicated > > ......................... MyServer1 passed test ObjectsReplicated > > Starting test: frssysvol > > ......................... MyServer1 passed test frssysvol > > Starting test: frsevent > > ......................... MyServer1 passed test frsevent > > Starting test: kccevent > > An Error Event occured. EventID: 0xC0000520 > > Time Generated: 03/22/2010 14:39:41 > > Event String: A call to the Intersite Messaging service that > > > An Error Event occured. EventID: 0xC000051F > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) has > > > An Warning Event occured. EventID: 0x80000749 > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) was > > > An Error Event occured. EventID: 0xC0000520 > > Time Generated: 03/22/2010 14:39:41 > > Event String: A call to the Intersite Messaging service that > > > An Error Event occured. EventID: 0xC000051F > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) has > > > An Warning Event occured. EventID: 0x80000749 > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) was > > > An Error Event occured. EventID: 0xC0000520 > > Time Generated: 03/22/2010 14:39:41 > > Event String: A call to the Intersite Messaging service that > > > An Error Event occured. EventID: 0xC000051F > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) has > > > An Warning Event occured. EventID: 0x80000749 > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) was > > > An Error Event occured. EventID: 0xC0000520 > > Time Generated: 03/22/2010 14:39:41 > > Event String: A call to the Intersite Messaging service that > > > An Error Event occured. EventID: 0xC000051F > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) has > > > An Warning Event occured. EventID: 0x80000749 > > Time Generated: 03/22/2010 14:39:41 > > Event String: The Knowledge Consistency Checker (KCC) was > > > ......................... MyServer1 failed test kccevent > > Starting test: systemlog > > ......................... MyServer1 passed test systemlog > > Starting test: VerifyReferences > > ......................... MyServer1 passed test VerifyReferences > > > Running partition tests on : ForestDnsZones > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test CheckSDRefDom > > > Running partition tests on : DomainDnsZones > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test CheckSDRefDom > > > Running partition tests on : Schema > > Starting test: CrossRefValidation > > ......................... Schema passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > > Running partition tests on : Configuration > > Starting test: CrossRefValidation > > ......................... Configuration passed test CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Configuration passed test CheckSDRefDom > > > Running partition tests on : MyOrganization > > Starting test: CrossRefValidation > > ......................... MyOrganization passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... MyOrganization passed test CheckSDRefDom > > > Running enterprise tests on : MyOrganization.local > > Starting test: Intersite > > ......................... MyOrganization.local passed test Intersite > > Starting test: FsmoCheck > > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > > A Time Server could not be located. > > The server holding the PDC role is down. > > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error > > 1355 > > A Good Time Server could not be located. > > ......................... MyOrganization.local failed test FsmoCheck > > -- > /kj- Hide quoted text - > > - Show quoted text -
From: kj [SBS MVP] on 23 Mar 2010 17:26 OK, for starters server 1 should have both server1 and server2 for DNS client configurations Server 2 should have server 2 and server1 for DNS client settings ( both in repesctive orders) > IP Address. . . . . . . . . . . . : 192.168.168.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.168.81 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 <add> DNS Servers . . . . . . . . . . . : 192.168.169.2 > Primary WINS Server . . . . . . . : 192.168.168.1 ??????? > Primary WINS Server . . . . . . . : 192.168.169.2 Do you have WINS replication configured? If not you probably want to settle on one WINS server or setup WINS replication and add Secondary WINS servers to both DCs. SBS server has ISMserv (Intersite messaging service) disabled by default. You should go into services and enable and start this service ( make sure its's running on both DCs). Is the other server a windows 2000 server or something more recent? Right not your DCs are not replicating well. How long has this configuration existed? Server 2 appears to have a second NIC that is not connected. If true it's better to disable it. Later OS versions can have binding order problems in DCs with two or more enabled NICs. After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin /replsummary" btw, is this SBS 2003 or SBS 2008? Wael wrote: > There you go. > One of the servers is an SBS and yes i have another domain controller > in the branch office. The DC is a member server (obviously) > > ipconfig /all (SBS) > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : Server1 > > Primary Dns Suffix . . . . . . . : MyOrganization.