DNS Scavenging - Which Record are scavenged?
I am about to enable scavenging in a domain that has never had scavenging enabled properly. There are hundreds of records with old time stamps. We have done our due diligence in researching records to disable deleting the old record if it has
an old time stamp. Previous admin's would let a server grab a DHCP server and then static IP the DHCP address.
I know that Event ID 2501 will give me a summary of how many records were scavenged. I seem to remember that (its been a while since I have been in a mess like this), there is a way to get a list/log of the records that were scavenged. I hope
we have all the records set, but I the first scavenging period may be painful.
Is there a way to get a list of each record that was scavenged?
You might want to setup DHCP credentials and add the DHCP server to the DnsUpdateProxy group. This way it will update the IP of the host instead of creating another one.
And you really don't want to go below 24 hours with a lease, because technically scavenging is in multiple of days. And you must set the scavenging NOREFRESH and REFRESH values
combined to be equal or greater than the DHCP Lease length.
DHCP DNS Update summary:
- Configure DHCP Credentials.
The credentials only need to be a plain-Jane, non-administrator, user account.
But give it a really strong password.
- Set DHCP to update everything, whether the clients can or cannot.
- Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
- Add the DHCP server(s) computer account to the Active Directory, Built-In DnsUpdateProxy security group.
Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group.
For example, some folks believe that the DNS servers or other DCs not be
running DHCP should be in it.
They must be removed or it won't work.
Make sure that NO user accounts are in that group, either.
(I hope that's crystal clear - you would be surprised how many
will respond asking if the DHCP credentials should be in this group.)
- On Windows 2008 R2 or newer, DISABLE Name Protection.
- If DHCP is co-located on a Windows 2008 R2, Windows 2012, Windows 2012 R2,
or NEWER DC, you can and must secure the DnsUpdateProxy group by running
the following command:
dnscmd /config /OpenAclOnProxyUpdates 0
- Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway.
- Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
More info:
This blog covers the following:
DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM 3758 2
http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
I also recommend reviewing the discussion in the link below:
Technet thread: "DNS Scavenging "
https://social.technet.microsoft.com/Forums/windowsserver/en-US/334973fd-52b4-49fc-b1d8-9403a9481392/dns-scavenging
Some other things to keep in mind with registration and ownership to help eliminate duplicate DNS host records registered by DHCP:
=====================================================
1. By default, Windows 2000 and newer statically configured machines will
register their own A record (hostname) and PTR (reverse entry) into DNS.
2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
(reverse entry) record.
3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
Note: "This is a modified configuration supported for DHCP servers
running Windows Server 2008 and DHCP clients. In this mode,
the DHCP server always performs updates of the client's FQDN,
leased IP address information, and both its host (A) and
pointer (PTR) resource records, regardless of whether the
client has requested to perform its own updates."
Quoted from, and more info on this, see:
http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
4. The entity that registers the record in DNS, owns the record.
Note "With secure dynamic update, only the computers and users you specify
in an ACL can create or modify dnsNode objects within the zone.
By default, the ACL gives Create permission to all members of the
Authenticated User group, the group of all authenticated computers
and users in an Active Directory forest. This means that any
authenticated user or computer can create a new object in the zone.
Also by default, the creator owns the new object and is given full control of it."
Quoted from, and more info on this:
http://technet.microsoft.com/en-us/library/cc961412.aspx
=====================================================
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Similar Messages
-
Hi,
Archiving Database Schema states that in the tables SessionDetails and Conferences tables, the column 'SessionIdTime'
holds datetime value at which session request is captured by Archiving service.
But, is there any order in which the records are stored in the db?
Say, a session 'S1' starts at 1:00 PM and another session 'S2' starts at 1:05PM. 'S2' ends at 1:10 PM and 'S1' is still on going. I have observed that on ending the session the record is written to DB, so is it possible that details of session S2 is written
in db prior to 'S1'?
Is there any way to query these tables, in the order in which the records are stored?
Thanks and Regards,
ArjabhHi,
You can export records that have been stored in the Lync Server Archiving database with the following cmdlet in the link using Lync server manageshell.
http://technet.microsoft.com/en-us/library/gg398452.aspx
You need to write a SQL query/view or report server report to display the information.
More details:
http://blogs.technet.com/b/dodeitte/archive/2013/06/02/sample-lync-server-archiving-report-available.aspx
For the issue about “is there any order in which the records are stored in the db?” you can post a case to SQL forum and more experts will help to verify the issue.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
How can I filter which records are displayed in my dynamic table?
