DNS/Active Directory Issue

  • Thread starter Thread starter Lem@community.nospam
  • Start date Start date
RE: DNS/Active Directory Issue

Hi David,

I did run the dcdiag command after the rendom but it was a few days after
and I also had to call microsoft which they fixed the problem at first but
the frsevent error came up again today after I demoted my backup domain
controller and then I promoted it again yesterday, since that was what the
microsoft techs recommended that I do once I got a dcdiag with no failed
tests.

So Im thinking maybe I need to wait another 24 hours. But I also am able to
replicate using the ntds under active directory sites and services.

group policy seems to be working but here are my dcdiags from my primary and
my secondary dcs



Primary DC:


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine netserver1, is a DC.
* Connecting to directory service on server netserver1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ilcuboard,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ilcuboard,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
......................... NETSERVER1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC NETSERVER1.
* Security Permissions Check for
DC=ForestDnsZones,DC=ilcuboard,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=ilcuboard,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=ilcuboard,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=ilcuboard,DC=local
(Domain,Version 2)
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\NETSERVER1\netlogon
Verified share \\NETSERVER1\sysvol
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
The DC NETSERVER1 is advertising itself as a DC and having a DS.
The DC NETSERVER1 is advertising as an LDAP server
The DC NETSERVER1 is advertising as having a writeable directory
The DC NETSERVER1 is advertising as a Key Distribution Center
The DC NETSERVER1 is advertising as a time server
The DS NETSERVER1 is advertising as a GC.
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7217 to 1073741823
* netserver1.ilcuboard.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6217 to 6716
* rIDPreviousAllocationPool is 6217 to 6716
* rIDNextRID: 6218
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC NETSERVER1 on DC NETSERVER1.
* SPN found :LDAP/netserver1.ilcuboard.local/ilcuboard.local
* SPN found :LDAP/netserver1.ilcuboard.local
* SPN found :LDAP/NETSERVER1
* SPN found :LDAP/netserver1.ilcuboard.local/CUB_DOMAIN
* SPN found
:LDAP/827c49b4-9a34-4c00-a2fe-c9048d23e005._msdcs.ilcuboard.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/827c49b4-9a34-4c00-a2fe-c9048d23e005/ilcuboard.local
* SPN found :HOST/netserver1.ilcuboard.local/ilcuboard.local
* SPN found :HOST/netserver1.ilcuboard.local
* SPN found :HOST/NETSERVER1
* SPN found :HOST/netserver1.ilcuboard.local/CUB_DOMAIN
* SPN found :GC/netserver1.ilcuboard.local/ilcuboard.local
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... NETSERVER1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
NETSERVER1 is in domain DC=ilcuboard,DC=local
Checking for CN=NETSERVER1,OU=Domain
Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers
Object is up-to-date on all servers.
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/22/2008 14:58:01
(Event String could not be retrieved)
......................... NETSERVER1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... NETSERVER1 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and
backlink

on


CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ilcuboard,DC=local

and backlink on

CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are
correct.

The system object reference (serverReferenceBL)

CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ilcuboard,DC=local

and backlink on

CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local

are correct.
......................... NETSERVER1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
PDC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
Time Server Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
KDC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
......................... ilcuboard.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS


----------------------------------------------------------------------------------------------
Secondary DC:

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine mserver1, is a DC.
* Connecting to directory service on server mserver1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\mserver1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... mserver1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\mserver1
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=ilcuboard,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=ilcuboard,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=ilcuboard,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
......................... mserver1 passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC mserver1.
* Security Permissions Check for
DC=ForestDnsZones,DC=ilcuboard,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=ilcuboard,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=ilcuboard,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=ilcuboard,DC=local
(Domain,Version 2)
......................... mserver1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\mserver1\netlogon)
[mserver1] An net use or LsaPolicy operation failed with error
1203, No network provider accepted the given network path..
......................... mserver1 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for
\\netserver1.ilcuboard.local, when we were trying to reach mserver1.
Server is not responding or is not considered suitable.
The DC mserver1 is advertising itself as a DC and having a DS.
The DC mserver1 is advertising as an LDAP server
The DC mserver1 is advertising as having a writeable directory
The DC mserver1 is advertising as a Key Distribution Center
The DC mserver1 is advertising as a time server
The DS mserver1 is advertising as a GC.
......................... mserver1 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
......................... mserver1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 7217 to 1073741823
* netserver1.ilcuboard.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6717 to 7216
* rIDPreviousAllocationPool is 6717 to 7216
* rIDNextRID: 6718
......................... mserver1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC mserver1 on DC mserver1.
* SPN found :LDAP/mserver1.ilcuboard.local/ilcuboard.local
* SPN found :LDAP/mserver1.ilcuboard.local
* SPN found :LDAP/mserver1
* SPN found :LDAP/mserver1.ilcuboard.local/CUB_DOMAIN
* SPN found
:LDAP/1a87de41-0c78-48af-b34b-311e306289fc._msdcs.ilcuboard.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/1a87de41-0c78-48af-b34b-311e306289fc/ilcuboard.local
* SPN found :HOST/mserver1.ilcuboard.local/ilcuboard.local
* SPN found :HOST/mserver1.ilcuboard.local
* SPN found :HOST/mserver1
* SPN found :HOST/mserver1.ilcuboard.local/CUB_DOMAIN
* SPN found :GC/mserver1.ilcuboard.local/ilcuboard.local
......................... mserver1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... mserver1 passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
mserver1 is in domain DC=ilcuboard,DC=local
Checking for CN=MSERVER1,OU=Domain
Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers
Object is up-to-date on all servers.
......................... mserver1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The

error returned was 0 (The operation completed successfully.). Check

the FRS event log to see if the SYSVOL has successfully been shared.
......................... mserver1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the

SYSVOL has been shared. Failing SYSVOL replication problems may
cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034FD
Time Generated: 07/22/2008 12:27:03
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/22/2008 12:28:59
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 07/22/2008 12:36:59
(Event String could not be retrieved)
......................... mserver1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... mserver1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... mserver1 passed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=MSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and backlink

on


CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=MSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ilcuboard,DC=local

and backlink on

CN=MSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are correct.
The system object reference (serverReferenceBL)

CN=MSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=ilcuboard,DC=local

and backlink on

CN=NTDS
Settings,CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local

are correct.
......................... mserver1 passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope

provided by the command line arguments provided.
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
PDC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
Time Server Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
KDC Name: \\netserver1.ilcuboard.local
Locator Flags: 0xe00003fd
......................... ilcuboard.local passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS





"David Shen [MSFT]" wrote:

> Hi LEM,
>
> Thanks for the reply.
>
> Based on the log file, I noticed the error message as follow.
>
> There are warning or error events within the last 24 hours after the SYSVOL
> has been shared. Failing SYSVOL replication problems may cause Group
> Policy problems. ......................... NETSERVER1 failed test frsevent
>
> As all other tests have passed, it seems that the server is working
> properly now. This error will be reported whenever there is any warning or
> error events within the last 24 hours. When did you run the dcdiag.exe
> tool? Did you run it just after you ran the “random clean” command. If you
> ran dcdiag tool just after you fixed the issue, this error might be
> reported even though the problem has gone away.
>
> Please check on all the domain controllers to see if SYSVOL contents have
> been replicated properly. Meanwhile, please wait for 24 hours and then run
> "dcdiag /fix" again to see if the error still exists.
>
> Hope it helps.
>
> David Shen
> Microsoft Online Partner Support
>
>
 
RE: DNS/Active Directory Issue



Hi David,

I just wanted to update that waiting and running dcdiag did turn out to be
part of the solution. But for some strange reason now my secondary dc is
having an issue with the frsevent failing but Im going to wait on that one as
well.

Thanks for all your help. The dcdiag and netdiag tests are now without any
failures.

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag

.........................................

