DCDIAG " VerifyEnterpriseReferences" Failed
From last few days we are observing that our ROOT DC is giving very slow response when anybody is trying to log in. Post running all the command, we have got the below error. It's basically DCDIAG command for testing all the key services in the Domain Controller.
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object: CN=LostAndFoundConfig,CN=Configuration,DC=CONTOSO,DC=COM
Base Object Description: "Server Object"
Value Object Attribute: serverReference
Value Object Description: "DC Account Object"
Recommended Action: This could hamper authentication (and thus
replication, etc). Check if this server is deleted, and if so
clean up this DCs Account Object. If the problem persists and
this is not a deleted DC, authoratively restore the DSA object from
a good copy, for example the DSA on the DSA's home server.
......................... FORESTROOTDC failed test
Connect to the "Configuration" partition using ADSIEdit and browse to "CN=LostAndFoundConfig,CN=Configuration,DC=CONTOSO,DC=COM" verify that the ntdsa object belongs to a demoted/deleted DC - if so delete the object(s)
Open the ADSI Edit MMC snap-in.
On the Action menu, click Connect to.
In the Connection Settings dialog box, in the Name field, enter a name for the ADSI connection. Under
Connection Point, select Select a well known Naming Context, and then select
Configuration in the drop-down menu. Click OK.
In the left pane, double-click the Configuration object, and then double-click
LostAndFoundConfig.
In the right pane, delete all objects and containers. Right-click the object or container, click
Delete, and then click Yes.
Exit ADSI Edit.
Enfo Zipper
Christoffer Andersson – Principal Advisor
http://blogs.chrisse.se - Directory Services Blog
Similar Messages
-
Error with ADC on Azure dcdiag report failed test Advertising
ever since I built an ADC on azure for my domain I am getting the below errors on dcdiag
Starting test: Advertising
Warning: DsGetDcName returned information for \\V2DC.V2.COM, when we
were trying to reach V2-ADC02.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
......................... V2-ADC02 failed test Advertising
Unable to connect to the NETLOGON share! (\\V2-ADC02\netlogon)
[V2-ADC02] An net use or LsaPolicy operation failed with error 67,
The network name cannot be found..
......................... V2-ADC02 failed test NetLogonsI just gave it some time and the error is gone looks like replication over the internet was slower than I thought
-
DCDiag: SERVER6 failed test Advertising
This is one of quite a few errors I get after running a dcdiag on this particular domain controller:
Testing server: Default-First-Site-Name\SERVER6
Starting test: Advertising
Warning: DsGetDcName returned information for
\\server5.domain.local,
when we were trying to reach SERVER6.
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE.
Anyone know what might be going on here? Why is information being returned for server5 instead of server6?Hi,
The error message SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE could be caused by that sysvol and netlogon share are not available.
Here are some suggestions for you:
Please open CMD then run "net share" command to confirm if they are shared successfully.
Make sure that needed ports for AD replication are not blocked in both directions and each DC has one IP address and one NIC card.
Make sure both DCs point to your DNS servers correctly. In addition, you can run ipconfig /registerdns and restart netlogon on each DC to re-register DNS records.
More detailed information, please refer to following threads:
SERVER IS NOT RESPONDING or IS NOT CONSIDERED SUITABLE ......................... ad2008R2 failed test Advertising
http://social.technet.microsoft.com/Forums/windowsserver/en-US/6713c55f-0bc5-4d74-a18b-b867ccc9d059/server-is-not-responding-or-is-not-considered-suitable-ad2008r2-failed?forum=winserverDS
Failed Advertising Test
http://social.technet.microsoft.com/Forums/windowsserver/en-US/831c58de-003b-4b9d-9da4-7f3d992e74c6/failed-advertising-test?forum=winservergen
Best Regards,
Erin -
Failed test VerifyEnterpriseReferences
Hello,
DCDiag is failing at "VerifyEnterpriseReferences". Any assistance on this would be greatly appreciated, thanks!
Please see full details of error below:
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=AUCHMAIL1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=auchconstruction,DC=com
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=AUCHMAIL1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=auchconstruction,DC=com
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article Q312862
......................... AUCHFILE01 failed test VerifyEnterpriseReferencesI have found the solution.
The server (AUCHMAIL1) was removed awhile back, but the reference to the server still remained in ADSI. I deleted the old server entry via ADSIedit.msc (Domain -> DC -> CN=System -> CN=File Replication Service -> CN=Domain System Volume (SYSVOL
share) -> CN=AUCHMAIL1) and confirmed no further errors thrown against 'VerifyEnterpriseReferences' during a DCDIAG. -
Dears,
I have deployed my new DCs in all of my sites, then I have done with below:
Moved FSMO roles to new DCs
Configured bridgehead servers
Remove check box of GC from my old DCs
Make sure that my new DCs are GCs
I configure all my DCs, Servers, and Clients TCP/IP DNS settings to use my new DCs
My DCs does not include encrypted data
Now I need to test my environment for 10 days, while my old DCs are shutdown.
I shutdown my old DCs, I run the command: "dcdiag /test:dns" and it fail.
So how should I test my environment while my old DCs are shutdown?>>>So how should I test my environment while my old DCs are shutdown?
DCDiag will fail (you will see error message) if you haven't completed the metadata cleanup. So you can ignore these errors. Why do you need to keep these DCs down?