I have what I think is probably an easy question for anyone
who is experienced with PHP/MySQL and Dreamweaver (which I am not).
I have a website where users login, and then have access to
their homepage which displays a dynamic table of all of the records
that they have inserted into a database (this page also has a link
to the form where they submit a record). However, right now I can
only get to display all records that have been inserted instead of
only the ones that they have inserted (which is what I want). How
can I accomplish this?
I already have a session variable, 'MM_username', which
allows me to bind the user_ID to anything I need to, and when a
user inserts a record, their 'user_ID' is already inserted into a
column in that record for that table, so I'd like to display the
dynamic table in a way that filters it out so it only shows the
records that match the logged-in user's 'user_ID'.
I've tried to use the filter function in the recordset dialog
box, nut I just can't get it to work correctly. Any help on this
would be much appreciated!I already tried that. I set the table to filter out and
display only the records that match the landlord ID to the session
variable(which I named 'Landlord_ID' not 'MM_username ' like I said
earlier). When I tried to simply insert the session variable into
the page just to see what data would show up, the result is just a
blank space, so the session variable itself apparently has no data
value to echo in the PHP form.
Because of that, I have no idea how to tell dreamweaver to
filter based on the Landlord_ID, even though I CAN echo the
landlord ID variable in the recordset, I can't figure out how to
put that runtime value in the filter. -
Log which records are exported?
Hello,
On 11G:
I'm using datapump to keep 2 databases in sync. When exporting data with expdp the query-parameter is used to filter data from the tables - not all data need to be synced all the time.
Now I'm wondering if there is any way to log the number of exported records within the database in some kind of log table. Or to set some flag on every record touched by expdp. How could I achieve any of these?
Thanks,
StephanI had a look now at Streams and Change Data Capture ... and this made me thinking, if creating a database link between those databases wouldn't be an option after all. Previously I planned to send files over ssh - which does creat some overhead. But if i manage to setup a database link through ssh ... this would make data exchange so much easier. And then I even might be using the features you proposed ...
cheers,
stephan -
DNS records are not 100% correct
For a while now we've been noticing that some DNS records are not correct. The records are pointing to incorrect IP addresses. One by one I open the record, update the IP, then replicate across all domain controllers.
What would cause the hostname of one machine to point to another IP address?I believe what you're seeing is from DHCP-DNS registration. You may have duplicates, or incorrect data for records that can't be updated by DHCP service or the DHCP client due to permissions on the record. You may also not have scavenging in place.
In summary:
Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. But give it a really strong password.
Set DHCP to update everything, whether the clients can or cannot.
Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group. Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it.
They must be removed or it won't work. Make sure that NO user accounts are in that group, either. (I hope that's crystal clear - you would be surprised how many will respond asking if the DHCP credentials should be in this group.)
On Windows 2008 R2 or newer, DISABLE Name Protection.
If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
dnscmd /config /OpenAclOnProxyUpdates 0
Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway. Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
For specifics and step by steps, and good discussions on what's going on in the background and what to expect:
DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
Good summary
How Dynamic DNS behaves with multiple DHCP servers on the same Domain?
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/e9d13327-ee75-4622-a3c7-459554319a27
Another good Summary:
Thread: "DNS problem" December 18, 2013
http://social.technet.microsoft.com/Forums/windowsserver/en-US/37b8b6b3-6cb1-496c-8492-09ded13bab18/dns-problem?forum=winserverNIS
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights. -
so we currently have three domain controllers set up, two of them on 2012r2 and one of them on 2008r2. prior to any of these domain controllers being added to the domain there was only one, running on 2003r2. the 2003r2 server was up and running when the
first 2012r2 was added and that's when running 'dcdiag /e /c /v' would yield an issue with "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local" in the DNS portion of the diagnostics, specifically:
TEST: Records registration (RReg)
Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
Error:
Missing SRV record at DNS server 192.168.22.4:
_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local
after adding the second 2012r2 to the domain, this issue is still there... adding the 2008r2 server to the domain and running BPA it gives the following:
Title:
This domain controller must register a DNS SRV resource record, which is required for replication to function correctly
Severity:
Error
Date:
7/3/2014 11:24:48 AM
Category:
Configuration
Issue:
The "DcByGuid" DNS service (SRV) resource record that advertises this server as an available domain controller in the domain and ensures correct replication is not registered. All domain controllers (but not RODCs) in the domain must register this record.