Computer Name: NETSERVER1
DNS Host Name: netserver1.ilcuboard.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
List of installed hotfixes :
KB924667-v2
KB925398_WMP64
KB925876
KB925902
KB926122
KB927891
KB929123
KB930178
KB931784
KB932168
KB933729
KB933854
KB935839
KB935840
KB936021
KB936357
KB936782
KB938127
KB938127-IE7
KB941202
KB941569
KB941644
KB941672
KB941693
KB942763
KB943055
KB943460
KB943485
KB943729
KB944338
KB944653
KB945553
KB946026
KB948496
KB948590
KB948745
KB949014
KB950759
KB950759-IE7
KB950760
KB950762
KB951698
KB951746
KB951748
Q147222


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : netserver1
IP Address . . . . . . . . : 192.168.100.87
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 192.168.100.1
Primary WINS Server. . . . : 192.168.100.87
Dns Servers. . . . . . . . : 192.168.100.87
192.168.100.77
192.168.100.94


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Passed

NetBT name test. . . . . . : Passed
No remote names have been found.

WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'192.168.100.
87' and other DCs also have some of the names registered.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS
server 192.168.100.77, ERROR_TIMEOUT.
[WARNING] The DNS entries for this DC cannot be verified right now on
DNS
server 192.168.100.94, ERROR_TIMEOUT.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Connectivity
......................... NETSERVER1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\NETSERVER1
Starting test: Replications
......................... NETSERVER1 passed test Replications
Starting test: NCSecDesc
......................... NETSERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... NETSERVER1 passed test NetLogons
Starting test: Advertising
......................... NETSERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... NETSERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... NETSERVER1 passed test RidManager
Starting test: MachineAccount
......................... NETSERVER1 passed test MachineAccount
Starting test: Services
......................... NETSERVER1 passed test Services
Starting test: ObjectsReplicated
......................... NETSERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... NETSERVER1 passed test frssysvol
Starting test: frsevent
......................... NETSERVER1 passed test frsevent
Starting test: kccevent
......................... NETSERVER1 passed test kccevent
Starting test: systemlog
......................... NETSERVER1 passed test systemlog
Starting test: VerifyReferences
......................... NETSERVER1 passed test VerifyReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : ilcuboard
Starting test: CrossRefValidation
......................... ilcuboard passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ilcuboard passed test CheckSDRefDom

Running enterprise tests on : ilcuboard.local
Starting test: Intersite
......................... ilcuboard.local passed test Intersite
Starting test: FsmoCheck
......................... ilcuboard.local passed test FsmoCheck

C:\Documents and Settings\Administrator.CUB_DOMAIN>
"Lem@community.nospam" wrote:

> Hi David,
>
> I did run the dcdiag command after the rendom but it was a few days after
> and I also had to call microsoft which they fixed the problem at first but
> the frsevent error came up again today after I demoted my backup domain
> controller and then I promoted it again yesterday, since that was what the
> microsoft techs recommended that I do once I got a dcdiag with no failed
> tests.
>
> So Im thinking maybe I need to wait another 24 hours. But I also am able to
> replicate using the ntds under active directory sites and services.
>
> group policy seems to be working but here are my dcdiags from my primary and
> my secondary dcs
>
>
>
> Primary DC:
>
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine netserver1, is a DC.
> * Connecting to directory service on server netserver1.
> * Collecting site info.
> * Identifying all servers.
> * Identifying all NC cross-refs.
> * Found 2 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\NETSERVER1
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
> ......................... NETSERVER1 passed test Connectivity
>
> Doing primary tests
>
> Testing server: Default-First-Site-Name\NETSERVER1
> Starting test: Replications
> * Replications Check
> * Replication Latency Check
> DC=ForestDnsZones,DC=ilcuboard,DC=local
> Latency information for 1 entries in the vector were ignored.
> 1 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> DC=DomainDnsZones,DC=ilcuboard,DC=local
> Latency information for 1 entries in the vector were ignored.
> 1 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
> Latency information for 7 entries in the vector were ignored.
> 7 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> CN=Configuration,DC=ilcuboard,DC=local
> Latency information for 7 entries in the vector were ignored.
> 7 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> DC=ilcuboard,DC=local
> Latency information for 7 entries in the vector were ignored.
> 7 were retired Invocations. 0 were either: read-only
> replicas and are not verifiably latent, or dc's no longer replicating this
> nc. 0 had no latency information (Win2K DC).
> ......................... NETSERVER1 passed test Replications
> Test omitted by user request: Topology
> Test omitted by user request: CutoffServers
> Starting test: NCSecDesc
> * Security Permissions check for all NC's on DC NETSERVER1.
> * Security Permissions Check for
> DC=ForestDnsZones,DC=ilcuboard,DC=local
> (NDNC,Version 2)
> * Security Permissions Check for
> DC=DomainDnsZones,DC=ilcuboard,DC=local
> (NDNC,Version 2)
> * Security Permissions Check for
> CN=Schema,CN=Configuration,DC=ilcuboard,DC=local
> (Schema,Version 2)
> * Security Permissions Check for
> CN=Configuration,DC=ilcuboard,DC=local
> (Configuration,Version 2)
> * Security Permissions Check for
> DC=ilcuboard,DC=local
> (Domain,Version 2)
> ......................... NETSERVER1 passed test NCSecDesc
> Starting test: NetLogons
> * Network Logons Privileges Check
> Verified share \\NETSERVER1\netlogon
> Verified share \\NETSERVER1\sysvol
> ......................... NETSERVER1 passed test NetLogons
> Starting test: Advertising
> The DC NETSERVER1 is advertising itself as a DC and having a DS.
> The DC NETSERVER1 is advertising as an LDAP server
> The DC NETSERVER1 is advertising as having a writeable directory
> The DC NETSERVER1 is advertising as a Key Distribution Center
> The DC NETSERVER1 is advertising as a time server
> The DS NETSERVER1 is advertising as a GC.
> ......................... NETSERVER1 passed test Advertising
> Starting test: KnowsOfRoleHolders
> Role Schema Owner = CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> Role Domain Owner = CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> Role PDC Owner = CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> Role Rid Owner = CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> Role Infrastructure Update Owner = CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> ......................... NETSERVER1 passed test KnowsOfRoleHolders
> Starting test: RidManager
> * Available RID Pool for the Domain is 7217 to 1073741823
> * netserver1.ilcuboard.local is the RID Master
> * DsBind with RID Master was successful
> * rIDAllocationPool is 6217 to 6716
> * rIDPreviousAllocationPool is 6217 to 6716
> * rIDNextRID: 6218
> ......................... NETSERVER1 passed test RidManager
> Starting test: MachineAccount
> Checking machine account for DC NETSERVER1 on DC NETSERVER1.
> * SPN found :LDAP/netserver1.ilcuboard.local/ilcuboard.local
> * SPN found :LDAP/netserver1.ilcuboard.local
> * SPN found :LDAP/NETSERVER1
> * SPN found :LDAP/netserver1.ilcuboard.local/CUB_DOMAIN
> * SPN found
> :LDAP/827c49b4-9a34-4c00-a2fe-c9048d23e005._msdcs.ilcuboard.local
> * SPN found
> :E3514235-4B06-11D1-AB04-00C04FC2DCD2/827c49b4-9a34-4c00-a2fe-c9048d23e005/ilcuboard.local
> * SPN found :HOST/netserver1.ilcuboard.local/ilcuboard.local
> * SPN found :HOST/netserver1.ilcuboard.local
> * SPN found :HOST/NETSERVER1
> * SPN found :HOST/netserver1.ilcuboard.local/CUB_DOMAIN
> * SPN found :GC/netserver1.ilcuboard.local/ilcuboard.local
> ......................... NETSERVER1 passed test MachineAccount
> Starting test: Services
> * Checking Service: Dnscache
> * Checking Service: NtFrs
> * Checking Service: IsmServ
