Active Directory problems/dcdiag error
|
From: kj [SBS MVP] on 23 Mar 2010 17:26 OK, for starters server 1 should have both server1 and server2 for DNS client configurations Server 2 should have server 2 and server1 for DNS client settings ( both in repesctive orders) > IP Address. . . . . . . . . . . . : 192.168.168.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.168.81 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 <add> DNS Servers . . . . . . . . . . . : 192.168.169.2 > Primary WINS Server . . . . . . . : 192.168.168.1 ??????? > Primary WINS Server . . . . . . . : 192.168.169.2 Do you have WINS replication configured? If not you probably want to settle on one WINS server or setup WINS replication and add Secondary WINS servers to both DCs. SBS server has ISMserv (Intersite messaging service) disabled by default. You should go into services and enable and start this service ( make sure its's running on both DCs). Is the other server a windows 2000 server or something more recent? Right not your DCs are not replicating well. How long has this configuration existed? Server 2 appears to have a second NIC that is not connected. If true it's better to disable it. Later OS versions can have binding order problems in DCs with two or more enabled NICs. After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin /replsummary" btw, is this SBS 2003 or SBS 2008? Wael wrote: > There you go. > One of the servers is an SBS and yes i have another domain controller > in the branch office. The DC is a member server (obviously) > > ipconfig /all (SBS) > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : Server1 > > Primary Dns Suffix . . . . . . . : MyOrganization.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : MyOrganization.local > > > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Realtek RTL8169 Gigabit > Ethernet Adapter > > Physical Address. . . . . . . . . : 00-18-E7-16-B4-0D > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.168.1 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.168.81 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > Primary WINS Server . . . . . . . : 192.168.168.1 > ----------------------------------------- > ipconfig /all on the member domain controller > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : Server2 > > Primary Dns Suffix . . . . . . . : MyOrganization.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : MyOrganization.local > > > > Ethernet adapter LAN: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > > Physical Address. . . . . . . . . : 00-14-22-78-06-EE > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.169.2 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.169.19 > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > Primary WINS Server . . . . . . . : 192.168.169.2 > > > > Ethernet adapter WAN: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port > Server Adapter > > Physical Address. . . . . . . . . : 00-04-23-C2-4A-0E > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : No > > IP Address. . . . . . . . . . . . : 0.0.0.0 > > Subnet Mask . . . . . . . . . . . : 0.0.0.0 > > Default Gateway . . . . . . . . . : > > DHCP Server . . . . . . . . . . . : 0.0.0.0 > > NetBIOS over Tcpip. . . . . . . . : Disabled > > > > > ----------------------------------------- > Domain Controller Diagnosis > > Performing initial setup: > * Verifying that the local machine Server1, is a DC. > * Connecting to directory service on server Server1. > * Collecting site info. > * Identifying all servers. > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 2 of them. > Done gathering initial info. > > Doing initial required tests > > Testing server: Location1\Server1 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... Server1 passed test Connectivity > > Testing server: Branch-Office\Server2 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... Server2 passed test Connectivity > > Doing primary tests > > Testing server: Location1\Server1 > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... Server1 passed test Replications > Starting test: Topology > * Configuration Topology Integrity Check > [Topology Integrity Check,Server1] Intra-site topology > generation is disabled in this site. > * Analyzing the connection topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server1 passed test Topology > Starting test: CutoffServers > * Configuration Topology Aliveness Check > * Analyzing the alive system replication topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server1 passed test CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC Server1. > * Security Permissions Check for > DC=ForestDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > DC=DomainDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=MyOrganization,DC=local > (Configuration,Version 2) > * Security Permissions Check for > DC=MyOrganization,DC=local > (Domain,Version 2) > ......................... Server1 passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\Server1\netlogon > Verified share \\Server1\sysvol > ......................... Server1 passed test NetLogons > Starting test: Advertising > The DC Server1 is advertising itself as a DC and having a DS. > The DC Server1 is advertising as an LDAP server > The DC Server1 is advertising as having a writeable directory > The DC Server1 is advertising as a Key Distribution Center > Warning: Server1 is not advertising as a time server. > The DS Server1 is advertising as a GC. > ......................... Server1 failed test Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Domain Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role PDC Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Rid Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > ......................... Server1 passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 6609 to 1073741823 > * Server1.MyOrganization.local is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 5609 to 6108 > * rIDPreviousAllocationPool is 4109 to 4608 > * rIDNextRID: 4485 > ......................... Server1 passed test RidManager > Starting test: MachineAccount > Checking machine account for DC Server1 on DC Server1. > * SPN found :LDAP/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server1.MyOrganization.local > * SPN found :LDAP/Server1 > * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization > * SPN found :LDAP/c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- > c0aa-451c-8fa4-2a089356de62/MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local > * SPN found :HOST/Server1 > * SPN found :HOST/Server1.MyOrganization.local/MyOrganization > * SPN found :GC/Server1.MyOrganization.local/ > MyOrganization.local > ......................... Server1 passed test MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > Could not open IsmServ Service on [Server1]:failed with > 1060: The specified service does not exist as an installed service. > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... Server1 failed test Services > Starting test: OutboundSecureChannels > * The Outbound Secure Channels test > ** Did not run Outbound Secure Channels test > because /testdomain: was not entered > ......................... Server1 passed test > OutboundSecureChannels > Starting test: ObjectsReplicated > Server1 is in domain DC=MyOrganization,DC=local > Checking for CN=Server1,OU=Domain > Controllers,DC=MyOrganization,DC=local in domain > DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > in domain CN=Configuration,DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > ......................... Server1 passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... Server1 passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... Server1 passed test frsevent > Starting test: kccevent > * The KCC Event log test > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=ForestDnsZones,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > DC=DomainDnsZones,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > An Error Event occured. EventID: 0xC0000520 > Time Generated: 03/23/2010 16:39:59 > Event String: A call to the Intersite Messaging service > that > > specifies the following transport failed. > > > > Transport: > > CN=IP,CN=Inter-Site > Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > As a result, the Knowledge Consistency Checker > > (KCC) cannot configure a correct intersite > > replication topology. > > > > User Action > > Verify that the Intersite Messaging service is > > running. > > > > Additional Data > > Error value: > > 1722 The RPC server is unavailable. > An Error Event occured. EventID: 0xC000051F > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) has > > detected problems with the following directory > > partition. > > > > Directory partition: > > CN=Configuration,DC=MyOrganization,DC=local > > > > There is insufficient site connectivity > > information in Active Directory Sites and > > Services for the KCC to create a spanning tree > > replication topology. Or, one or more domain > > controllers with this directory partition are > > unable to replicate the directory partition > > information. This is probably due to inaccessible > > domain controllers. > > > > User Action > > Use Active Directory Sites and Services to > > perform one of the following actions: > > - Publish sufficient site connectivity > > information so that the KCC can determine a route > > by which this directory partition can reach this > > site. This is the preferred option. > > - Add a Connection object to a domain controller > > that contains the directory partition in this > > site from a domain controller that contains the > > same directory partition in another site. > > > > If neither of the Active Directory Sites and > > Services tasks correct this condition, see > > previous events logged by the KCC that identify > > the inaccessible domain controllers. > An Warning Event occured. EventID: 0x80000749 > Time Generated: 03/23/2010 16:39:59 > Event String: The Knowledge Consistency Checker (KCC) was > > unable to form a complete spanning tree network > > topology. As a result, the following list of > > sites cannot be reached from the local site. > > > > Sites: > > CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > > > > > > > > > > > > > > > > ......................... Server1 failed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0xC0002720 > Time Generated: 03/23/2010 16:12:57 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:07 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:07 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:08 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:09 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:09 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:10 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:14 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x00000457 > Time Generated: 03/23/2010 16:43:31 > (Event String could not be retrieved) > ......................... Server1 failed test systemlog > Starting test: VerifyReplicas > ......................... Server1 passed test VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local > and backlink > > on > > > CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > The system object reference (frsComputerReferenceBL) > > CN={5af2cfd7-dc82-4e9a-9650-6ac3571706a3},CN=DFSDomainRoot| > DFSLink1,CN=LostAndFound,DC=MyOrganization,DC=local > > and backlink on > > CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local > are correct. > > The system object reference (serverReferenceBL) > > CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > ......................... Server1 passed test > VerifyReferences > Starting test: VerifyEnterpriseReferences > ......................... Server1 passed test > VerifyEnterpriseReferences > Starting test: CheckSecurityError > * Dr Auth: Beginning security errors check! > Found KDC Server1 for domain MyOrganization.local in site > Location1 > Checking machine account for DC Server1 on DC Server1. > * SPN found :LDAP/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server1.MyOrganization.local > * SPN found :LDAP/Server1 > * SPN found :LDAP/Server1.MyOrganization.local/MyOrganization > * SPN found :LDAP/c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e- > c0aa-451c-8fa4-2a089356de62/MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server1.MyOrganization.local > * SPN found :HOST/Server1 > * SPN found :HOST/Server1.MyOrganization.local/MyOrganization > * SPN found :GC/Server1.MyOrganization.local/ > MyOrganization.local > [Server1] No security related replication errors were found > on this DC! To target the connection to a specific source DC use / > ReplSource:<DC>. > ......................... Server1 passed test > CheckSecurityError > > Testing server: Branch-Office\Server2 > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > DC=MyOrganization,DC=local > Latency information for 4 entries in the vector were > ignored. > 4 were retired Invocations. 0 were either: read- > only replicas and are not verifiably latent, or dc's no longer > replicating this nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... Server2 passed test Replications > Starting test: Topology > * Configuration Topology Integrity Check > [Topology Integrity Check,Server2] Intra-site topology > generation is disabled in this site. > * Analyzing the connection topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the connection topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server2 passed test Topology > Starting test: CutoffServers > * Configuration Topology Aliveness Check > * Analyzing the alive system replication topology for > DC=ForestDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=DomainDnsZones,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > CN=Configuration,DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > * Analyzing the alive system replication topology for > DC=MyOrganization,DC=local. > * Performing upstream (of target) analysis. > * Performing downstream (of target) analysis. > ......................... Server2 passed test CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC Server2. > * Security Permissions Check for > DC=ForestDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > DC=DomainDnsZones,DC=MyOrganization,DC=local > (NDNC,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=MyOrganization,DC=local > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=MyOrganization,DC=local > (Configuration,Version 2) > * Security Permissions Check for > DC=MyOrganization,DC=local > (Domain,Version 2) > ......................... Server2 passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\Server2\netlogon > Verified share \\Server2\sysvol > ......................... Server2 passed test NetLogons > Starting test: Advertising > The DC Server2 is advertising itself as a DC and having a DS. > The DC Server2 is advertising as an LDAP server > The DC Server2 is advertising as having a writeable directory > The DC Server2 is advertising as a Key Distribution Center > Warning: Server2 is not advertising as a time server. > The DS Server2 is advertising as a GC. > ......................... Server2 failed test Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Domain Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role PDC Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Rid Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > ......................... Server2 passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 6609 to 1073741823 > * Server1.MyOrganization.local is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 2109 to 2608 > * rIDPreviousAllocationPool is 2109 to 2608 > * rIDNextRID: 2146 > ......................... Server2 passed test RidManager > Starting test: MachineAccount > Checking machine account for DC Server2 on DC Server2. > * SPN found :LDAP/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server2.MyOrganization.local > * SPN found :LDAP/Server2 > * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization > * SPN found :LDAP/ > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ > a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local > * SPN found :HOST/Server2 > * SPN found :HOST/Server2.MyOrganization.local/MyOrganization > * SPN found :GC/Server2.MyOrganization.local/ > MyOrganization.local > ......................... Server2 passed test MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... Server2 passed test Services > Starting test: OutboundSecureChannels > * The Outbound Secure Channels test > ** Did not run Outbound Secure Channels test > because /testdomain: was not entered > ......................... Server2 passed test > OutboundSecureChannels > Starting test: ObjectsReplicated > Server2 is in domain DC=MyOrganization,DC=local > Checking for CN=Server2,OU=Domain > Controllers,DC=MyOrganization,DC=local in domain > DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local in domain > CN=Configuration,DC=MyOrganization,DC=local on 2 servers > Object is up-to-date on all servers. > ......................... Server2 passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... Server2 passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... Server2 