Impact:
Other member computers and domain controllers in the domain or forest will not be able to locate this domain controller. This domain controller will not be able to provide a full suite of services.
Resolution:
Ensure that "DcByGuid" is not configured in the "DnsAvoidRegisteredRecords" list, either through Group Policy or through the registry. Restart the Netlogon service. Verify that the DNS service (SRV) resource record "_ldap._tcp.9a5f3c17-e7ac-48f7-ab42-bf1ea621a6f5.domains._msdcs.cmedia.local", pointing to the local domain controller "CM-DC4-NY01.cmedia.local", is registered in DNS.
More information about this best practice and detailed resolution procedures: http://go.microsoft.com/fwlink/?LinkId=126968
I've tried scanning and then re-scanning every single entry in DNS Manager and do not see any reference to this specific GUID mentioned, nor do I see any other domain controllers referenced that should not be in there. The two 2012r2 and the 2008r2 domain
controllers are the only ones listed in DNS Manager... the 2003r2 mentioned earlier failed and was removed.Just to chime in, I noticed that you said you have one 2008 R2 DC, and two 2012 DCs.
I also noticed in the ipconfig /all that all DCs are pointint to themselves for DNS. We usually like to see them point to a partner, then itslelf as the second entry, w hether loopback or by its own IP.
Based on that, what I suggest to level the playing field by choosing the WIndows 2008 R2 DC as the first DNS on all DCs and only administer DNS using that DC. The reason I chose that is because of the least common denominator is what we rather use so we
don't invoke any new features in the newer 2012 DNS console that 2008 R2 may not understand. After that's done, on each DC run (and you can use a PowerShell window to run this):
Rename the system32\config\netlogon.dns and netlogon.dnb files by suffixing ".old" to the file.
ipconfig /registerdns
net stop netlogon
net start netlogon
Then re-run the dcdiag /e /c /v.
Post your results, please.
Ace Fekay
MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
I thought the DNS entries were supposed to be the other way around? point to themselves first and a partner as secondary? regardless, as requested, I've changed it to what you've prescribed where they point to the 2008r2 server as the primary with themselves
as the secondary. I've also followed the steps to what seems like refreshing the DNS? on each of the DCs. Here's the output from dcdiag /e /c /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine CM-DC1-NY01, is a Directory Server.
Home Server = CM-DC1-NY01
* Connecting to directory service on server CM-DC1-NY01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory
=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia
,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=cmedia,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=nt
DSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=cmedia,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC1-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC3-NY01 passed test Connectivity
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... CM-DC4-NY01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\CM-DC1-NY01
Starting test: Advertising
The DC CM-DC1-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC1-NY01 is advertising as an LDAP server
The DC CM-DC1-NY01 is advertising as having a writeable directory
The DC CM-DC1-NY01 is advertising as a Key Distribution Center
The DC CM-DC1-NY01 is advertising as a time server
The DS CM-DC1-NY01 is advertising as a GC.
......................... CM-DC1-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
[CM-DC1-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC1-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC1-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC1-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC1-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC1-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC1-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC1-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC1-NY01.cmedia.local
* SPN found :LDAP/CM-DC1-NY01
* SPN found :LDAP/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :LDAP/a29d12f1-2869-44bf-8e43-adf7ddf33865._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a29d12f1-2869-44bf-8e43-adf7ddf33865/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC1-NY01.cmedia.local
* SPN found :HOST/CM-DC1-NY01
* SPN found :HOST/CM-DC1-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC1-NY01.cmedia.local/cmedia.local
......................... CM-DC1-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC1-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC1-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC1-NY01\netlogon
Verified share \\CM-DC1-NY01\sysvol
......................... CM-DC1-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC1-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC1-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC1-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC1-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4609 to 5108
* rIDPreviousAllocationPool is 4609 to 5108
* rIDNextRID: 4629
......................... CM-DC1-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC1-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
A warning event occurred. EventID: 0x0000002F
Time Generated: 07/08/2014 13:19:14
Event String:
Time Provider NtpClient: No valid response has been received from manually configured peer 0.ca.pool.ntp.org
after 8 attempts to contact it. This peer will be discarded as a time source and NtpClient will attempt to discover a n
ew peer with this DNS name. The error was: The peer is unreachable.