Anyway, here are some high level steps:
http://social.technet.microsoft.com/wiki/contents/articles/2903.active-directory-active-directory-upgrade-high-level-steps.aspx
Santhosh Sivarajan | Houston, TX | www.sivarajan.com
ITIL,MCITP,MCTS,MCSE (W2K3/W2K/NT4),MCSA(W2K3/W2K/MSG),Network+,CCNA
Windows Server 2012 Book - Migrating from 2008 to Windows Server 2012
Blogs: Blogs
Twitter: Twitter
LinkedIn: LinkedIn
Facebook: Facebook
Microsoft Virtual Academy:
Microsoft Virtual Academy
This posting is provided AS IS with no warranties, and confers no rights.
I found no information about how to shutdown your old DCs and test the environment without impacting any single user. -
Dcdiag dns checks failing on external update attempt
It does sound like you're using an external DNS on that server instead of the internal ones.
While preparing to demote a DC I ran dcdiag and it's failing while attempting to register records in our external dns server at rackspace. I can only assume that since we use the same domain externally, and for AD, that the domain controller is seeing rackspace as authoritative and attempting to create the test records there. Has anyone seen this behavior before? It's never been a problem until now, and this issue did not appear in the logs when I demoted another DC earlier tonight.
Log:TextAn error event occurred. EventID: 0x0000168E Time Generated: 11/15/2010 15:37:52 Event String: The dynamic registration of the DNS record 'ForestDnsZones.contoso.com. 600 IN A 192.168.1.234' failed on the following DNS server: The DNS server it goes on to list is the public IP of our rackspace DNS.There are many of these errors listed as it attempts...
This topic first appeared in the Spiceworks Community -
Hi there, I am in the process of upgrading our DCs, and am making sure things in the AD are clean, but when I run dcdiag, I receive the following error:
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... LEDC01 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Error Event occured. EventID: 0xC00034F7
Time Generated: 01/16/2015 09:04:22
(Event String could not be retrieved)
......................... LEDC01 failed test frsevent
I have cleared the System event log, but the issue still persists. Any ideas what I should be trying next?Hi,
In addition, here are more troubleshooting articles below for you:
How To Troubleshoot the File Replication Service in Windows Server 2003
http://support.microsoft.com/kb/327341
Troubleshooting FRS
http://technet.microsoft.com/en-us/library/cc962209.aspx
Best Regards,
Amy
Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
w2k8 domain with two DCs - this error is present.
initially we had issues with initial synchronization of the directory by we logged a call with MS and they address a registry entry that bypassed the initial syncronization, but I can still see the errors below and a client not registering in DNS sue to no permissions.
canyou advise what can I do to get rid of this error:
Log Name: Directory Service
Source: Microsoft-Windows-ActiveDirectory_DomainService
Date: 28/10/2009 18:54:04
Event ID: 2088
Task Category: DS RPC Client
Level: Warning
Keywords: Classic
User: ANONYMOUS LOGON
Computer: olivia.domain.com
Description:
Active Directory Domain Services could not use DNS to resolve the IP address of the source domain controller listed below. To maintain the consistency of Security groups, group policy, users and computers and their passwords, Active Directory Domain Services successfully replicated using the NetBIOS or fully qualified computer name of the source domain controller.
Invalid DNS configuration may be affecting other essential operations on member computers, domain controllers or application servers in this Active Directory Domain Services forest, including logon authentication or access to network resources.
You should immediately resolve this DNS configuration error so that this domain controller can resolve the IP address of the source domain controller using DNS.
Alternate server name:
katie
Failing DNS host name:
60c35a20-978b-4e86-9751-e65d9e584e76._msdcs.domain.com
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
Registry Path:
HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client
User Action:
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
dcdiag /test:dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
dcdiag /test:dns
5) For further analysis of DNS error failures see KB 824449:
http://support.microsoft.com/?kbid=824449
Additional Data
Error value:
11001 No such host is known.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-ActiveDirectory_DomainService" Guid="{0e8478c5-3605-4e8c-8497-1e730c959516}" EventSourceName="NTDS General" />
<EventID Qualifiers="32768">2088</EventID>
<Version>0</Version>
<Level>3</Level>
<Task>22</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2009-10-28T18:54:04.390Z" />
<EventRecordID>179247</EventRecordID>
<Correlation />
<Execution ProcessID="700" ThreadID="920" />
<Channel>Directory Service</Channel>
<Computer>olivia.domain.com</Computer>
<Security UserID="S-1-5-7" />
</System>
<EventData>
<Data>katie</Data>
<Data>60c35a20-978b-4e86-9751-e65d9e584e76._msdcs.domain.com</Data>
<Data>11001</Data>
<Data>No such host is known.</Data>
<Data>System\CurrentControlSet\Services\NTDS\Diagnostics</Data>
<Data>22 DS RPC Client</Data>
</EventData>
</Event>
C:\Users\secadmin>net view \\katie
Shared resources at \\katie
Share name Type Used as Comment
dfs Disk
NETLOGON Disk Logon server share
SYSVOL Disk Logon server share
The command completed successfully.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = olivia
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: NorthwayHouse\OLIVIA
Starting test: Connectivity
......................... OLIVIA passed test Connectivity
Doing primary tests
Testing server: NorthwayHouse\OLIVIA
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... OLIVIA passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : domain
Running enterprise tests on : domain.com
Starting test: DNS
Test results for domain controllers:
DC: olivia.domain.com
Domain: domain.com
TEST: Basic (Basc)
Warning: The AAAA record for this DC was not found
TEST: Delegations (Del)
Error: DNS server: katie.domain.com. IP:10.30.0.2
[Broken delegated domain domain.com.domain.com.]
Error: DNS server: olivia.domain.com. IP:10.30.0.1
[Broken delegated domain domain.com.domain.com.]
TEST: Dynamic update (Dyn)
Warning: Failed to delete the test record _dcdiag_test_record in zone domain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 CT Network Connection:
Warning:
Missing AAAA record at DNS server 10.30.0.1:
olivia.domain.com
Warning:
Missing AAAA record at DNS server 10.30.0.1:
gc._msdcs.domain.com
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.30.0.1 (olivia.domain.com.)