passed test frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the > last 15 minutes. > ......................... Server2 passed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x40011006 > Time Generated: 03/23/2010 16:03:54 > Event String: The connection was aborted by the remote > WINS. > > Remote WINS may not be configured to replicate > > with the server. > An Error Event occured. EventID: 0x40011006 > Time Generated: 03/23/2010 16:33:54 > Event String: The connection was aborted by the remote > WINS. > > Remote WINS may not be configured to replicate > > with the server. > An Error Event occured. EventID: 0x000003F6 > Time Generated: 03/23/2010 16:34:11 > Event String: The following problem occurred with the Jet > > database -1032: Jet database read or write > > operations failed. If the computer or database > > has just been upgraded, then this message can be > > safely ignored. If this message appears > > frequently, either there is not enough disk > > space to complete the operation or the database > > or backup database may be corrupt. To correct > > this problem, either free additional space on > > your hard disk or restore the database. After > > you restore the database, ensure that conflict > > detection is enabled in DHCP server properties. > > For information about restoring the database, > > see Help and Support Center. Additional Debug > > Information: JetBackup. > An Error Event occured. EventID: 0x000003F8 > Time Generated: 03/23/2010 16:34:11 > Event String: The DHCP service encountered the following > error > > when backing up the database: > > An error occurred while accessing the DHCP database. Look at the > > DHCP server event log for more information on this error. > > > > > An Error Event occured. EventID: 0x000003F2 > Time Generated: 03/23/2010 16:34:11 > Event String: The DHCP service encountered the following > error > > while cleaning up the database: > > An error occurred while accessing the DHCP database. Look at the > > DHCP server event log for more information on this error. > > > > > ......................... Server2 failed test systemlog > Starting test: VerifyReplicas > ......................... Server2 passed test VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local > and backlink > > on > > CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > The system object reference (frsComputerReferenceBL) > > CN={c7a7beed-3e23-4d59-85c9-fbd36e6c6d43},CN=DFSDomainRoot| > HDrive,CN=DFSDomainRoot,CN=DFS Volumes,CN=File Replication > Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local > are correct. > > The system object reference (serverReferenceBL) > > CN=Server2,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=MyOrganization,DC=local > > and backlink on > > CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch- > Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local > > are correct. > ......................... Server2 passed test > VerifyReferences > Starting test: VerifyEnterpriseReferences > ......................... Server2 passed test > VerifyEnterpriseReferences > Starting test: CheckSecurityError > * Dr Auth: Beginning security errors check! > Found KDC Server2 for domain MyOrganization.local in site > Branch-Office > Checking machine account for DC Server2 on DC Server2. > * SPN found :LDAP/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :LDAP/Server2.MyOrganization.local > * SPN found :LDAP/Server2 > * SPN found :LDAP/Server2.MyOrganization.local/MyOrganization > * SPN found :LDAP/ > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ > a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local/ > MyOrganization.local > * SPN found :HOST/Server2.MyOrganization.local > * SPN found :HOST/Server2 > * SPN found :HOST/Server2.MyOrganization.local/MyOrganization > * SPN found :GC/Server2.MyOrganization.local/ > MyOrganization.local > [Server2] No security related replication errors were found > on this DC! To target the connection to a specific source DC use / > ReplSource:<DC>. > ......................... Server2 passed test > CheckSecurityError > > DNS Tests are running and not hung. Please wait a few minutes... > > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test > CheckSDRefDom > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > > Running partition tests on : MyOrganization > Starting test: CrossRefValidation > ......................... MyOrganization passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... MyOrganization passed test > CheckSDRefDom > > Running enterprise tests on : MyOrganization.local > Starting test: Intersite > Doing intersite inbound replication test on site Location1: > Locating & Contacting Intersite Topology Generator > (ISTG) ... > The ISTG for site Location1 is: Server1. > Checking for down bridgeheads ... > Bridghead Branch-Office\Server2 is up and replicating > fine. > Bridghead Location1\Server1 is up and replicating > fine. > Doing in depth site analysis ... > All expected sites and bridgeheads are replicating into > site > > Location1. > Doing intersite inbound replication test on site Branch- > Office: > Locating & Contacting Intersite Topology Generator > (ISTG) ... > The ISTG for site Branch-Office is: Server2. > Checking for down bridgeheads ... > Bridghead Location1\Server1 is up and replicating > fine. > Bridghead Branch-Office\Server2 is up and replicating > fine. > Doing in depth site analysis ... > All expected sites and bridgeheads are replicating into > site > > Branch-Office. > ......................... MyOrganization.local passed test > Intersite > Starting test: FsmoCheck > GC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > PDC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 > A Time Server could not be