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : MyOrganization.local > > > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Realtek RTL8169 Gigabit > Ethernet Adapter > > Physical Address. . . . . . . . . : 00-18-E7-16-B4-0D > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.168.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.168.81 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > Primary WINS Server . . . . . . . : 192.168.168.1 > ----------------------------------------- > ipconfig /all on the member domain controller > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : Server2 > > Primary Dns Suffix . . . . . . . : MyOrganization.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : MyOrganization.local > > > > Ethernet adapter LAN: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > > Physical Address. . . . . . . . . : 00-14-22-78-06-EE > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.169.2 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.169.19 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > Primary WINS Server . . . . . . . : 192.168.169.2 > > > > Ethernet adapter WAN: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port > Server Adapter > > Physical Address. . . . . . . . . : 00-04-23-C2-4A-0E > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : No > > IP Address. . . . . . . . . . . . : 0.0.0.0 > > Subnet Mask . . . . . . . . . . . : 0.0.0.0 > > Default Gateway . . . . . . . . . : > > DHCP Server . . . . . . . . . . . : 0.0.0.0 > > NetBIOS over Tcpip. . . . . . . . : Disabled > > > > > ----------------------------------------- > Domain Controller Diagnosis > > Performing initial setup: > * Verifying that the local machine Server1, is a DC. > * Connecting to directory service on server Server1. > * Collecting site info. > * Identifying all servers. > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 2 of them. > Done gathering initial info. > > Doing initial required tests > > Testing server: Location1\Server1 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... Server1 passed test Connectivity > > Testing server: Branch-Office\Server2 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... Server2 passed test Connectivity > > Doing primary tests > > Testing server: Location1\Server1 > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... Server1 passed test Replications > Starting test: Topology > * Configuration Topology Integrity Check > [Topology Integrity Check,Server1] Intra-site topology > generation is disabled in this site. > * Analyzing the connection topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server1 passed test Topology > Starting test: CutoffServers > * Configuration Topology Aliveness Check > * Analyzing the alive system replication topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server1 passed test CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC Server1. > * Security Permissions Check for > DC=ForestDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > DC=DomainDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=MyOrganization,DC=local > (Configuration,Version 2) > * Security Permissions Check for > DC=MyOrganization,DC=local > (Domain,Version 2) > ......................... Server1 passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\Server1\netlogon > Verified share \\Server1\sysvol > ......................... Server1 passed test NetLogons > Starting test: Advertising > The DC Server1 is advertising itself as a DC and having a DS. > The DC Server1 is advertising as an LDAP server > The DC Server1 is advertising as having a writeable directory > The DC Server1 is advertising as a Key Distribution Center > Warning: Server1 is not advertising as a time server. > The DS Server1 is advertising as a GC. > ......................... Server1 failed test Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Domain Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role PDC Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Rid Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > ......................... Server1 passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 6609 to 1073741823 > * Server1.MyOrganization.local is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 5609 to 6108 > * rIDPreviousAllocationPool is 4109 to 4608 > * rIDNextRID: 4485 > ......................... Server1 passed test RidManager > Starting test: MachineAccount > Checking machine account for DC Server1 on DC Server1. > * SPN found :LDAP/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server1.MyOrganization.local > * SPN found :LDAP/Server1 > * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization > * SPN found :LDAP/c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- > c0aa-451c-8fa4-2a089356de62/MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local > * SPN found :HOST/Server1 > * SPN