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC1-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC1-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC1-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC1-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC1-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC1-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC1-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC3-NY01
Starting test: Advertising
The DC CM-DC3-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC3-NY01 is advertising as an LDAP server
The DC CM-DC3-NY01 is advertising as having a writeable directory
The DC CM-DC3-NY01 is advertising as a Key Distribution Center
The DC CM-DC3-NY01 is advertising as a time server
The DS CM-DC3-NY01 is advertising as a GC.
......................... CM-DC3-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC3-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC3-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC3-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC3-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC3-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC3-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC3-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC3-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC3-NY01 on DC CM-DC3-NY01.
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC3-NY01.cmedia.local
* SPN found :LDAP/CM-DC3-NY01
* SPN found :LDAP/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :LDAP/5e9d1971-39ca-484c-922d-411c2364c96e._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/5e9d1971-39ca-484c-922d-411c2364c96e/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC3-NY01.cmedia.local
* SPN found :HOST/CM-DC3-NY01
* SPN found :HOST/CM-DC3-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC3-NY01.cmedia.local/cmedia.local
......................... CM-DC3-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC3-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC3-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC3-NY01\netlogon
Verified share \\CM-DC3-NY01\sysvol
......................... CM-DC3-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC3-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC3-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC3-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC3-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15109 to 15608
* rIDPreviousAllocationPool is 15109 to 15608
* rIDNextRID: 15110
......................... CM-DC3-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC3-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC3-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC3-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC3-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC3-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC3-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC3-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC3-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC3-NY01 passed test VerifyReplicas
Testing server: Default-First-Site-Name\CM-DC4-NY01
Starting test: Advertising
The DC CM-DC4-NY01 is advertising itself as a DC and having a DS.
The DC CM-DC4-NY01 is advertising as an LDAP server
The DC CM-DC4-NY01 is advertising as having a writeable directory
The DC CM-DC4-NY01 is advertising as a Key Distribution Center
The DC CM-DC4-NY01 is advertising as a time server
The DS CM-DC4-NY01 is advertising as a GC.
......................... CM-DC4-NY01 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC CM-DC1-NY01 for domain cmedia.local in site Default-First-Site-Name
Checking machine account for DC CM-DC4-NY01 on DC CM-DC1-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 2 servers
Object is up-to-date on all servers.
[CM-DC4-NY01] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... CM-DC4-NY01 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... CM-DC4-NY01 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... CM-DC4-NY01 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... CM-DC4-NY01 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... CM-DC4-NY01 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role Domain Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=cmedia,DC=local
Role PDC Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Rid Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configur
ation,DC=cmedia,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=CM-DC1-NY01,CN=Servers,CN=Default-First-Site-Name,CN
=Sites,CN=Configuration,DC=cmedia,DC=local
......................... CM-DC4-NY01 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC CM-DC4-NY01 on DC CM-DC4-NY01.
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :LDAP/CM-DC4-NY01.cmedia.local
* SPN found :LDAP/CM-DC4-NY01
* SPN found :LDAP/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :LDAP/37830012-1f10-43c9-a0ff-2a0e8a912187._msdcs.cmedia.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/37830012-1f10-43c9-a0ff-2a0e8a912187/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia.local
* SPN found :HOST/CM-DC4-NY01.cmedia.local
* SPN found :HOST/CM-DC4-NY01
* SPN found :HOST/CM-DC4-NY01.cmedia.local/cmedia
* SPN found :GC/CM-DC4-NY01.cmedia.local/cmedia.local
......................... CM-DC4-NY01 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC CM-DC4-NY01.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=cmedia,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=cmedia,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=cmedia,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=cmedia,DC=local
(Domain,Version 3)
......................... CM-DC4-NY01 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\CM-DC4-NY01\netlogon
Verified share \\CM-DC4-NY01\sysvol
......................... CM-DC4-NY01 passed test NetLogons
Starting test: ObjectsReplicated
CM-DC4-NY01 is in domain DC=cmedia,DC=local
Checking for CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local in domain DC=cmedia,DC=local o
n 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuratio
n,DC=cmedia,DC=local in domain CN=Configuration,DC=cmedia,DC=local on 3 servers
Object is up-to-date on all servers.
