Repair DNS 4010 events...
in [Windows Servers]
|
Prev: Hotfix for Windows XP KB954550-v5
Next: Windows Server 2008 - Unable to install TMG Beta3 Second Edition
From: Jake on 4 Nov 2009 05:31 Hi, About four weeks ago I had a post here with about the same subject. Due to heavy workload I hadn't time to follow up the last suggestions but I continue by posting the requested ipconfigs and dcdiags from both domain controllers. Se at the en of this post. DC1 is the main DC and DC2 is a secondary. I also want to mention that we run a separate Linux DHCP server (if that may influence anything here) and it points of course the clients' DNS to DC1 and DC2 in that order. Every time we restart the domain controllers we get a couple of 4010 events, also some clients complain about long login times, and in their event logs there are entries about not finding the domain controller. My predecessor talked about a corrupted dns which he had had tried to repair / recreate. Also the domain has been renamed from single label to dotted domain name a long time ago. All this might be partially causes to the problems I now want to try to clean up. Anyway, I start with the ipconfigs and dcdiags and I hope we can proceed from there in chasing this error away. regards jake ******IPCONFIG /ALL for DC1 Windows IP Configuration Host Name . . . . . . . . . . . . : DC1 Primary Dns Suffix . . . . . . . : LocalDomain.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : LocalDomain.LAN Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.22.100.1 DNS Servers . . . . . . . . . . . : 172.22.100.10 172.22.100.11 Primary WINS Server . . . . . . . : 172.22.100.13 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 8: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{53E1D6EF-858C-4F37-A103-B28155E8BDE3} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes ********* IPCONFIG /ALL for DC2 Windows IP Configuration Host Name . . . . . . . . . . . . : DC2 Primary Dns Suffix . . . . . . . : LocalDomain.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : LocalDomain.LAN Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-8F-7A-80 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.22.100.11(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.22.100.1 DNS Servers . . . . . . . . . . . : 172.22.100.11 172.22.100.10 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 8: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{BDAEFF9E-413C-4779-BD0C-532E325CB9FE} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes ************** DCDIAG /v for DC1 Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine DC1, is a Directory Server. Home Server = DC1 * Connecting to directory service on server DC1. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site\DC1 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... DC1 passed test Connectivity Doing primary tests Testing server: Default-First-Site\DC1 Starting test: Advertising The DC DC1 is advertising itself as a DC and having a DS. The DC DC1 is advertising as an LDAP server The DC DC1 is advertising as having a writeable directory The DC DC1 is advertising as a Key Distribution Center The DC DC1 is advertising as a time server The DS DC1 is advertising as a GC. ......................... DC1 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... DC1 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... DC1 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC1 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... DC1 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN ......................... DC1 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC DC1 on DC DC1. * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain.LAN * SPN found :LDAP/DC1.LocalDomain.LAN * SPN found :LDAP/DC1 * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain * SPN found :LDAP/ad7d47f5-c84a-4622-ad2b-c885b7f675b2._msdcs.LocalDomain.LAN * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ad7d47f5-c84a-4622-ad2b-c885b7f675b2/LocalDomain.LAN * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain.LAN * SPN found :HOST/DC1.LocalDomain.LAN * SPN found :HOST/DC1 * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain * SPN found :GC/DC1.LocalDomain.LAN/LocalDomain.LAN ......................... DC1 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC1. * Security Permissions Check for DC=DomainDnsZones,DC=LocalDomain,DC=LAN (NDNC,Version 3) * Security Permissions Check for DC=ForestDnsZones,DC=LocalDomain,DC=LAN (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=LocalDomain,DC=LAN (Configuration,Version 3) * Security Permissions Check for DC=LocalDomain,DC=LAN (Domain,Version 3) ......................... DC1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC1\netlogon Verified share \\DC1\sysvol ......................... DC1 passed test NetLogons Starting test: ObjectsReplicated DC1 is in domain DC=LocalDomain,DC=LAN Checking for CN=DC1,OU=Domain Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers Object is up-to-date on all servers. ......................... DC1 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check * Replication Latency Check DC=DomainDnsZones,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ForestDnsZones,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... DC1 passed test Replications Starting test: RidManager * Available RID Pool for the Domain is 6105 to 1073741823 * DC1.LocalDomain.LAN is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 5105 to 5604 * rIDPreviousAllocationPool is 5105 to 5604 * rIDNextRID: 5106 ......................... DC1 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... DC1 passed test Services Starting test: SystemLog * The System Event log test Found no errors in "System" Event log in the last 60 minutes. ......................... DC1 passed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=DC1,OU=Domain Controllers,DC=LocalDomain,DC=LAN and backlink on CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN are correct. The system object reference (serverReferenceBL) CN=DC1-2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=LocalDomain,DC=LAN and backlink on CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN are correct. ......................... DC1 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : LocalDomain Starting test: CheckSDRefDom ......................... LocalDomain passed test CheckSDRefDom Starting test: CrossRefValidation ......................... LocalDomain passed test CrossRefValidation Running enterprise tests on : LocalDomain.LAN Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd PDC Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd Time Server Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd Preferred Time Server Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd KDC Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd ......................... LocalDomain.LAN passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site, this site is outside the scope provided by the command line arguments provided. ......................... LocalDomain.LAN passed test Intersite ************** DCDIAG /v for DC2 Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine DC2, is a Directory Server. Home Server = DC2 * Connecting to directory service on server DC2. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site\DC2 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Determining IP6 connectivity * Active Directory RPC Services Check ......................... DC2 passed test Connectivity Doing primary tests Testing server: Default-First-Site\DC2 Starting test: Advertising The DC DC2 is advertising itself as a DC and having a DS. The DC DC2 is advertising as an LDAP server The DC DC2 is advertising as having a writeable directory The DC DC2 is advertising as a Key Distribution Center The DC DC2 is advertising as a time server The DS DC2 is advertising as a GC. ......................... DC2 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test ......................... DC2 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... DC2 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC2 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... DC2 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN ......................... DC2 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC DC2 on DC DC2. * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain.LAN * SPN found :LDAP/DC2.LocalDomain.LAN * SPN found :LDAP/DC2 * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain * SPN found :LDAP/1799c6b1-0369-4d37-89ae-f2387dc63968._msdcs.LocalDomain.LAN * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1799c6b1-0369-4d37-89ae-f2387dc63968/LocalDomain.LAN * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain.LAN * SPN found :HOST/DC2.LocalDomain.LAN * SPN found :HOST/DC2 * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain * SPN found :GC/DC2.LocalDomain.LAN/LocalDomain.LAN ......................... DC2 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC2. * Security Permissions Check for DC=DomainDnsZones,DC=LocalDomain,DC=LAN (NDNC,Version 3) * Security Permissions Check for DC=ForestDnsZones,DC=LocalDomain,DC=LAN (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=LocalDomain,DC=LAN (Configuration,Version 3) * Security Permissions Check for DC=LocalDomain,DC=LAN (Domain,Version 3) ......................... DC2 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC2\netlogon Verified share \\DC2\sysvol ......................... DC2 passed test NetLogons Starting test: ObjectsReplicated DC2 is in domain DC=LocalDomain,DC=LAN Checking for CN=DC2,OU=Domain Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers Object is up-to-date on all servers. ......................... DC2 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check * Replication Latency Check DC=DomainDnsZones,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ForestDnsZones,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=LocalDomain,DC=LAN Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... DC2 passed test Replications Starting test: RidManager * Available RID Pool for the Domain is 6105 to 1073741823 * DC1.LocalDomain.LAN is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 5605 to 6104 * rIDPreviousAllocationPool is 5605 to 6104 * rIDNextRID: 5609 ......................... DC2 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... DC2 passed test Services Starting test: SystemLog * The System Event log test An Warning Event occurred. EventID: 0x00001695 Time Generated: 11/04/2009 09:52:07 EvtFormatMessage failed, error 15100 Win32 Error 15100. (Event String (event log = System) could not be retrieved, error 0x3afc) Found no errors in "System" Event log in the last 60 minutes. ......................... DC2 passed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=DC2,OU=Domain Controllers,DC=LocalDomain,DC=LAN and backlink on CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN are correct. The system object reference (serverReferenceBL) CN=DC2-2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=LocalDomain,DC=LAN and backlink on CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN are correct. ......................... DC2 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : LocalDomain Starting test: CheckSDRefDom ......................... LocalDomain passed test CheckSDRefDom Starting test: CrossRefValidation ......................... LocalDomain passed test CrossRefValidation Running enterprise tests on : LocalDomain.LAN Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\DC2.LocalDomain.LAN Locator Flags: 0xe00013fc PDC Name: \\DC1.LocalDomain.LAN Locator Flags: 0xe00013fd Time Server Name: \\DC2.LocalDomain.LAN Locator Flags: 0xe00013fc Preferred Time Server Name: \\DC2.LocalDomain.LAN Locator Flags: 0xe00013fc KDC Name: \\DC2.LocalDomain.LAN Locator Flags: 0xe00013fc ......................... LocalDomain.LAN passed test LocatorCheck Starting test: Intersite Skipping site Default-First-Site, this site is outside the scope provided by the command line arguments provided. ......................... LocalDomain.LAN passed test Intersite
From: Meinolf Weber [MVP-DS] on 4 Nov 2009 06:20
Hello Jake, The ipconfig's look ok, also the dcdiag output. As the OS is 2008 i suggest to disable IPv6 on the DC according to: http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx Did you also check the reply from Ace? ------------------------------------------- Jake, Sounds like you may possibly have a dupe zone. Read the following to find out or at least eliminate this possibility. Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx Ace ------------------------------------------- Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi, > > About four weeks ago I had a post here with about the same subject. > Due to heavy workload I hadn't time to follow up the last suggestions > but I continue by posting the requested ipconfigs and dcdiags from > both domain controllers. Se at the en of this post. DC1 is the main > DC and DC2 is a secondary. I also want to mention that we run a > separate Linux DHCP server (if that may influence anything here) and > it points of course the clients' DNS to DC1 and DC2 in that order. > > Every time we restart the domain controllers we get a couple of 4010 > events, also some clients complain about long login times, and in > their event logs there are entries about not finding the domain > controller. > > My predecessor talked about a corrupted dns which he had had tried to > repair / recreate. Also the domain has been renamed from single label > to dotted domain name a long time ago. All this might be partially > causes to the problems I now want to try to clean up. > > Anyway, I start with the ipconfigs and dcdiags and I hope we can > proceed from there in chasing this error away. > > regards jake > > ******IPCONFIG /ALL for DC1 > Windows IP Configuration > Host Name . . . . . . . . . . . . : DC1 > Primary Dns Suffix . . . . . . . : LocalDomain.LAN > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : LocalDomain.LAN > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 172.22.100.1 > DNS Servers . . . . . . . . . . . : 172.22.100.10 > 172.22.100.11 > Primary WINS Server . . . . . . . : 172.22.100.13 > NetBIOS over Tcpip. . . . . . . . : Enabled > Tunnel adapter Local Area Connection* 8: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : > isatap.