found :HOST/Server1.MyOrganization.local/MyOrganization > * SPN found :GC/Server1.MyOrganization.local/ > MyOrganization.local > ......................... Server1 passed test MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > Could not open IsmServ Service on [Server1]:failed with > 1060: The specified service does not exist as an installed service. > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... Server1 failed test Services > Starting test: OutboundSecureChannels > * The Outbound Secure Channels test > ** Did not run Outbound Secure Channels test > because /testdomain: was not entered > ......................... Server1 passed test > OutboundSecureChannels > Starting test: ObjectsReplicated > Server1 is in domain DC=MyOrganization,DC=local > Checking for CN=Server1,OU=Domain > Controllers,DC=MyOrganization,DC=local in domain > DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > in domain CN=Configuration,DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > ......................... Server1 passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... Server1 passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... Server1 passed test frsevent > Starting test: kccevent > * The KCC Event log test > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=ForestDnsZones,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=DomainDnsZones,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > CN=Configuration,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > ......................... Server1 failed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0xC0002720 > Time Generated: 03/23/2010 16:12:57 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:07 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:07 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:08 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:09 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:09 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:10 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:14 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:31 > (Event String could not be retrieved) > ......................... Server1 failed test systemlog > Starting test: VerifyReplicas > ......................... Server1 passed test VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local > and backlink > > on > > > CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > The system object reference (frsComputerReferenceBL) > > CN={5af2cfd7-dc82-4e9a-9650-6ac3571706a3},CN=DFSDomainRoot| > DFSLink1,CN=LostAndFound,DC=MyOrganization,DC=local > > and backlink on > > CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local > are correct. > > The system object reference (serverReferenceBL) > > CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > ......................... Server1 passed test > VerifyReferences > Starting test: VerifyEnterpriseReferences > ......................... Server1 passed test > VerifyEnterpriseReferences > Starting test: CheckSecurityError > * Dr Auth: Beginning security errors check! > Found KDC Server1 for domain MyOrganization.local in site > Location1 > Checking machine account for DC Server1 on DC Server1. > * SPN found :LDAP/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server1.MyOrganization.local > * SPN found :LDAP/Server1 > * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization > * SPN found :LDAP/c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- > c0aa-451c-8fa4-2a089356de62/MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local > * SPN found :HOST/Server1 > * SPN found :HOST/Server1.MyOrganization.local/MyOrganization > * SPN found :GC/Server1.MyOrganization.local/ > MyOrganization.local > [Server1] No security related replication errors were found > on this DC! To target the connection to a specific source DC use / > ReplSource:<DC>. > ......................... Server1 passed test > CheckSecurityError > > Testing server: Branch-Office\Server2 > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... Server2 passed test Replications > Starting test: Topology > * Configuration Topology Integrity Check > [Topology Integrity Check,Server2] Intra-site topology > generation is disabled in this site. > * Analyzing the connection topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server2 passed test Topology > Starting test: CutoffServers > * Configuration Topology Aliveness Check > * Analyzing the alive system replication topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server2 passed test CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC Server2. > * Security Permissions Check for > DC=ForestDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > DC=DomainDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=MyOrganization,DC=local > (Configuration,Version 2) > * Security Permissions Check for > DC=MyOrganization,DC=local > (Domain,Version 2) > ......................... Server2 passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\Server2\netlogon > Verified share \\Server2\sysvol > ......................... Server2 passed test NetLogons > Starting test: Advertising > The DC Server2 is advertising itself as a DC and having a DS. > The DC Server2 is advertising as an LDAP server > The DC Server2 is advertising as having a writeable directory > The DC Server2 is advertising as a Key Distribution Center > Warning: Server2 is not advertising as a time server. > The DS Server2 is advertising as a GC. > ......................... Server2 failed test Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Domain Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role PDC Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Rid Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > ......................... Server2 passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 6609 to 1073741823 > * Server1.MyOrganization.local is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 2109 to 2608 > * rIDPreviousAllocationPool is 2109 to 2608 > * rIDNextRID: 2146 > ......................... Server2 passed test RidManager > Starting test: MachineAccount > Checking machine account for DC Server2 on DC Server2. > * SPN found :LDAP/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server2.MyOrganization.local > * SPN found :LDAP/Server2 > * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization > * SPN found :LDAP/ > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ > a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local > * SPN found :HOST/Server2 > * SPN found :HOST/Server2.MyOrganization.local/MyOrganization > * SPN found :GC/Server2.MyOrganization.local/ > MyOrganization.local > ......................... Server2 passed test MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... Server2 passed test Services > Starting test: OutboundSecureChannels > * The Outbound Secure Channels test > ** Did not run Outbound Secure Channels test > because /testdomain: was not entered > ......................... Server2 passed test > OutboundSecureChannels > Starting test: ObjectsReplicated > Server2 is in domain DC=MyOrganization,DC=local > Checking for CN=Server2,OU=Domain > Controllers,DC=MyOrganization,DC=local in domain > DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local in domain > CN=Configuration,DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > ......................... Server2 passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... Server2 passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... Server2 passed test frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the > last 15 minutes. > ......................... Server2 passed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x40011006 > Time Generated: 03/23/2010 16:03:54 > Event String: The connection was aborted by the remote > WINS. > > Remote WINS may not be configured to replicate > > with the server. > An Error Event occured. EventID: 0x40011006 > Time Generated: 03/23/2010 16:33:54 > Event String: The connection was aborted by the remote > WINS. > > Remote WINS may not be configured to replicate > > with the server. > An Error Event occured. EventID: 0x000003F6 > Time Generated: 03/23/2010 16:34:11 > Event String: The following problem occurred with the Jet > > database -1032: Jet database read or write > > operations failed. If the computer or database > > has just been upgraded, then this message can be > > safely ignored. If this message appears > > frequently, either there is not enough disk > > space to complete the operation or the database > > or backup database may be corrupt. To correct > > this problem, either free additional space on > > your hard disk or restore the database. After > > you restore the database, ensure that conflict > > detection is enabled in DHCP server properties. > > For information about restoring the database, > > see Help and Support Center. Additional Debug > > Information: JetBackup. > An Error Event occured. EventID: 0x000003F8 > Time Generated: 03/23/2010 16:34:11 > Event String: The DHCP service encountered the following > error > > when backing up the database: > > An error occurred while accessing the DHCP database. Look at the > > DHCP server event log for more information on this error. > > > > > An Error Event occured. EventID: 0x000003F2 > Time Generated: 03/23/2010 16:34:11 > Event String: The DHCP service encountered the following > error > > while cleaning up the database: > > An error occurred while accessing the DHCP database. Look at the > > DHCP server event log for more information on this error. > > > > > ......................... Server2 failed test systemlog > Starting test: VerifyReplicas > ......................... Server2 passed test VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local > and backlink > > on > > CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > The system object reference (frsComputerReferenceBL) > > CN={c7a7beed-3e23-4d59-85c9-fbd36e6c6d43},CN=DFSDomainRoot| > HDrive,CN=DFSDomainRoot,CN=DFS Volumes,CN=File Replication > Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local > are correct. > > The system object reference (serverReferenceBL) > > CN=Server2,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > ......................... Server2 passed test > VerifyReferences > Starting test: VerifyEnterpriseReferences > ......................... Server2 passed test > VerifyEnterpriseReferences > Starting test: CheckSecurityError > * Dr Auth: Beginning security errors check! > Found KDC Server2 for domain MyOrganization.local in site > Branch-Office > Checking machine account for DC Server2 on DC Server2. > * SPN found :LDAP/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server2.MyOrganization.local > * SPN found :LDAP/Server2 > * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization > * SPN found :LDAP/ > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ > a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local > * SPN found :HOST/Server2 > * SPN found :HOST/Server2.MyOrganization.local/MyOrganization > * SPN found :GC/Server2.MyOrganization.local/ > MyOrganization.local > [Server2] No security related replication errors were found > on this DC! To target the connection to a specific source DC use / > ReplSource:<DC>. > ......................... Server2 passed test > CheckSecurityError > > DNS Tests are running and not hung. Please wait a few minutes... > > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test > CheckSDRefDom > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > > Running partition tests on : MyOrganization > Starting test: CrossRefValidation > ......................... MyOrganization passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... MyOrganization passed test > CheckSDRefDom > > Running enterprise tests on : MyOrganization.local > Starting test: Intersite > Doing intersite inbound replication test on site Location1: > Locating & Contacting Intersite Topology Generator > (ISTG) ... > The ISTG for site Location1 is: Server1. > Checking for down bridgeheads ... > Bridghead Branch-Office\Server2 is up and replicating > fine. > Bridghead Location1\Server1 is up and replicating > fine. > Doing in depth site analysis ... > All expected sites and bridgeheads are replicating into > site > > Location1. > Doing intersite inbound replication test on site Branch- > Office: > Locating & Contacting Intersite Topology Generator > (ISTG) ... > The ISTG for site Branch-Office is: Server2. > Checking for down bridgeheads ... > Bridghead Location1\Server1 is up and replicating > fine. > Bridghead Branch-Office\Server2 is up and replicating > fine. > Doing in depth site analysis ... > All expected sites and bridgeheads are replicating into > site > > Branch-Office. > ......................... MyOrganization.local passed test > Intersite > Starting test: FsmoCheck > GC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > PDC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > error 1355 > A Good Time Server could not be located. > KDC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > ......................... MyOrganization.local failed test > FsmoCheck > Starting test: DNS > Test results for domain controllers: > > DC: Server2.MyOrganization.local > Domain: MyOrganization.local > > > TEST: Authentication (Auth) > Authentication test: Successfully completed > > TEST: Basic (Basc) > Microsoft(R) Windows(R) Server 2003, Standard > Edition (Service Pack level: 2.0) is supported > NETLOGON service is running > kdc service is running > DNSCACHE service is running > DNS service is running > DC is a DNS server > Network adapters information: > Adapter [00000003] Intel(R) PRO/1000 MT Network > Connection: > MAC address is 00:14:22:78:06:EE > IP address is static > IP address: 192.168.169.2 > DNS servers: > 192.168.168.1 (Server1.MyOrganization.local.) > [Valid] > The A record for this DC was found > The SOA record for the Active Directory zone was > found > The Active Directory zone on this DC/DNS server was > found (primary) > Root zone on this DC/DNS server was not found > > TEST: Forwarders/Root hints (Forw) > Recursion is enabled > Forwarders Information: > 24.200.241.37 (<name unavailable>) [Valid] > 66.28.0.45 (<name unavailable>) [Valid] > 66.28.0.61 (<name unavailable>) [Valid] > > TEST: Delegations (Del) > Delegation information for the zone: > MyOrganization.local. > Delegated domain name: > _msdcs.MyOrganization.local. > DNS server: Server1.MyOrganization.local. IP: > 192.168.168.1 [Valid] > DNS server: Server2.MyOrganization.local. IP: > 192.168.169.2 [Valid] > > TEST: Dynamic update (Dyn) > Warning: Dynamic update is enabled on the zone but > not secure MyOrganization.local. > Test record _dcdiag_test_record added successfully > in zone MyOrganization.local. > Test record _dcdiag_test_record deleted successfully > in zone MyOrganization.local. > > TEST: Records registration (RReg) > Network Adapter [00000003] Intel(R) PRO/1000 MT > Network Connection: > Matching A record found at DNS server > 192.168.168.1: > Server2.MyOrganization.local > > Matching CNAME record found