located. > The server holding the PDC role is down. > Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, > error 1355 > A Good Time Server could not be located. > KDC Name: \\Server1.MyOrganization.local > Locator Flags: 0xe00001bd > ......................... MyOrganization.local failed test > FsmoCheck > Starting test: DNS > Test results for domain controllers: > > DC: Server2.MyOrganization.local > Domain: MyOrganization.local > > > TEST: Authentication (Auth) > Authentication test: Successfully completed > > TEST: Basic (Basc) > Microsoft(R) Windows(R) Server 2003, Standard > Edition (Service Pack level: 2.0) is supported > NETLOGON service is running > kdc service is running > DNSCACHE service is running > DNS service is running > DC is a DNS server > Network adapters information: > Adapter [00000003] Intel(R) PRO/1000 MT Network > Connection: > MAC address is 00:14:22:78:06:EE > IP address is static > IP address: 192.168.169.2 > DNS servers: > 192.168.168.1 (Server1.MyOrganization.local.) > [Valid] > The A record for this DC was found > The SOA record for the Active Directory zone was > found > The Active Directory zone on this DC/DNS server was > found (primary) > Root zone on this DC/DNS server was not found > > TEST: Forwarders/Root hints (Forw) > Recursion is enabled > Forwarders Information: > 24.200.241.37 (<name unavailable>) [Valid] > 66.28.0.45 (<name unavailable>) [Valid] > 66.28.0.61 (<name unavailable>) [Valid] > > TEST: Delegations (Del) > Delegation information for the zone: > MyOrganization.local. > Delegated domain name: > _msdcs.MyOrganization.local. > DNS server: Server1.MyOrganization.local. IP: > 192.168.168.1 [Valid] > DNS server: Server2.MyOrganization.local. IP: > 192.168.169.2 [Valid] > > TEST: Dynamic update (Dyn) > Warning: Dynamic update is enabled on the zone but > not secure MyOrganization.local. > Test record _dcdiag_test_record added successfully > in zone MyOrganization.local. > Test record _dcdiag_test_record deleted successfully > in zone MyOrganization.local. > > TEST: Records registration (RReg) > Network Adapter [00000003] Intel(R) PRO/1000 MT > Network Connection: > Matching A record found at DNS server > 192.168.168.1: > Server2.MyOrganization.local > > Matching CNAME record found at DNS server > 192.168.168.1: > > a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local > > Matching DC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.dc._msdcs.MyOrganization.local > > Matching GC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.gc._msdcs.MyOrganization.local > > > > DC: Server1.MyOrganization.local > Domain: MyOrganization.local > > > TEST: Authentication (Auth) > Authentication test: Successfully completed > > TEST: Basic (Basc) > Microsoft(R) Windows(R) Server 2003 for Small > Business Server (Service Pack level: 2.0) is supported > NETLOGON service is running > kdc service is running > DNSCACHE service is running > DNS service is running > DC is a DNS server > Network adapters information: > Adapter [00000012] Realtek RTL8169 Gigabit Ethernet > Adapter: > MAC address is 00:18:E7:16:B4:0D > IP address is static > IP address: 192.168.168.1 > DNS servers: > 192.168.168.1 (Server1.MyOrganization.local.) > [Valid] > The A record for this DC was found > The SOA record for the Active Directory zone was > found > The Active Directory zone on this DC/DNS server was > found (primary) > Root zone on this DC/DNS server was not found > > TEST: Forwarders/Root hints (Forw) > Recursion is enabled > Forwarders Information: > 66.28.0.45 (<name unavailable>) [Valid] > 66.28.0.61 (<name unavailable>) [Valid] > > TEST: Delegations (Del) > Delegation information for the zone: > MyOrganization.local. > Delegated domain name: > _msdcs.MyOrganization.local. > DNS server: Server1.MyOrganization.local. IP: > 192.168.168.1 [Valid] > DNS server: Server2.MyOrganization.local. IP: > 192.168.169.2 [Valid] > > TEST: Dynamic update (Dyn) > Warning: Dynamic update is enabled on the zone but > not secure MyOrganization.local. > Test record _dcdiag_test_record added successfully > in zone MyOrganization.local. > Test record _dcdiag_test_record deleted successfully > in zone MyOrganization.local. > > TEST: Records registration (RReg) > Network Adapter [00000012] Realtek RTL8169 Gigabit > Ethernet Adapter: > Matching A record found at DNS server > 192.168.168.1: > Server1.MyOrganization.local > > Matching CNAME record found at DNS server > 192.168.168.1: > c022f83e- > c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local > > Matching DC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.dc._msdcs.MyOrganization.local > > Matching GC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.gc._msdcs.MyOrganization.local > > Matching PDC SRV record found at DNS server > 192.168.168.1: > _ldap._tcp.pdc._msdcs.MyOrganization.local > > > Summary of test results for DNS servers used by the above > domain controllers: > > DNS server: 192.168.168.1 (Server1.MyOrganization.local.) > All tests passed on this DNS server > This is a valid DNS server > Name resolution is funtional. _ldap._tcp SRV record for > the forest root domain is registered > Delegation to the domain _msdcs.MyOrganization.local. > is operational > > DNS server: 192.168.169.2 (Server2.MyOrganization.local.) > All tests passed on this DNS server > This is a valid DNS server > Delegation to the domain _msdcs.MyOrganization.local. > is operational > > DNS server: 24.200.241.37 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > DNS server: 66.28.0.45 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > DNS server: 66.28.0.61 (<name unavailable>) > All tests passed on this DNS server > This is a valid DNS server > > Summary of DNS test results: > > Auth Basc Forw Del Dyn > RReg