> * Checking Service: kdc
> * Checking Service: SamSs
> * Checking Service: LanmanServer
> * Checking Service: LanmanWorkstation
> * Checking Service: RpcSs
> * Checking Service: w32time
> * Checking Service: NETLOGON
> ......................... NETSERVER1 passed test Services
> Test omitted by user request: OutboundSecureChannels
> Starting test: ObjectsReplicated
> NETSERVER1 is in domain DC=ilcuboard,DC=local
> Checking for CN=NETSERVER1,OU=Domain
> Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers
> Object is up-to-date on all servers.
> Checking for CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
> in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers
> Object is up-to-date on all servers.
> ......................... NETSERVER1 passed test ObjectsReplicated
> Starting test: frssysvol
> * The File Replication Service SYSVOL ready test
> File Replication Service's SYSVOL is ready
> ......................... NETSERVER1 passed test frssysvol
> Starting test: frsevent
> * The File Replication Service Event log test
> There are warning or error events within the last 24 hours after the
>
> SYSVOL has been shared. Failing SYSVOL replication problems may
> cause
>
> Group Policy problems.
> An Warning Event occured. EventID: 0x800034C4
> Time Generated: 07/22/2008 14:58:01
> (Event String could not be retrieved)
> ......................... NETSERVER1 failed test frsevent
> Starting test: kccevent
> * The KCC Event log test
> Found no KCC errors in Directory Service Event log in the last 15
> minutes.
> ......................... NETSERVER1 passed test kccevent
> Starting test: systemlog
> * The System Event log test
> Found no errors in System Event log in the last 60 minutes.
> ......................... NETSERVER1 passed test systemlog
> Test omitted by user request: VerifyReplicas
> Starting test: VerifyReferences
> The system object reference (serverReference)
>
> CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and
> backlink
>
> on
>
>
> CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
>
> are correct.
> The system object reference (frsComputerReferenceBL)
>
> CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=ilcuboard,DC=local
>
> and backlink on
>
> CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are
> correct.
>
> The system object reference (serverReferenceBL)
>
> CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File
> Replication Service,CN=System,DC=ilcuboard,DC=local
>
> and backlink on
>
> CN=NTDS
> Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local
>
> are correct.
> ......................... NETSERVER1 passed test VerifyReferences
> Test omitted by user request: VerifyEnterpriseReferences
> Test omitted by user request: CheckSecurityError
>
> Running partition tests on : ForestDnsZones
> Starting test: CrossRefValidation
> ......................... ForestDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ForestDnsZones passed test CheckSDRefDom
>
> Running partition tests on : DomainDnsZones
> Starting test: CrossRefValidation
> ......................... DomainDnsZones passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... DomainDnsZones passed test CheckSDRefDom
>
> Running partition tests on : Schema
> Starting test: CrossRefValidation
> ......................... Schema passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Schema passed test CheckSDRefDom
>
> Running partition tests on : Configuration
> Starting test: CrossRefValidation
> ......................... Configuration passed test
> CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... Configuration passed test CheckSDRefDom
>
> Running partition tests on : ilcuboard
> Starting test: CrossRefValidation
> ......................... ilcuboard passed test CrossRefValidation
> Starting test: CheckSDRefDom
> ......................... ilcuboard passed test CheckSDRefDom
>
> Running enterprise tests on : ilcuboard.local
> Starting test: Intersite
> Skipping site Default-First-Site-Name, this site is outside the scope
>
> provided by the command line arguments provided.
> ......................... ilcuboard.local passed test Intersite
> Starting test: FsmoCheck
> GC Name: \\netserver1.ilcuboard.local
> Locator Flags: 0xe00003fd
> PDC Name: \\netserver1.ilcuboard.local
> Locator Flags: 0xe00003fd
> Time Server Name: \\netserver1.ilcuboard.local
> Locator Flags: 0xe00003fd
> Preferred Time Server Name: \\netserver1.ilcuboard.local
> Locator Flags: 0xe00003fd
> KDC Name: \\netserver1.ilcuboard.local
> Locator Flags: 0xe00003fd
> ......................... ilcuboard.local passed test FsmoCheck
> Test omitted by user request: DNS
> Test omitted by user request: DNS
>
>
> ----------------------------------------------------------------------------------------------
> Secondary DC:
>
> Domain Controller Diagnosis
>
> Performing initial setup:
> * Verifying that the local machine mserver1, is a DC.
> * Connecting to directory service on server mserver1.
> * Collecting site info.
> * Identifying all servers.
> * Identifying all NC cross-refs.
> * Found 2 DC(s). Testing 1 of them.
> Done gathering initial info.
>
> Doing initial required tests
>
> Testing server: Default-First-Site-Name\mserver1
> Starting test: Connectivity
> * Active Directory LDAP Services Check
> * Active Directory RPC Services Check
 