1 test failure on this DNS server
DNS server: 10.30.0.2 (katie.domain.com.)
1 test failure on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.com
olivia PASS WARN PASS FAIL WARN WARN n/a
......................... domain.com failed test DNSThanks Isaac, but unfortunately this issue persists and I am still getting that error for the client failing to register in dns
I have made the changes as suggested and the output of dcdiag is below as well as the events, which may be relevant
Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 29/10/2009 09:42:42
Event ID: 4011
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: olivia.domain.com
Description:
The DNS server was unable to add or write an update of domain name alexis in zone domain.com to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0". The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="49152">4011</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-29T09:42:42.000Z" />
<EventRecordID>377</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>olivia.domain.com</Computer>
<Security />
</System>
<EventData Name="DNS_EVENT_DS_WRITE_FAILED">
<Data Name="param1">alexis</Data>
<Data Name="param2">domain.com</Data>
<Data Name="param3">00002098: SecErr: DSID-03150E8A, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0</Data>
<Binary>05000000</Binary>
</EventData>
</Event>
Event Type: Warning
Event Source: DnsApi
Event Category: None
Event ID: 11165
Date: 29/10/2009
Time: 09:32:42
User: N/A
Computer: ALEXIS
Description:
The system failed to register host (A) resource records (RRs) for network adapter
with settings:
Adapter Name : {9C8B441A-8831-4B60-8470-D7D3982B3471}
Host Name : alexis
Primary Domain Suffix : domain.com
DNS server list :
10.30.0.1, 10.30.0.2
Sent update to server : 10.30.0.1
IP Address(es) :
10.0.0.167
The reason the system could not register these RRs was because the DNS server contacted refused the update request. The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.
To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = olivia
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: NorthwayHouse\OLIVIA
Starting test: Connectivity
......................... OLIVIA passed test Connectivity
Doing primary tests
Testing server: NorthwayHouse\OLIVIA
Starting test: Advertising
......................... OLIVIA passed test Advertising
Starting test: FrsEvent
......................... OLIVIA passed test FrsEvent
Starting test: DFSREvent
......................... OLIVIA passed test DFSREvent
Starting test: SysVolCheck
......................... OLIVIA passed test SysVolCheck
Starting test: KccEvent
......................... OLIVIA passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... OLIVIA passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... OLIVIA passed test MachineAccount
Starting test: NCSecDesc
......................... OLIVIA passed test NCSecDesc
Starting test: NetLogons
[OLIVIA] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... OLIVIA failed test NetLogons
Starting test: ObjectsReplicated
......................... OLIVIA passed test ObjectsReplicated
Starting test: Replications
[Replications Check,OLIVIA] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Win32 Error 8453"
......................... OLIVIA failed test Replications
Starting test: RidManager
......................... OLIVIA passed test RidManager
Starting test: Services
Could not open NTDS Service on OLIVIA, error 0x5 "Win32 Error 5"
......................... OLIVIA failed test Services
Starting test: SystemLog
An Error Event occurred. EventID: 0x000016AD
Time Generated: 10/29/2009 08:58:30
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/29/2009 09:24:33
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/29/2009 09:24:34
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0x00000457
Time Generated: 10/29/2009 09:24:36
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:34:42
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:03
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:04
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:06
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:10
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:11
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:32
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:35:53
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:36:15
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:36:36
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:36:57
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:37:18
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:37:39
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:00
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:21
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:42
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:43
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:44
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:45
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:38:46
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:39:07
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:39:28
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:39:49
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
An Error Event occurred. EventID: 0xC0002719
Time Generated: 10/29/2009 09:40:10
EvtFormatMessage failed, error 15100 Win32 Error 15100.
(Event String (event log = System) could not be retrieved, error
0x3afc)
......................... OLIVIA failed test SystemLog
Starting test: VerifyReferences
......................... OLIVIA passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Running enterprise tests on : domain.com
Starting test: LocatorCheck
......................... domain.com passed test LocatorCheck
Starting test: Intersite
......................... domain.com passed test Intersite -
DCDIAG Result A net user or LsaPolicy failed with error 67
I have looked through all the similar posts and have ran an Authoritative and UnAthroativte process. This allowed my SYSVOL to replicate and come back. I still keep getting this error on the one DC. Everything else passes fine. I am pulling my hair out
if anyone has had this problem please help. Also this is a Server 2012 R2 DCHi Mike,
Before going further, how did you do the Sysvol restore? What’s our Sysvol replication mechanism, FRS or DFSR?
If our Sysvol replication mechanism is FRS, we need to do an authoritative (D4) restore on a healthy DC and non-authoritative (D2) restore on other DCs.
Regarding this point, the following thread and article can be referred to for more information.
[DC2] An net use or LsaPolicy operation failed with error 67 - Moving AD from 2003R2 to Server 2012
http://social.technet.microsoft.com/Forums/en-US/401f7023-9ef1-4dc7-94f4-f59a74b49d65/dc2-an-net-use-or-lsapolicy-operation-failed-with-error-67-moving-ad-from-2003r2-to-server-2012?forum=winserverDS
Using the BurFlags registry key to reinitialize File Replication Service replica sets
http://support.microsoft.com/kb/290762/en-us
If our Sysvol replication mechanism is DFSR, we can follow the article below to do the Sysvol restore.