Ext > > ________________________________________________________________ > Domain: MyOrganization.local > Server2 PASS PASS PASS PASS WARN > PASS n/a > Server1 PASS PASS PASS PASS WARN > PASS n/a > > ......................... MyOrganization.local passed test > DNS > > On Mar 23, 3:20 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> > wrote: >> Run the test using; >> >> dcdiag /c /v /e >> >> just by chance are you using Small Business Server for one of your >> 'sites'? >> >> and do you have seperate domain controllers in each of the sites? >> >> ISMserv and a fucntioning PDCe role seems to be the heart of the >> issue. >> >> >> >> >> >> Wael wrote: >>> I have some problems when i do dcdiag. In the directory service I >>> have a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles >>> on the MS Websites, but still can't figure out how to resolve the >>> problem. We have two locations connected over the internet with two >>> VPN servers. One of the sites has a slow 5MB DSL connection. >> >>> Also notice the Time service error at the end. >> >>> Any help is appreciated. >> >>> Domain Controller Diagnosis >> >>> Performing initial setup: >>> Done gathering initial info. >> >>> Doing initial required tests >> >>> Testing server: Location1\MyServer1 >>> Starting test: Connectivity >>> ......................... MyServer1 passed test Connectivity >> >>> Doing primary tests >> >>> Testing server: Location1\MyServer1 >>> Starting test: Replications >>> ......................... MyServer1 passed test Replications >>> Starting test: NCSecDesc >>> ......................... MyServer1 passed test NCSecDesc >>> Starting test: NetLogons >>> ......................... MyServer1 passed test NetLogons >>> Starting test: Advertising >>> Warning: MyServer1 is not advertising as a time server. >>> ......................... MyServer1 failed test Advertising >>> Starting test: KnowsOfRoleHolders >>> ......................... MyServer1 passed test KnowsOfRoleHolders >>> Starting test: RidManager >>> ......................... MyServer1 passed test RidManager >>> Starting test: MachineAccount >>> ......................... MyServer1 passed test MachineAccount >>> Starting test: Services >>> Could not open IsmServ Service on [MyServer1]:failed with 1060: The >>> specified service does not exist as an installed service. >>> ......................... MyServer1 failed test Services >>> Starting test: ObjectsReplicated >>> ......................... MyServer1 passed test ObjectsReplicated >>> Starting test: frssysvol >>> ......................... MyServer1 passed test frssysvol >>> Starting test: frsevent >>> ......................... MyServer1 passed test frsevent >>> Starting test: kccevent >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> An Error Event occured. EventID: 0xC0000520 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: A call to the Intersite Messaging service that >> >>> An Error Event occured. EventID: 0xC000051F >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) has >> >>> An Warning Event occured. EventID: 0x80000749 >>> Time Generated: 03/22/2010 14:39:41 >>> Event String: The Knowledge Consistency Checker (KCC) was >> >>> ......................... MyServer1 failed test kccevent >>> Starting test: systemlog >>> ......................... MyServer1 passed test systemlog >>> Starting test: VerifyReferences >>> ......................... MyServer1 passed test VerifyReferences >> >>> Running partition tests on : ForestDnsZones >>> Starting test: CrossRefValidation >>> ......................... ForestDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ForestDnsZones passed test CheckSDRefDom >> >>> Running partition tests on : DomainDnsZones >>> Starting test: CrossRefValidation >>> ......................... DomainDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... DomainDnsZones passed test CheckSDRefDom >> >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >> >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation Starting test: CheckSDRefDom >>> ......................... Configuration passed test CheckSDRefDom >> >>> Running partition tests on : MyOrganization >>> Starting test: CrossRefValidation >>> ......................... MyOrganization passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... MyOrganization passed test CheckSDRefDom >> >>> Running enterprise tests on : MyOrganization.local >>> Starting test: Intersite >>> ......................... MyOrganization.local passed test Intersite >>> Starting test: FsmoCheck >>> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 >>> A Time Server could not be located. >>> The server holding the PDC role is down. >>> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error >>> 1355 >>> A Good Time Server could not be located. >>> ......................... MyOrganization.local failed test FsmoCheck >> >> -- >> /kj- Hide quoted text - >> >> - Show quoted text - -- /kj