{53E1D6EF-858C-4F37-A103-B28155E8BDE3} > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > Tunnel adapter Local Area Connection* 9: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Teredo Tunneling > Pseudo-Interface > Physical Address. . . . . . . . . : 02-00-54-55-4E-01 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > ********* IPCONFIG /ALL for DC2 > Windows IP Configuration > Host Name . . . . . . . . . . . . : DC2 > Primary Dns Suffix . . . . . . . : LocalDomain.LAN > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : LocalDomain.LAN > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-0C-29-8F-7A-80 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > IPv4 Address. . . . . . . . . . . : 172.22.100.11(Preferred) > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 172.22.100.1 > DNS Servers . . . . . . . . . . . : 172.22.100.11 > 172.22.100.10 > NetBIOS over Tcpip. . . . . . . . : Enabled > Tunnel adapter Local Area Connection* 8: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : > isatap.{BDAEFF9E-413C-4779-BD0C-532E325CB9FE} > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > Tunnel adapter Local Area Connection* 9: > > Media State . . . . . . . . . . . : Media disconnected > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Teredo Tunneling > Pseudo-Interface > Physical Address. . . . . . . . . : 02-00-54-55-4E-01 > DHCP Enabled. . . . . . . . . . . : No > Autoconfiguration Enabled . . . . : Yes > ************** DCDIAG /v for DC1 > Directory Server Diagnosis > Performing initial setup: > Trying to find home server... > * Verifying that the local machine DC1, is a Directory Server. > Home Server = DC1 > * Connecting to directory service on server DC1. > > * Identified AD Forest. > Collecting AD specific global data > * Collecting site info. > Calling > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC= > LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... > The previous call succeeded > Iterating through the sites > Looking at base site object: CN=NTDS Site > Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomai > n,DC=LAN > Getting ISTG and options for the site > * Identifying all servers. > Calling > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC= > LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... > The previous call succeeded.... > The previous call succeeded > Iterating through the list of servers > Getting information for the server CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > objectGuid obtained > InvocationID obtained > dnsHostname obtained > site info obtained > All the info for the server collected > Getting information for the server CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > objectGuid obtained > InvocationID obtained > dnsHostname obtained > site info obtained > All the info for the server collected > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 1 of them. > > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site\DC1 > > Starting test: Connectivity > > * Active Directory LDAP Services Check > Determining IP4 connectivity > Determining IP6 connectivity > * Active Directory RPC Services Check > ......................... DC1 passed test Connectivity > Doing primary tests > > Testing server: Default-First-Site\DC1 > > Starting test: Advertising > > The DC DC1 is advertising itself as a DC and having a DS. > The DC DC1 is advertising as an LDAP server > The DC DC1 is advertising as having a writeable directory > The DC DC1 is advertising as a Key Distribution Center > The DC DC1 is advertising as a time server > The DS DC1 is advertising as a GC. > ......................... DC1 passed test Advertising > Test omitted by user request: CheckSecurityError > > Test omitted by user request: CutoffServers > > Starting test: FrsEvent > > * The File Replication Service Event log test > ......................... DC1 passed test FrsEvent > Starting test: DFSREvent > > The DFS Replication Event Log. > ......................... DC1 passed test DFSREvent > Starting test: SysVolCheck > > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC1 passed test SysVolCheck > Starting test: KccEvent > > * The KCC Event log test > Found no KCC errors in "Directory Service" Event log in the > last 15 minutes. > ......................... DC1 passed test KccEvent > Starting test: KnowsOfRoleHolders > > Role Schema Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Domain Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role PDC Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Rid Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > ......................... DC1 passed test KnowsOfRoleHolders > Starting test: MachineAccount > > Checking