at DNS server > 192.168.168.1: > > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > > Matching DC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.dc._msdcs.MyOrganization.local > > Matching GC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.gc._msdcs.MyOrganization.local > > > > DC: Server1.MyOrganization.local > Domain: MyOrganization.local > > > TEST: Authentication (Auth) > Authentication test: Successfully completed > > TEST: Basic (Basc) > Microsoft(R) Windows(R) Server 2003 for Small > Business Server (Service Pack level: 2.0) is supported > NETLOGON service is running > kdc service is running > DNSCACHE service is running > DNS service is running > DC is a DNS server > Network adapters information: > Adapter [00000012] Realtek RTL8169 Gigabit Ethernet > Adapter: > MAC address is 00:18:E7:16:B4:0D > IP address is static > IP address: 192.168.168.1 > DNS servers: > 192.168.168.1 (Server1.MyOrganization.local.) > [Valid] > The A record for this DC was found > The SOA record for the Active Directory zone was > found > The Active Directory zone on this DC/DNS server was > found (primary) > Root zone on this DC/DNS server was not found > > TEST: Forwarders/Root hints (Forw) > Recursion is enabled > Forwarders Information: > 66.28.0.45 (<name unavailable>) [Valid] > 66.28.0.61 (<name unavailable>) [Valid] > > TEST: Delegations (Del) > Delegation information for the zone: > MyOrganization.local. > Delegated domain name: > _msdcs.MyOrganization.local. > DNS server: Server1.MyOrganization.local. IP: > 192.168.168.1 [Valid] > DNS server: Server2.MyOrganization.local. IP: > 192.168.169.2 [Valid] > > TEST: Dynamic update (Dyn) > Warning: Dynamic update is enabled on the zone but > not secure MyOrganization.local. > Test record _dcdiag_test_record added successfully > in zone MyOrganization.local. > Test record _dcdiag_test_record deleted successfully > in zone MyOrganization.local. > > TEST: Records registration (RReg) > Network Adapter [00000012] Realtek RTL8169 Gigabit > Ethernet Adapter: > Matching A record found at DNS server > 192.168.168.1: > Server1.MyOrganization.local > > Matching CNAME record found at DNS server > 192.168.168.1: > c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > > Matching DC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.dc._msdcs.MyOrganization.local > > Matching GC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.gc._msdcs.MyOrganization.local > > Matching PDC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.pdc._msdcs.MyOrganization.local > > > Summary of test results for DNS servers used by the above > domain controllers: > > DNS server: 192.168.168.1 (Server1.MyOrganization.local.) > All tests passed on this DNS server > This is a valid DNS server > Name resolution is funtional. _ldap._tcp SRV record for > the forest root domain is registered > Delegation to the domain _msdcs.MyOrganization.local. > is operational > > DNS server: 192.168.169.2 (Server2.MyOrganization.local.) > All tests passed on this DNS server > This is a valid DNS server > Delegation to the domain _msdcs.MyOrganization.local. > is operational > > DNS server: 24.200.241.37 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > DNS server: 66.28.0.45 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > DNS server: 66.28.0.61 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > Summary of DNS test results: > > Auth Basc Forw Del Dyn > RReg Ext > > ________________________________________________________________ > Domain: MyOrganization.local > Server2 PASS PASS PASS PASS WARN > PASS n/a > Server1 PASS PASS PASS PASS WARN > PASS n/a > > ......................... MyOrganization.local passed test > DNS > > On Mar 23, 3:20 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> > wrote: >> Run the test using; >> >> dcdiag /c /v /e >> >> just by chance are you using Small Business Server for one of your >> 'sites'? >> >> and do you have seperate domain controllers in each of the sites? >> >> ISMserv and a fucntioning PDCe role seems to be the heart of the >> issue. >> >> >> >> >> >> Wael wrote: >>> I have some problems when i do dcdiag. In the directory service I >>> have a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles >>> on the MS Websites, but still can't figure out how to resolve the >>> problem. We have two locations connected over the internet with two >>> VPN servers. One of the sites has a slow 5MB DSL connection. >> >>> Also notice the Time service error at the end. >> >>> Any help is appreciated. >> >>> Domain Controller Diagnosis >> >>> Performing initial setup: >>> Done gathering initial info. >> >>> Doing initial required tests >> >>> Testing server: Location1\MyServer1 >>> Starting test: Connectivity >>> ......................... MyServer1 passed test Connectivity >> >>> Doing primary tests >> >>> Testing server: Location1\MyServer1 >>> Starting test: Replications >>> ......................... MyServer1 passed test Replications >>> Starting test: NCSecDesc >>> ......................... MyServer1 passed test