From: Wael on 24 Mar 2010 12:03 On Mar 23, 5:26 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> wrote: > OK, for starters server 1 should have both server1 and server2 for DNS > client configurations > > Server 2 should have server 2 and server1 for DNS client settings ( both in > repesctive orders) Done. I scheduled the restart for the early morning because those servers are heavily used until midnight. I noticed that some dcdiag issues were resolved (even though i did not yet restart). The problem that remains now is the time service issue. > > > IP Address. . . . . . . . . . . . : 192.168.168.1 > > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > > Default Gateway . . . . . . . . . : 192.168.168.81 > > > DNS Servers . . . . . . . . . . . : 192.168.168.1 > > <add> DNS Servers . . . . . . . . . . . : 192.168.169.2 > > > > > Primary WINS Server . . . . . . . : 192.168.168.1 > ??????? > > Primary WINS Server . . . . . . . : 192.168.169.2 > > Do you have WINS replication configured? If not you probably want to settle > on one WINS server or setup WINS replication and add Secondary WINS servers > to both DCs. > Done. I verified the configuration, still getting errors with dcdiag though. Let's see what happens after the restart tonight. > SBS server has ISMserv (Intersite messaging service) disabled by default. > You should go into services and enable and start this service ( make sure > its's running on both DCs). Is the other server a windows 2000 server or > something more recent? > I couldn't find this service (or any variations for the name) on SBS. I found it on the member server (Intersite Messaging) and it was already started. Any idea why it is not showing in the list of services? > Right not your DCs are not replicating well. How long has this configuration > existed? > 6 months probably. > Server 2 appears to have a second NIC that is not connected. If true it's > better to disable it. Later OS versions can have binding order problems in > DCs with two or more enabled NICs. > It is disabled. I am using Windows 2003 SBS and R1 > After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin > /replsummary" This test showed 0/5 errors. > > btw, is this SBS 2003 or SBS 2008? > >
From: kj [SBS MVP] on 24 Mar 2010 13:06 Yikes. So, 180 days is a critical time in which to ensure replicaiton completes. In the repadmin command, it's more important when it was last successfull not the current fail. Do a repadmin /showrepl and post the entire unedited output. Missing the ismserv is going to continue to be an issue. May be the root of the problem for that matter. first try a net start ismserv & post the output - If it fails, check the %windir% \system32 directory for the ism*.* files ( should be four of them ). If they are there then its possible the dll's need to be reregistered. You might consider putting in a call to MS support for this issue. There is a 180 day "tombstone lifetime" that is essential that you get this resolved and it sounds like you are getting close to this time frame already. ( if not already exceeded). Do you have the two locations defined as seperate AD sites with unique subnets? ( if you do not have them defined, do not do it until MS instructed or until you get replication resolved.) Wael wrote: > On Mar 23, 5:26 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> > wrote: >> OK, for starters server 1 should have both server1 and server2 for >> DNS client configurations >> >> Server 2 should have server 2 and server1 for DNS client settings ( >> both in repesctive orders) > > Done. I scheduled the restart for the early morning because those > servers are heavily used until midnight. I noticed that some dcdiag > issues were resolved (even though i did not yet restart). The problem > that remains now is the time service issue. > >> >>> IP Address. . . . . . . . . . . . : 192.168.168.1 >> >>> Subnet Mask . . . . . . . . . . . : 255.255.255.0 >> >>> Default Gateway . . . . . . . . . : 192.168.168.81 >> >>> DNS Servers . . . . . . . . . . . : 192.168.168.1 >> >> <add> DNS Servers . . . . . . . . . . . : 192.168.169.2 >> >> >> >>> Primary WINS Server . . . . . . . : 192.168.168.1 >> ??????? >>> Primary WINS Server . . . . . . . : 192.168.169.2 >> >> Do you have WINS replication configured? If not you probably want to >> settle on one WINS server or setup WINS replication and add >> Secondary WINS servers to both DCs. >> > > Done. I verified the configuration, still getting errors with dcdiag > though. Let's see what happens after the restart tonight. > > >> SBS server has ISMserv (Intersite messaging service) disabled by >> default. You should go into services and enable and start this >> service ( make sure its's running on both DCs). Is the other server >> a windows 2000 server or something more recent? >> > > > I couldn't find this service (or any variations for the name) on SBS. > I found it on the member server (Intersite Messaging) and it was > already started. Any idea why it is not showing in the list of > services? > >> Right not your DCs are not replicating well. How long has this >> configuration existed? >> > > 6 months probably. > >> Server 2 appears to have a second NIC that is not connected. If true >> it's better to disable it. Later OS versions can have binding order >> problems in DCs with two or more enabled NICs. >> > > It is disabled. I am using Windows 2003 SBS and R1 > >> After that, reboot the SBS server, run a fresh dcdiag, and also a >> "repadmin /replsummary" > > This test showed 0/5 errors. >> >> btw, is this SBS 2003 or SBS 2008? -- /kj
From: Wael on 24 Mar 2010 14:05 On Mar 24, 1:06 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> wrote: > Yikes. So, 180 days is a critical time in which to ensure replicaiton > completes. > Actually I don't think there was a big problem with replication, otherwise i would've probably noticed. In the "File Replication Service" section of the event viewer the errors are months apart, but anyway I am posting the results of the replication below. > In the repadmin command, it's more important when it was last successfull > not the current fail. > > Do a repadmin /showrepl and post the entire unedited output. > > Missing the ismserv is going to continue to be an issue. May be the root of > the problem for that matter. > > first try a net start ismserv & post the output > I did "ismserv /install" and now it shows in the list of services. I also started the newly installed service afterwards. DCDiag still shows the same errors. I will post them separately shortly. This should make the thread easier to follow (I hope) > - If it fails, check the %windir% \system32 directory for the ism*.