How to force an authoritative and non-authoritative synchronization for DFSR-replicated SYSVOL (like "D4/D2" for FRS)
http://support.microsoft.com/kb/2218556/en-us
Best regards,
Frank Shen -
Hello all-
I am currently trying to configure group policy (specifically folder redirects) from a new Windows Server 2008 in my home... the server acts as both an AD DS and file server for 4 client computers, all running Windows Vista Ultimate.
Here are the steps I am currently taking:
I create a new Group Policy called All Users and Computers and apply it to the All Users and Computers OU, which contains exactly what it says (all users and computers in the domain).
I verify that a new folder was created in \\<FQDN>\sysvol\<FQDN>\Policies. The new folder created is named {6479C8E0-3134-4B4F-B047-7ADD51684684}
I change the GPO Enforced setting to Enforced.
I attempt to use the gpupdate command to see if the group policy can be updated successfully. In a command prompt, I type gpupdate <enter>. I receive the message 'Updating Policy...' then after about 15 seconds the message 'User Policy update has completed successfully.'
I keep the cmd window open. After about 10 seconds another message apperas which says "Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed. Windows attempted to read the file \\<FQDN>\sysvol\<FQDN>\Policies\{6AC1786C-016F-11D2-945F-00C04Fb984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
To diagnose the failure, review the event log or invoke gpmc.msc to access information about Group Policy results."
I confirm that the error code is #3 using the Event Log, "The system cannot find the file specificed"
Of course the system cannot find the file specified because the folder does not exist in the sysvol folder. I am wondering why Windows is trying to read from this location when it does not exist, and is not the new group policy I created! I have no other group policies linked or enforced to any other OU/Domain/etc. Any help resolving this issue would be greatly appreciated.Hello all and thanks for the help. First a few things:
I understand that the DC should not be running RRAS, but this a simple server being used in aa home environment by 4 users and getting another server just for RRAS would be overkill.
Secondly, I currently have it so that while the router is handling DHCP, I have reserved a fixed IP for the server, so it always has 192.168.1.100. If I were to use the server as the DHCP, what would my hardware configuration have to look like? I currently have the router plugged into the ISP modem, and then server plugged into the router. All other clients connect to the router wirelessly.
Here's the dcdiag output. I tried dcdiag /fix but to no avail.
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine KELLERDCFS, is a Directory Server.
Home Server = KELLERDCFS
* Connecting to directory service on server KELLERDCFS.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=keller-pa,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... KELLERDCFS passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\KELLERDCFS
Starting test: Advertising
The DC KELLERDCFS is advertising itself as a DC and having a DS.
The DC KELLERDCFS is advertising as an LDAP server
The DC KELLERDCFS is advertising as having a writeable directory
The DC KELLERDCFS is advertising as a Key Distribution Center
The DC KELLERDCFS is advertising as a time server
The DS KELLERDCFS is advertising as a GC.
......................... KELLERDCFS passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does not exist.
......................... KELLERDCFS passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... KELLERDCFS passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... KELLERDCFS passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... KELLERDCFS passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Domain Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role PDC Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Rid Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
Role Infrastructure Update Owner = CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
......................... KELLERDCFS passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC KELLERDCFS on DC KELLERDCFS.
* SPN found :LDAP/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :LDAP/KELLERDCFS.keller-pa.net
* SPN found :LDAP/KELLERDCFS
* SPN found :LDAP/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :LDAP/42268b36-801f-4a6d-b162-34f3b01e04bb._msdcs.keller-pa.net
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42268b36-801f-4a6d-b162-34f3b01e04bb/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net/keller-pa.net
* SPN found :HOST/KELLERDCFS.keller-pa.net
* SPN found :HOST/KELLERDCFS
* SPN found :HOST/KELLERDCFS.keller-pa.net/KELLER-PA
* SPN found :GC/KELLERDCFS.keller-pa.net/keller-pa.net
......................... KELLERDCFS passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC KELLERDCFS.
* Security Permissions Check for
DC=ForestDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=keller-pa,DC=net
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=keller-pa,DC=net
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=keller-pa,DC=net
(Configuration,Version 3)
* Security Permissions Check for
DC=keller-pa,DC=net
(Domain,Version 3)
......................... KELLERDCFS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\KELLERDCFS\netlogon
Verified share \\KELLERDCFS\sysvol
......................... KELLERDCFS passed test NetLogons
Starting test: ObjectsReplicated
KELLERDCFS is in domain DC=keller-pa,DC=net
Checking for CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net in domain DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net in domain CN=Configuration,DC=keller-pa,DC=net on 1 servers
Object is up-to-date on all servers.
......................... KELLERDCFS passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... KELLERDCFS passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* KELLERDCFS.keller-pa.net is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1111
......................... KELLERDCFS passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... KELLERDCFS passed test Services
Starting test: SystemLog
* The System Event log test
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:53:59
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 17:59:02
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:04:04
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:09:06
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:14:08
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:19:10
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:24:12
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:29:15
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:34:17
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:39:19
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
An Error Event occurred. EventID: 0x00000422
Time Generated: 07/07/2009 18:49:23
Event String:
The processing of Group Policy failed. Windows attempted to read the file \\keller-pa.net\sysvol\keller-pa.net\Policies\{6AC1786C-016F-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) The Distributed File System (DFS) client has been disabled.
......................... KELLERDCFS failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=KELLERDCFS,OU=Domain Controllers,DC=keller-pa,DC=net and backlink
on
CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
The system object reference (serverReferenceBL)
CN=KELLERDCFS,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=keller-pa,DC=net
and backlink on
CN=NTDS Settings,CN=KELLERDCFS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=keller-pa,DC=net
are correct.