NCSecDesc >>> Starting test: NetLogons >>> ......................... MyServer1 passed test NetLogons >>> Starting test: Advertising >>> Warning: MyServer1 is not advertising as a time server. >>> ......................... MyServer1 failed test Advertising >>> Starting test: KnowsOfRoleHolders >>> ......................... MyServer1 passed test KnowsOfRoleHolders >>> Starting test: RidManager >>> ......................... MyServer1 passed test RidManager >>> Starting test: MachineAccount >>> ......................... MyServer1 passed test MachineAccount >>> Starting test: Services >>> Could not open IsmServ Service on [MyServer1]:failed with 1060: The >>> specified service does not exist as an installed service. >>> ......................... MyServer1 failed test Services >>> Starting test: ObjectsReplicated >>> ......................... MyServer1 passed test ObjectsReplicated >>> Starting test: frssysvol >>> ......................... MyServer1 passed test frssysvol >>> Starting test: frsevent >>> ......................... MyServer1 passed test frsevent >>> Starting test: kccevent >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> ......................... MyServer1 failed test kccevent >>> Starting test: systemlog >>> ......................... MyServer1 passed test systemlog >>> Starting test: VerifyReferences >>> ......................... MyServer1 passed test VerifyReferences >> >>> Running partition tests on : ForestDnsZones >>> Starting test: CrossRefValidation >>> ......................... ForestDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ForestDnsZones passed test CheckSDRefDom >> >>> Running partition tests on : DomainDnsZones >>> Starting test: CrossRefValidation >>> ......................... DomainDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... DomainDnsZones passed test CheckSDRefDom >> >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >> >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation Starting test: CheckSDRefDom >>> ......................... Configuration passed test CheckSDRefDom >> >>> Running partition tests on : MyOrganization >>> Starting test: CrossRefValidation >>> ......................... MyOrganization passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... MyOrganization passed test CheckSDRefDom >> >>> Running enterprise tests on : MyOrganization.local >>> Starting test: Intersite >>> ......................... MyOrganization.local passed test Intersite >>> Starting test: FsmoCheck >>> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 >>> A Time Server could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error >>> 1355 >>> A Good Time Server could not be located. >>> ......................... MyOrganization.local failed test FsmoCheck >> >> -- >> /kj- Hide quoted text - >> >> - Show quoted text - -- /kj
From: Wael on 24 Mar 2010 12:03
On Mar 23, 5:26 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> wrote: > OK, for starters server 1 should have both server1 and server2 for DNS > client configurations > > Server 2 should have server 2 and server1 for DNS client settings ( both in > repesctive orders) Done. I scheduled the restart for the early morning because those servers are heavily used until midnight. I noticed that some dcdiag issues were resolved (even though i did not yet restart). The problem that remains now is the time service issue. > > > IP Address. . . . . . . . . . . . : 192.168.168.1 > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > Default Gateway . . . . . . . . . : 192.168.168.81 > > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > <add> DNS Servers . . . . . . . . . . . : 192.168.169.2 > > > > > Primary WINS Server . . . . . . . : 192.168.168.1 > ??????? > > Primary WINS Server . . . . . . . : 192.168.169.2 > > Do you have WINS replication configured? If not you probably want to settle > on one WINS server or setup WINS replication and add Secondary WINS servers > to both DCs. > Done. I verified the configuration, still getting errors with dcdiag though. Let's see what happens after the restart tonight. > SBS server has ISMserv (Intersite messaging service) disabled by default. > You should go into services and enable and start this service ( make sure > its's running on both DCs). Is the other server a windows 2000 server or > something more recent? > I couldn't find this service (or any variations for the name) on SBS. I found it on the member server (Intersite Messaging) and it was already started. Any idea why it is not showing in the list of services? > Right not your DCs are not replicating well. How long has this configuration > existed? > 6 months probably. > Server 2 appears to have a second NIC that is not connected. If true it's > better to disable it. Later OS versions can have binding order problems in > DCs with two or more enabled NICs. > It is disabled. I am using Windows 2003 SBS and R1 > After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin > /replsummary" This test showed 0/5 errors. > > btw, is this SBS 2003 or SBS 2008? > > |