* files > ( should be four of them ). If they are there then its possible the dll's > need to be reregistered. You might consider putting in a call to MS support > for this issue. > > There is a 180 day "tombstone lifetime" that is essential that you get this > resolved and it sounds like you are getting close to this time frame > already. ( if not already exceeded). > I am not sure what this "tombstone" is. I noticed in the WINS server there were entries marked as "tombstones". I deleted those entries that I know belong to computers external to our organization. > Do you have the two locations defined as seperate AD sites with unique > subnets? ( if you do not have them defined, do not do it until MS instructed > or until you get replication resolved.) > repadmin running command /showrepl against server localhost Westmount\Server1 DC Options: IS_GC Site Options: IS_GROUP_CACHING_ENABLED DC object GUID: c022f83e-c0aa-451c-8fa4-2a089356de62 DC invocationID: c022f83e-c0aa-451c-8fa4-2a089356de62 ==== INBOUND NEIGHBORS ====================================== DC=MyOrganization,DC=local Branch-Office\Server2 via RPC DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d Last attempt @ 2010-03-24 13:49:59 was successful. CN=Configuration,DC=MyOrganization,DC=local Branch-Office\Server2 via RPC DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d Last attempt @ 2010-03-24 13:49:59 was successful. CN=Schema,CN=Configuration,DC=MyOrganization,DC=local Branch-Office\Server2 via RPC DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d Last attempt @ 2010-03-24 13:49:59 was successful. DC=DomainDnsZones,DC=MyOrganization,DC=local Branch-Office\Server2 via RPC DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d Last attempt @ 2010-03-24 13:49:59 was successful. DC=ForestDnsZones,DC=MyOrganization,DC=local Branch-Office\Server2 via RPC DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d Last attempt @ 2010-03-24 13:50:00 was successful.
From: Wael on 24 Mar 2010 14:10 On Mar 24, 2:05 pm, Wael <sedk...(a)gmail.com> wrote: > On Mar 24, 1:06 pm, "kj [SBS MVP]" <KevinJ....(a)SPAMFREE.gmail.com> > wrote: > > > Yikes. So, 180 days is a critical time in which to ensure replicaiton > > completes. > Below is the result for DCDiag. For my previous posting "Westmount" = "Location1" Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Location1\Server1 Starting test: Connectivity ......................... Server1 passed test Connectivity Doing primary tests Testing server: Location1\Server1 Starting test: Replications ......................... Server1 passed test Replications Starting test: NCSecDesc ......................... Server1 passed test NCSecDesc Starting test: NetLogons ......................... Server1 passed test NetLogons Starting test: Advertising Warning: Server1 is not advertising as a time server. ......................... Server1 failed test Advertising Starting test: KnowsOfRoleHolders ......................... Server1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... Server1 passed test RidManager Starting test: MachineAccount ......................... Server1 passed test MachineAccount Starting test: Services ......................... Server1 passed test Services Starting test: ObjectsReplicated ......................... Server1 passed test ObjectsReplicated Starting test: frssysvol ......................... Server1 passed test frssysvol Starting test: frsevent ......................... Server1 passed test frsevent Starting test: kccevent An Error Event occured. EventID: 0xC0000520 Time Generated: 03/24/2010 13:54:58 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/24/2010 13:54:58 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/24/2010 13:54:58 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000520 Time Generated: 03/24/2010 13:54:58 Event String: A call to the Intersite Messaging service that An Error Event occured. EventID: 0xC000051F Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) has An Warning Event occured. EventID: 0x80000749 Time Generated: 03/24/2010 13:54:58 Event String: The Knowledge Consistency Checker (KCC) was An Error Event occured. EventID: 0xC0000713 Time Generated: 03/24/2010 13:58:14 Event String: The Intersite Messaging Service encountered an ......................... Server1 failed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:04 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:05 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:06 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:07 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:09 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:10 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:10 (Event String could not be retrieved) An Error Event occured. EventID: 0x00000457 Time Generated: 03/24/2010 13:52:11 (Event String could not be retrieved) ......................... Server1 failed test systemlog Starting test: VerifyReferences ......................... Server1 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : MyOrganization Starting test: CrossRefValidation ......................... MyOrganization passed test CrossRefValidation Starting test: CheckSDRefDom ......................... MyOrganization passed test CheckSDRefDom Running enterprise tests on : MyOrganization.local Starting test: Intersite ......................... MyOrganization.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355 A Good Time Server could not be located. ......................... MyOrganization.local failed test FsmoCheck
|
Next
|
Last
Pages: 1 2 Prev: Monitoring RBLs in Exchange 2003 Next: Also the Edit in Excel button has stopped working |