......................... KELLERDCFS passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : keller-pa
Starting test: CheckSDRefDom
......................... keller-pa passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... keller-pa passed test CrossRefValidation
Running enterprise tests on : keller-pa.net
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
PDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
KDC Name: \\KELLERDCFS.keller-pa.net
Locator Flags: 0xe00013fd
......................... keller-pa.net passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... keller-pa.net passed test Intersite
Here's the nslookup from Vista client:
Microsoft Windows [Version 6.0.6001]
Copyright (c) 2006 Microsoft Corporation. All rights reserved.
C:\Users\Andrew>nslookup KELLERDCFS
Server: UnKnown
Address: 192.168.1.100
Name: KELLERDCFS.keller-pa.net
Addresses: 192.168.1.150
192.168.1.100
C:\Users\Andrew>
Thanks again! -
I work for a university and teach IT courses to undergrad and graduate students. The details below are pertaining an isolated lab environment
I had a storage failure in my lab and the DCs became corrupt. This is a university lab environment so there isn't anything crucial on here. I just would rather avoid rebuilding the domain/forest and would rather use this as a learning experience with my
students...
So after the storage failed and was restored, the VMs hosted became corrupt. I did a NTDSUTIL to basically repair the NDTS.dit file but one of my DCs reverted to a state before DC promotion. Naturally, the domain still had this object in AD. After numerous
failed attempts at trying to reinstall the DC on the server through the server manager wizard in 2012 R2, I decided that a metadata cleanup of the old failed object was necessary.
Utilizing this article, I removed all references of the failed DC from both AD and DNS (http://www.petri.com/delete_failed_dcs_from_ad.htm)
So now that the failed object is removed completely from the domain and the metadata cleanup was successful, I then proceeded to re-install the necessary AD DS role on the server and re-promote to the existing domain. Pre-Requisites pass but generate some
warning around DNS Delgation, and Dynamic Updates (delegation is ignored because the lab is isolated from external comms, and dynamic updates are in fact enabled on both my _msdcs and root domain zones).
Upon the promotion process, I get the following error message (also worth mentioning - the account performing these operations is a member of DA, EA, and Schema Admins)
The operation failed because:
Active Directory Domain Services could not create the NTDS Settings object for this Active Directory Domain Controller CN=NTDS Settings,CN=domainVMDC1,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu on the remote AD DC domainVMDC2. Ensure the provided network credentials have sufficient permissions.
"While processing a change to the DNS Host Name for an object, the Service Principal Name values could not be kept in sync."
As you can see, this error seems odd considering. Now that I'm down to a single DC and DNS server, the sync should be corrected. I've run a repadmin /syncall and it completed successfully. Since then, I've run dcdiags and dumped those to a text as well and
here are my results...
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = domainVMDC2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
......................... domainVMDC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Advertising
......................... domainVMDC2 passed test Advertising
Starting test: FrsEvent
......................... domainVMDC2 passed test FrsEvent
Starting test: DFSREvent
......................... domainVMDC2 passed test DFSREvent
Starting test: SysVolCheck
......................... domainVMDC2 passed test SysVolCheck
Starting test: KccEvent
......................... domainVMDC2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... domainVMDC2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... domainVMDC2 passed test MachineAccount
Starting test: NCSecDesc
......................... domainVMDC2 passed test NCSecDesc
Starting test: NetLogons
......................... domainVMDC2 passed test NetLogons
Starting test: ObjectsReplicated
......................... domainVMDC2 passed test ObjectsReplicated
Starting test: Replications
......................... domainVMDC2 passed test Replications
Starting test: RidManager
......................... domainVMDC2 passed test RidManager
Starting test: Services
......................... domainVMDC2 passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x00001795
Time Generated: 12/18/2014 00:35:03
Event String:
The program lsass.exe, with the assigned process ID 476, could not authenticate locally by using the target name ldap/domainvmdc2.domain.school.edu. The target name used is not valid. A target name should
refer to one of the local computer names, for example, the DNS host name.
......................... domainVMDC2 passed test SystemLog
Starting test: VerifyReferences
......................... domainVMDC2 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=ForestDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=3098109a-ff99-41d4-8926-0e814ac8efde,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... ForestDnsZones failed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(DC=DomainDnsZones,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=2f0b8ac0-2630-441a-891f-b5fcb91498a8,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... DomainDnsZones failed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Schema,CN=Configuration,DC=domain,DC=school,DC=edu) we
encountered the following error retrieving the cross-ref's
(CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Schema failed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition
(CN=Configuration,DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... Configuration failed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
For the partition (DC=domain,DC=school,DC=edu) we encountered
the following error retrieving the cross-ref's
(CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=school,DC=edu)
information:
LDAP Error 0x52e (1326).
......................... domain failed test CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: LocatorCheck
......................... domain.school.edu passed test
LocatorCheck
Starting test: Intersite
......................... domain.school.edu passed test Intersite
From what I can gather, there is a definite DNS issue but I don't have any stale records to the old DC stored anywhere. I've tried this with a new server as well and get similar errors...
At this rate I'm ready to rebuild the entire forest over again. I'm just reluctant to do so as I want to make this a learning experience for the students.
Any help would be greatly appreciated. Thanks!As you can see, there seems to be some errors. The one that I did correct was the one around the _msdcs NS record being unable to resolve. For whatever, reason the name wasn't resolving the IP but all other NS tabs and records were. Just that one _msdcs
sub-zone. Furthermore, the mentioning of any connections to root hint servers can be viewed as false positives. There is no external comms to this lab so no communication with outside IPs can be expected. Lastly, they mentioned a connectivity issue yet mention
that I should check the firewall settings. All three profiles are disabled in Windows Firewall (as they have been the entire time). Thank you in advance for your help!
C:\Windows\system32>dcdiag /test:dns /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine domainVMDC2, is a Directory Server.