RE: DNS/Active Directory Issue

Hello Lem,

It seems that the issue has been resolve on the PDC. For the error on the
secondary DC, please keep wait on and run "dcdiag /fix" again to check if
the error will re-ocurr.

If the issue still exists, please collect Directory Edition of MPS_Report
log for further research.

Please Download the Directory Edition of MPS_Report tool from
<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The
%COMPUTERNAME%_MPSReports_.CAB file which is under the
%systemroot%\MPSReports\Setup\Lite\Cab directory.

Please send the text file and MPS report CAB file to tfwst@microsoft.com,
and then I am happy to be of assistance. As I noticed that you have
contacted CSS, you may also reopen the case to work with the support
engineer if the issue is urgent. Generally speaking, phone call support is
more efficient than newsgroup reply :)

Thanks for the co-operation.

David Shen
Microsoft Online Partner Support
 
RE: DNS/Active Directory Issue

Hello Lem,

It seems that the issue has been resolve on the PDC. For the error on the
secondary DC, please keep wait on and run "dcdiag /fix" again to check if
the error will re-ocurr.

If the issue still exists, please collect Directory Edition of MPS_Report
log for further research.

Please Download the Directory Edition of MPS_Report tool from
<http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The
%COMPUTERNAME%_MPSReports_.CAB file which is under the
%systemroot%\MPSReports\Setup\Lite\Cab directory.

Please send the text file and MPS report CAB file to tfwst@microsoft.com,
and then I am happy to be of assistance. As I noticed that you have
contacted CSS, you may also reopen the case to work with the support
engineer if the issue is urgent. Generally speaking, phone call support is
more efficient than newsgroup reply :)

Thanks for the co-operation.

David Shen
Microsoft Online Partner Support
 
RE: DNS/Active Directory Issue

Thanks David,

I appreciate your responses, but I contacted the support rep and he
continues to tell me that the frsevent is referring to old event logs. Which
I find questionable since now the frsevent test failed again now on both
domain controllers.

The microsoft rep continues to say as long as no services are affected they
do not troubleshoot errors or warnings unless they cause work stoppages.
Its true that group policy seems to be functioning properly and I can
replicate using the ntds settings but its got to be some reason the test
bounces back and forth between pass and fail and now both are failing the
frsevent.

Before I request a different support technician I would like your opinion on
my situation, because it is my understanding that this frsevent test should
not be failing.

Thanks

"David Shen [MSFT]" wrote:

> Hello Lem,
>
> It seems that the issue has been resolve on the PDC. For the error on the
> secondary DC, please keep wait on and run "dcdiag /fix" again to check if
> the error will re-ocurr.
>
> If the issue still exists, please collect Directory Edition of MPS_Report
> log for further research.
>
> Please Download the Directory Edition of MPS_Report tool from
> <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd
> 915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The
> %COMPUTERNAME%_MPSReports_.CAB file which is under the
> %systemroot%\MPSReports\Setup\Lite\Cab directory.
>
> Please send the text file and MPS report CAB file to tfwst@microsoft.com,
> and then I am happy to be of assistance. As I noticed that you have
> contacted CSS, you may also reopen the case to work with the support
> engineer if the issue is urgent. Generally speaking, phone call support is
> more efficient than newsgroup reply :)
>
> Thanks for the co-operation.
>
> David Shen
> Microsoft Online Partner Support
>
>
 
RE: DNS/Active Directory Issue

Hello Lem,

According to the experience, the error is reported when there are NTFRS
warning or errors in the past 24 hours. To determine whether it is
necessary to continue troubleshooting, please check the "File Replication
Service" event log to see whether there are any errors in the past 24
hours. Generally speaking, if the group policy can be replicated properly,
FRS should be working normally.

Hope it helps.

David Shen
Microsoft Online Partner Support
 

Similar threads

N
Beginner Troubles
Replies
0
Views
974
newtonetworks
N
S
Pls Help: Can't Join Windows 2008 R2 Domain
Replies
13
Views
2,204
stwong
S
G
Need Help With Active Directory And Dns
Replies
0
Views
1,597
Gloppy
G
K
DCDIAG and NETDIAG point to no Issue but many Error Events
Replies
4
Views
373
Meinolf Weber
M
A
Re: Server 2003 add user problem
Replies
1
Views
191
Hikmat Kanaan
H
Back
Top