machine account for DC DC1 on DC DC1. > * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain.LAN > * SPN found :LDAP/DC1.LocalDomain.LAN > * SPN found :LDAP/DC1 > * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain > * SPN found > :LDAP/ad7d47f5-c84a-4622-ad2b-c885b7f675b2._msdcs.LocalDomain.LAN > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ad7d47f5-c84a-4622-ad2b-c885b7f6 > 75b2/LocalDomain.LAN > * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain.LAN > * SPN found :HOST/DC1.LocalDomain.LAN > * SPN found :HOST/DC1 > * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain > * SPN found :GC/DC1.LocalDomain.LAN/LocalDomain.LAN > ......................... DC1 passed test MachineAccount > Starting test: NCSecDesc > > * Security Permissions check for all NC's on DC DC1. > * Security Permissions Check for > DC=DomainDnsZones,DC=LocalDomain,DC=LAN > (NDNC,Version 3) > * Security Permissions Check for > DC=ForestDnsZones,DC=LocalDomain,DC=LAN > (NDNC,Version 3) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN > (Schema,Version 3) > * Security Permissions Check for > CN=Configuration,DC=LocalDomain,DC=LAN > (Configuration,Version 3) > * Security Permissions Check for > DC=LocalDomain,DC=LAN > (Domain,Version 3) > ......................... DC1 passed test NCSecDesc > Starting test: NetLogons > > * Network Logons Privileges Check > Verified share \\DC1\netlogon > Verified share \\DC1\sysvol > ......................... DC1 passed test NetLogons > Starting test: ObjectsReplicated > > DC1 is in domain DC=LocalDomain,DC=LAN > Checking for CN=DC1,OU=Domain > Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1 > servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers > Object is up-to-date on all servers. > ......................... DC1 passed test ObjectsReplicated > Test omitted by user request: OutboundSecureChannels > > Starting test: Replications > > * Replications Check > * Replication Latency Check > DC=DomainDnsZones,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > DC=ForestDnsZones,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > ......................... DC1 passed test Replications > Starting test: RidManager > > * Available RID Pool for the Domain is 6105 to 1073741823 > * DC1.LocalDomain.LAN is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 5105 to 5604 > * rIDPreviousAllocationPool is 5105 to 5604 > * rIDNextRID: 5106 > ......................... DC1 passed test RidManager > Starting test: Services > > * Checking Service: EventSystem > * Checking Service: RpcSs > * Checking Service: NTDS > * Checking Service: DnsCache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC1 passed test Services > Starting test: SystemLog > > * The System Event log test > Found no errors in "System" Event log in the last 60 > minutes. > ......................... DC1 passed test SystemLog > Test omitted by user request: Topology > > Test omitted by user request: VerifyEnterpriseReferences > > Starting test: VerifyReferences > > The system object reference (serverReference) > > CN=DC1,OU=Domain Controllers,DC=LocalDomain,DC=LAN and > backlink on > > CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=L > ocalDomain,DC=LAN > > are correct. > The system object reference (serverReferenceBL) > CN=DC1-2,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=LocalDomain,DC=LAN > > and backlink on > > CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > > are correct. > ......................... DC1 passed test VerifyReferences > Test omitted by user request: VerifyReplicas > > Test omitted by user request: DNS > > Test omitted by user request: DNS > > Running partition tests on : DomainDnsZones > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Running partition tests on : ForestDnsZones > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > Running partition tests on : Schema > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... Schema passed test > CrossRefValidation > > Running partition tests on : Configuration > > Starting test: CheckSDRefDom > > ......................... Configuration passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... Configuration passed test > CrossRefValidation > > Running partition tests on : LocalDomain > > Starting test: CheckSDRefDom > > ......................... LocalDomain passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... LocalDomain passed test > CrossRefValidation > > Running enterprise tests on : LocalDomain.LAN > > Test omitted by user request: DNS > > Test omitted by user request: DNS > > Starting test: LocatorCheck > > GC Name: \\DC1.LocalDomain.LAN > > Locator Flags: 0xe00013fd > PDC Name: \\DC1.LocalDomain.LAN > Locator Flags: 0xe00013fd > Time Server Name: \\DC1.LocalDomain.LAN > Locator Flags: 0xe00013fd > Preferred