Home Server = domainVMDC2
* Connecting to directory service on server domainVMDC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=domainVMDC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=school,DC=edu
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\domainVMDC2
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
could not be resolved to an IP address. Check the DNS server, DHCP,
server name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... domainVMDC2 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\domainVMDC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... domainVMDC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : domain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : domain.school.edu
Starting test: DNS
Test results for domain controllers:
DC: domainVMDC2
Domain: domain.school.edu
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No LDAP connectivity
The OS
Microsoft Windows Server 2012 R2 Datacenter (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] vmxnet3 Ethernet Adapter:
MAC address is 00:50:56:A2:2C:24
IP Address is static
IP address: *.*.100.26
DNS servers:
*.*.100.26 (domainVMDC2) [Valid]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid (unreachable)]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid (unreachable)]
Name: d.root-servers.net. IP: 199.7.91.13 [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid (unreachable)]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid (unreachable)]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid (unreachable)]
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
TEST: Delegations (Del)
Delegation information for the zone: domain.school.edu.
Delegated domain name: _msdcs.domain.school.edu.
Error: DNS server: domainvmdc2. IP:<Unavailable>
[Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone domain.school.edu
Warning: Failed to delete the test record dcdiag-test-record in zone domain.school.edu
[Error details: 13 (Type: Win32 - Description: The data is invalid.)]
TEST: Records registration (RReg)
Network Adapter [00000010] vmxnet3 Ethernet Adapter:
Matching CNAME record found at DNS server *.*.100.26:
3a38b19c-4bb3-4542-acb6-9e5e97cc15c4._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.a9241004-88ea-422d-a71e-df7b622f0d68.domains._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._udp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kpasswd._tcp.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_kerberos._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_gc._tcp.Default-First-Site-Name._sites.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.domain.school.edu
Matching SRV record found at DNS server *.*.100.26:
_ldap._tcp.pdc._msdcs.domain.school.edu
Error: Record registrations cannot be found for all the network
adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.83.42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.83.42
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 199.7.91.13 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 199.7.91.13
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: *.*.100.26 (domainVMDC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: domain.school.edu
domainVMDC2 PASS FAIL FAIL FAIL WARN FAIL n/a
......................... domain.school.edu failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite -
Secondary DNS failing to redirect clients when Primary DNS goes down
I have a single domain with two Windows 2008 servers, DC1 (physical) and DC2 (virtual). Both servers run DNS and are GC servers, and the entire domain is on the same subnet (192.168.0.x).
All clients on the network are configured to use DC1 as primary DNS, DC2 as secondary DNS.
DHCP is enabled only on DC1. (This might be part of the issue, not sure).
The problem is that when DC1 goes down for a reboot or repair, we lose access to the internet from our clients. Trying to pull up any website results in a "Page cannot be displayed" error. DC2 is available during this time and can be
pinged from any client but does not resolve DNS requests, even if I specify it as the primary DNS server on one of my workstations. However I can log on to DC2 locally and browse the web.
Here are the results of a DCdiag /dnsall from DC2 (I bolded areas of concern):
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server DC2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\DC2
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... DC2 passed test DNS
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : mydomain
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : mydomain.com
Starting test: DNS
Test results for domain controllers:
DC: DC2.mydomain.com
Domain: mydomain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard
(Service Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 MT Network Connection:
MAC address is 00:0C:29:91:59:68
IP Address is static
IP address: 192.168.0.249
DNS servers:
192.168.0.105 (DC1.mydomain.com.) [Valid]
127.0.0.1 (DC2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.) - mydomain.com]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.105 (DC1.mydomain.com.) [Valid]
192.168.0.7 (<name unavailable>) [Invalid (unreachable)]
Error: Forwarders list has invalid forwarder: 192.168.0.7 (<name unavailable>)
TEST: Delegations (Del)
Delegation information for the zone: mydomain.com.
Delegated domain name: _msdcs.mydomain.com.
DNS server: DC1.mydomain.com. IP:192.168.0.105 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone mydomain.com
Test record _dcdiag_test_record deleted successfully in zone mydomain.com
TEST: Records registration (RReg)
Network Adapter
[00000006] Intel(R) PRO/1000 MT Network Connection:
Matching CNAME record found at DNS server 192.168.0.105:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.105:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.105:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.105:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Matching CNAME record found at DNS server 192.168.0.249:
a32fcfbd-16bb-4697-a23d-20fc3b8c274c._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
DC2.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
DC2.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.ac09921d-4553-475e-b25c-059742ac0552.domains._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._udp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kpasswd._tcp.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching
SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_kerberos._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.gc._msdcs.mydomain.com
Matching A record found at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
Warning:
Missing AAAA record at DNS server 192.168.0.249:
gc._msdcs.mydomain.com
[Error details: 9501 (Type: Win32 - Description: No records found for given DNS query.)]
Matching SRV record found at DNS server 192.168.0.249:
_gc._tcp.Default-First-Site-Name._sites.mydomain.com
Matching SRV record found at DNS server 192.168.0.249:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.mydomain.com
Warning: Record Registrations not found in some network adapters
TEST: External name resolution (Ext)
Internet name www.microsoft.com was resolved successfully
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.0.7 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.7
[Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 192.168.0.105 (DC1.mydomain.com.)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS delegation for the domain _msdcs.mydomain.com. is operational on IP 192.168.0.105
DNS server: 192.168.0.249 (DC2)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: mydomain.com
DC2
PASS WARN FAIL PASS PASS WARN PASS
......................... mydomain.com failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: IntersiteLooks like it may be trying to forward to a machine that's down (DC1 and another 192.168.0.7) and root hints aren't available.
Check out this article:
http://technet.microsoft.com/en-us/library/ff807391(v=ws.10).aspx
See if you can enable DNS access through the firewall to the Internet if it's not already available. Try to match whatever forwarder settings are on DC1, or remove them entirely and let the server resolve DNS from Internet root servers. Alternativly,
you could change your forwarder to a public DNS server you have access to, your ISP should supply this or you could test with something common like 4.2.2.2.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Hello -
I ran a simple DCDIAG with no switches and the errors below came back, I'm not sure how to fix these errors. Please help, I'd sure appreciate any guidance as to what the errors mean and how to go about fixing them.
See errors below:
Starting test: SystemLog
An Warning Event occurred. EventID: 0x80001795
Time Generated: 04/10/2014 12:52:35
Event String:
The program w3wp.exe, with the assigned process ID 7684, could not authenticate locally by using the target name HTTP/remote.legacyhc.com. The target name used is not valid. A target
name should refer to one of the local computer names, for example, the DNS host name.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 12:53:17
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 12:58:22
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:03:27
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:08:31
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:13:37
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:18:41
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:23:45
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:28:51
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:33:55
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:38:59
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 04/10/2014 13:42:34
Event String:
DCOM was unable to communicate with the computer 208.67.220.220 using any of the configured protocols.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 04/10/2014 13:42:56
Event String:
DCOM was unable to communicate with the computer 208.67.222.222 using any of the configured protocols.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 04/10/2014 13:43:17
Event String:
DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols.
An Error Event occurred. EventID: 0xC0002719
Time Generated: 04/10/2014 13:43:38
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.
An Warning Event occurred. EventID: 0x0000043D
Time Generated: 04/10/2014 13:44:05
Event String:
Windows failed to apply the Group Policy Registry settings. Group Policy Registry settings might have its own log file. Please click on the "More information" link.
......................... LEGACYDC failed test SystemLog
Starting test: Topology
......................... LEGACYDC passed test Topology
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=PETERSONDC1,OU=Domain Controllers,DC=legacyhc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=EVANSTONDC,OU=Domain Controllers,DC=legacyhc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[3] Problem: Missing Expected Value
Base Object:
CN=LAGRANGE-VDC,OU=Domain Controllers,DC=legacyhc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[4] Problem: Missing Expected Value
Base Object:
CN=ARLINGTON-VDC,OU=Domain Controllers,DC=legacyhc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[5] Problem: Missing Expected Value
Base Object:
CN=AURORA-VDC,OU=Domain Controllers,DC=legacyhc,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: msDFSR-ComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
LDAP Error 0x5e (94) - No result present in message.
......................... LEGACYDC failed testThe note above is correct, the IPs in your DCDIAG are all public DNS servers:
208.67.220.220 and 208.67.222.222 are OpenDNS
8.8.8.8 and 8.8.4.4 are Google's DNS servers
The KB article that is referenced is calling out deleted FRS objects, so you may have some corruption in your AD environment.
I would take a look at the DNS, FRS, and other AD related logs and see what is there. Hopefully you have a recent backup that you can recover with if needed.
Although it is possible the issue is that your account does not have the rights to run the dcdiag. The event logs should have additional details that help. -
"[DBNETLIB] Login failed for user '(null)'. Reason: Not associated with a trusted SQL Server connection"
After patches applied on patch Tuesday the database reports the above error.
All accounts are domain accounts and SQLServer uses Windows auth.
DCDIAG show no errors
All servers and DC have been restarted,
Message in db log confirms the connection is being denied due to trust.
Event log shows same rejection
Protocols enabled: named pipes, tcpip, memory
TESTS:
PortQry: "
TCP port 1433 (ms-sql-s service): LISTENING"
Connect with domain admin accounts works from multiple clients systems to DB.
Cannot connect with newly created domain admin account
Can connect if new admin account connect to server in terminal server session and uses UDL wizard or any other tool including isql.
New standard user also fails to connect.
NOTES:
I removed the SSL patch and the IE security update to see if that was an issue.
¯\_(ツ)_/¯Has someone left the company or has an account of some nature been dropped/replaced?
Please click "Mark As Answer" if my post helped. Tony C.
Hi Tony,
Srry but No. We just installed the monthly updates.
I went back and found I had missed removing a patch. I missed the rollup for Windows Server 2003:
Event Type: Information
Event Source: NtServicePack
Event Category: None
Event ID: 4382
Date: 3/12/2015
Time: 12:26:04 PM
User: NETTEST\admin
Computer: DATA1
Description:
Windows Server 2003 KB954920 was removed from your computer, and the previous Windows Server 2003 configuration was restored.
After I removed that is still didn't work but after about five minutes it started working.
I guess I ned to report that to MS after I research what might be changed to make the patch work.
Every time I get stuck and ask for help it seems to be just before I stumble on the solution.
Thanks for replying.
Well - maybe this will help someone else.
Thanks again for replying Tony
¯\_(ツ)_/¯ -
I_NetLogonControl failed: Status = 5 0x5 ERROR_ACCESS_DENIED
I have a single DC on a single domain that is both a PDC and DNS server. Windows Server 2012. This is the only DC. I cannot join new PC's to domain. I am getting DNS could not resolve to domain controller. The new pc's can resolve by name to DC. Also
the existing PC's are take 5 minutes or more to get to the desk after cred's are put in. This just started happening.
I am getting netlogon errors. 5774. Any Idea's ?
mputer: AD_SERVER.Oakwood2.local
Description:
The dynamic registration of the DNS record '_kerberos._tcp.Default-First-Site._sites.dc._msdcs.Oakxxx.local. 600 IN SRV 0 100 88 AD_SERVER.Oakxxx.local.' failed on the following DNS server:
DNS server IP address: 192.168.x.x
Returned Response Code (RCODE): 0
Returned Status Code: 10054
For computers and users to locate this domain controller, this record must be registered in DNS.