Time Server Name: \\DC1.LocalDomain.LAN > Locator Flags: 0xe00013fd > KDC Name: \\DC1.LocalDomain.LAN > Locator Flags: 0xe00013fd > ......................... LocalDomain.LAN passed test > LocatorCheck > Starting test: Intersite > > Skipping site Default-First-Site, this site is outside the > scope > > provided by the command line arguments provided. > ......................... LocalDomain.LAN passed test > Intersite > ************** DCDIAG /v for DC2 > Directory Server Diagnosis > Performing initial setup: > Trying to find home server... > * Verifying that the local machine DC2, is a Directory Server. > Home Server = DC2 > * Connecting to directory service on server DC2. > > * Identified AD Forest. > Collecting AD specific global data > * Collecting site info. > Calling > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC= > LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... > The previous call succeeded > Iterating through the sites > Looking at base site object: CN=NTDS Site > Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomai > n,DC=LAN > Getting ISTG and options for the site > * Identifying all servers. > Calling > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC= > LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... > The previous call succeeded.... > The previous call succeeded > Iterating through the list of servers > Getting information for the server CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > objectGuid obtained > InvocationID obtained > dnsHostname obtained > site info obtained > All the info for the server collected > Getting information for the server CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > objectGuid obtained > InvocationID obtained > dnsHostname obtained > site info obtained > All the info for the server collected > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 1 of them. > > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site\DC2 > > Starting test: Connectivity > > * Active Directory LDAP Services Check > Determining IP4 connectivity > Determining IP6 connectivity > * Active Directory RPC Services Check > ......................... DC2 passed test Connectivity > Doing primary tests > > Testing server: Default-First-Site\DC2 > > Starting test: Advertising > > The DC DC2 is advertising itself as a DC and having a DS. > The DC DC2 is advertising as an LDAP server > The DC DC2 is advertising as having a writeable directory > The DC DC2 is advertising as a Key Distribution Center > The DC DC2 is advertising as a time server > The DS DC2 is advertising as a GC. > ......................... DC2 passed test Advertising > Test omitted by user request: CheckSecurityError > > Test omitted by user request: CutoffServers > > Starting test: FrsEvent > > * The File Replication Service Event log test > ......................... DC2 passed test FrsEvent > Starting test: DFSREvent > > The DFS Replication Event Log. > ......................... DC2 passed test DFSREvent > Starting test: SysVolCheck > > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC2 passed test SysVolCheck > Starting test: KccEvent > > * The KCC Event log test > Found no KCC errors in "Directory Service" Event log in the > last 15 minutes. > ......................... DC2 passed test KccEvent > Starting test: KnowsOfRoleHolders > > Role Schema Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Domain Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role PDC Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Rid Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > ......................... DC2 passed test KnowsOfRoleHolders > Starting test: MachineAccount > > Checking machine account for DC DC2 on DC DC2. > * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain.LAN > * SPN found :LDAP/DC2.LocalDomain.LAN > * SPN found :LDAP/DC2 > * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain > * SPN found > :LDAP/1799c6b1-0369-4d37-89ae-f2387dc63968._msdcs.LocalDomain.LAN > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1799c6b1-0369-4d37-89ae-f2387dc6 > 3968/LocalDomain.LAN > * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain.LAN > * SPN found :HOST/DC2.LocalDomain.LAN > * SPN found :HOST/DC2 > * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain > * SPN found :GC/DC2.LocalDomain.LAN/LocalDomain.LAN > ......................... DC2 passed test MachineAccount > Starting test: NCSecDesc > > * Security Permissions check for all NC's on DC DC2. > * Security Permissions Check for > DC=DomainDnsZones,DC=LocalDomain,DC=LAN > (NDNC,Version 3) > * Security Permissions Check for > DC=ForestDnsZones,DC=LocalDomain,DC=LAN > (NDNC,Version 3) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN > (Schema,Version 3) > * Security Permissions Check for > CN=Configuration,DC=LocalDomain,DC=LAN > (Configuration,Version 3) > * Security Permissions Check for > DC=LocalDomain,DC=LAN > (Domain,Version 3) > ......................... DC2 passed test NCSecDesc > Starting test: NetLogons > > * Network Logons Privileges Check > Verified share \\DC2\netlogon > Verified share \\DC2\sysvol > ......................... DC2 passed test NetLogons > Starting test: ObjectsReplicated > > DC2 is in domain DC=LocalDomain,DC=LAN > Checking for CN=DC2,OU=Domain > Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1 > servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers > Object is up-to-date on all servers. > ......................... DC2 passed test ObjectsReplicated > Test omitted by user request: OutboundSecureChannels > > Starting test: Replications > > * Replications Check > * Replication Latency Check > DC=DomainDnsZones,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > DC=ForestDnsZones,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > DC=LocalDomain,DC=LAN > Latency information for 7 entries in the vector were > ignored. > 7 were retired Invocations. 0 were either: > read-only > replicas and are not verifiably latent, or dc's no longer replicating > this nc. 0 had no latency information (Win2K DC). > ......................... DC2 passed test Replications > Starting test: RidManager > > * Available RID Pool for the Domain is 6105 to 1073741823 > * DC1.LocalDomain.LAN is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 5605 to 6104 > * rIDPreviousAllocationPool is 5605 to 6104 > * rIDNextRID: 5609 > ......................... DC2 passed test RidManager > Starting test: Services > > * Checking Service: EventSystem > * Checking Service: RpcSs > * Checking Service: NTDS > * Checking Service: DnsCache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC2 passed test Services > Starting test: SystemLog > > * The System Event log test > An Warning Event occurred. EventID: 0x00001695 > Time Generated: 11/04/2009 09:52:07 > > EvtFormatMessage failed, error 15100 Win32 Error 15100. > (Event String (event log = System) could not be > retrieved, > error > 0x3afc) > > Found no errors in "System" Event log in the last 60 > minutes. > ......................... DC2 passed test SystemLog > Test omitted by user request: Topology > > Test omitted by user request: VerifyEnterpriseReferences > > Starting test: VerifyReferences > > The system object reference (serverReference) > > CN=DC2,OU=Domain Controllers,DC=LocalDomain,DC=LAN and > backlink on > > CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=L > ocalDomain,DC=LAN > > are correct. > The system object reference (serverReferenceBL) > CN=DC2-2,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=LocalDomain,DC=LAN > > and backlink on > > CN=NTDS > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura > tion,DC=LocalDomain,DC=LAN > > are correct. > ......................... DC2 passed test VerifyReferences > Test omitted by user request: VerifyReplicas > > Test omitted by user request: DNS > > Test omitted by user request: DNS > > Running partition tests on : DomainDnsZones > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Running partition tests on : ForestDnsZones > > Starting test: CheckSDRefDom > > ......................... ForestDnsZones passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... ForestDnsZones passed test > > CrossRefValidation > > Running partition tests on : Schema > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... Schema passed test > CrossRefValidation > > Running partition tests on : Configuration > > Starting test: CheckSDRefDom > > ......................... Configuration passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... Configuration passed test > CrossRefValidation > > Running partition tests on : LocalDomain > > Starting test: CheckSDRefDom > > ......................... LocalDomain passed test > CheckSDRefDom > > Starting test: CrossRefValidation > > ......................... LocalDomain passed test > CrossRefValidation > > Running enterprise tests on : LocalDomain.LAN > > Test omitted by user request: DNS > > Test omitted by user request: DNS > > Starting test: LocatorCheck > > GC Name: \\DC2.LocalDomain.LAN > > Locator Flags: 0xe00013fc > PDC Name: \\DC1.LocalDomain.LAN > Locator Flags: 0xe00013fd > Time Server Name: \\DC2.LocalDomain.LAN > Locator Flags: 0xe00013fc > Preferred Time Server Name: \\DC2.LocalDomain.LAN > Locator Flags: 0xe00013fc > KDC Name: \\DC2.LocalDomain.LAN > Locator Flags: 0xe00013fc > ......................... LocalDomain.LAN passed test > LocatorCheck > Starting test: Intersite > > Skipping site Default-First-Site, this site is outside the > scope > > provided by the command line arguments provided. > ......................... LocalDomain.LAN passed test > Intersite |