USER ACTION
Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support
Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA
Error Value: An existing connection was forcibly closed by the remote host.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="NETLOGON" />
<EventID Qualifiers="0">5774</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2015-02-02T13:29:23.000000000Z" />
<EventRecordID>33628</EventRecordID>
<Channel>System</Channel>
<Computer>AD_SERVER.Oakxxxx2.local</Computer>
<Security />
</System>
<EventData>
<Data>_kerberos._tcp.Default-First-Site._sites.dc._msdcs.Oakwood2.local. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.</Data>
<Data>%%10054</Data>
<Data>192.168.x.x</Data>
<Data>0</Data>
<Data>10054</Data>
<Binary>0000</Binary>
</EventData>
</Event>DCDiag output
Event String:
The dynamic registration of the DNS record '_ldap._tcp.gc._msdcs.Oak
ood2.local. 600 IN SRV 0 100 3268 AD_SERVER.Oakwood2.local.' failed on the foll
wing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Default-First
Site._sites.gc._msdcs.Oakwood2.local. 600 IN SRV 0 100 3268 AD_SERVER.Oakwood2.
ocal.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.7bf443d4-45db
433e-93e6-299481dca2ae.domains._msdcs.Oakwood2.local. 600 IN SRV 0 100 389 AD_S
RVER.Oakwood2.local.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '30817a07-f15f-4daa-a2ab-
6bc6e4b909c._msdcs.Oakwood2.local. 600 IN CNAME AD_SERVER.Oakwood2.local.' fail
d on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.dc._msdcs
Oakwood2.local. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.' failed on the fo
lowing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.Default-F
rst-Site._sites.dc._msdcs.Oakwood2.local. 600 IN SRV 0 100 88 AD_SERVER.Oakwood
.local.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.dc._msdcs.Oak
ood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwood2.local.' failed on the follo
ing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Default-First
Site._sites.dc._msdcs.Oakwood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwood2.l
cal.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.Oakwood2.
ocal. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.' failed on the following DN
server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kerberos._tcp.Default-F
rst-Site._sites.Oakwood2.local. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.'
ailed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_gc._tcp.Oakwood2.local.
600 IN SRV 0 100 3268 AD_SERVER.Oakwood2.local.' failed on the following DNS se
ver:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_gc._tcp.Default-First-S
te._sites.Oakwood2.local. 600 IN SRV 0 100 3268 AD_SERVER.Oakwood2.local.' fail
d on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kerberos._udp.Oakwood2.
ocal. 600 IN SRV 0 100 88 AD_SERVER.Oakwood2.local.' failed on the following DN
server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kpasswd._tcp.Oakwood2.l
cal. 600 IN SRV 0 100 464 AD_SERVER.Oakwood2.local.' failed on the following DN
server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_kpasswd._udp.Oakwood2.l
cal. 600 IN SRV 0 100 464 AD_SERVER.Oakwood2.local.' failed on the following DN
server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.ForestDnsZone
.Oakwood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwood2.local.' failed on the
ollowing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Default-First
Site._sites.ForestDnsZones.Oakwood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwo
d2.local.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.DomainDnsZone
.Oakwood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwood2.local.' failed on the
ollowing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.Default-First
Site._sites.DomainDnsZones.Oakwood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwo
d2.local.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record '_ldap._tcp.pdc._msdcs.Oa
wood2.local. 600 IN SRV 0 100 389 AD_SERVER.Oakwood2.local.' failed on the foll
wing DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record 'Oakwood2.local. 600 IN A
192.168.60.14' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record 'gc._msdcs.Oakwood2.local
600 IN A 192.168.60.14' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record 'ForestDnsZones.Oakwood2.
ocal. 600 IN A 192.168.60.14' failed on the following DNS server:
An error event occurred. EventID: 0x0000168E
Time Generated: 02/02/2015 11:07:58
Event String:
The dynamic registration of the DNS record 'DomainDnsZones.Oakwood2.
ocal. 600 IN A 192.168.60.14' failed on the following DNS server:
......................... AD_SERVER failed test SystemLog
Starting test: VerifyReferences
......................... AD_SERVER passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : Oakwood2
Starting test: CheckSDRefDom
......................... Oakwood2 passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Oakwood2 passed test CrossRefValidation
Running enterprise tests on : Oakwood2.local
Starting test: LocatorCheck
......................... Oakwood2.local passed test LocatorCheck
Starting test: Intersite
......................... Oakwood2.local passed test Intersite
Maybe you are looking for
-
My Itouch wont let me sync to new pc
My Ipod touch, will not let me sync to new pc itunes, without refreshing ipod. Any alternatives?
-
From database to drop down box
Hi all, Suppose I have the following String query ="Select name, number from Person"; I want to put all the "names" in a drop down box and all the "numbers" in a separate drop down box. When I do this: while(rs.next()){ <select="person" onchange="sho
-
Facing a problem from printing in SAP
Hi All in SP02 when i am doing printing, i am not able to view the format option in some of the specific output device type how to get back my format option. please advise. Thanks & Regards K.Gunasekar Edited by: guna sekar on Nov 25, 2008 4:41 AM
-
I have a need to view the entire tag text that will be read aloud to screen readers. If I look at the tag panel, for instance at a P tag, there it will contains something like "This is some sample text that..." I want to see all the text, not just
-
HT4098 i was charged for an itune i didn't purchase
I was charged for an itune that I didn't purchase, how do I go about getting a refund? How do I keep this from happening again, this is the second time its happened.