......................... CM-DC4-NY01 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... CM-DC4-NY01 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=cmedia,DC=local
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's
no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... CM-DC4-NY01 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 16109 to 1073741823
* CM-DC1-NY01.cmedia.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 15609 to 16108
* rIDPreviousAllocationPool is 15609 to 16108
* rIDNextRID: 15609
......................... CM-DC4-NY01 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... CM-DC4-NY01 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... CM-DC4-NY01 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=cmedia,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... CM-DC4-NY01 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... CM-DC4-NY01 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local
and backlink on
CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cmedia,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on
CN=NTDS Settings,CN=CM-DC4-NY01,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=chiefmed
ia,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=CM-DC4-NY01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=cmedia,D
C=local
and backlink on CN=CM-DC4-NY01,OU=Domain Controllers,DC=cmedia,DC=local are correct.
......................... CM-DC4-NY01 passed test VerifyReferences
Starting test: VerifyReplicas
......................... CM-DC4-NY01 passed test VerifyReplicas -
Records are missing in the File which XI has placed in Target FTP server
Hi All,
I have a scenario where in XI is transfering the files from ECC to Target System . No transformation required here . I am using AAE to run this scenario.
Issue i am facing here is that i can see few records missing in the File which XI had placed in the Target system FTP server . Same file if i check it in archive folder of ECC (which XI has archived after picking the file), complete set of records are present for the same file.
Need your inputs please....
Note : XI is using AAE to transfer the files and no mapping . Also i tried to check out the audit logs in the channel monitoring . Unforutanely i was not able to see the logs to check the bytes that was transferred while readng and writing the file . Sometimes i have faced audit logs issue in PI 7.1
Regards
Vinay P.Please use temporary name scheme
http://help.sap.com/saphelp_nwpi711/helpdata/en/44/6830e67f2a6d12e10000000a1553f6/content.htm
hope this helps
regards
Ninad -
ADF: controlling the order in which VO records are inserted
All,
in an ADF BC project, we have some complex MD insert pages that add records to master and detail tables at the same time. The application sits on top of CDM RuleFrame, which exposes the datamodel as DB views with instead-of triggers and adds (Designer) a few nifty things like auto-populated PK fields. Sad enough, we can't use these auto-generated PKs as the 'refresh after insert' settings in an EO work with a RETURNING clause, which is not supported for instead-of triggers. This means we'll have to find the PK sequences ourselves from the EOs and populate these fields ourselves, before committing to the database. So far so good, but things go wrong when we want to insert master and detail at the same time. The PK and FK of the child record are already filled in at insert time (which is nice) but for some reason the child records get inserted before the parents, resulting in an error on the FK as the parent record does not yet exist (which is not nice).
So, here's the question: is there a way to control the order in which new VO records are inserted ? On what is the default order based (maybe a little renaming could help us out to get the alphabet our way) ?
We know defining the FKs as 'initially deferred' will make sure they are only checked at commit time, but our DBA prefers to not use that solution unless strictly necessary. (is there anything bad about deferred keys why we should believe him? ;o) )
And additionally, is there a way around all this manual PK-fetching ? We've tried using the refresh(int refreshMode) method of EntityImpl, but it didn't seem to work.
Many thanks in advance for your tips, suggestions and solutiosn !
Best regards,
Benjamin De BoeBenjamin,
To handle the problem with the child/parent records being inserted in the wrong order - have a read of the Oracle ADF Developer's Guide for Forms/4GL developers, section 26.7. I use that technique with great success.
John -
Recording which articles are being read
I want to create a cloud tag of popular topics
What i need to work out
1. How to record which articles are being read
2. How to display these in a tag cloud
3. Then when a user clicks on a tag - all the articles which
similar
tag are displayed
What i have done so far (how am i going?)
Db called tags
Tables
tag, article title, article url, article description
# each article has a few different tags
e.g
article for preventing std has the following tags
std, sex, safe sex, HIV
# the article itself doesnt exist in the database as i read
this
wasn't good for SEO. so the article itself exists on a static
page.
I have close to 100 medicla articles and add about 4 or 5 a
month
so i would love to get this working to save me time and
effort.
Many thanks
Mark Holloway
coordinator
www.healthhokkaido.comHave been using this code from the pete frei tutorial - cloud
tags -. It is working fine.
In the case of my database, each article has 3 tags
associated.
So there are 3 fields as opposed to 1 from which to count the
tags.
How could I adjust the code to take accountfor this?
Also I am a begineer so if you had the time to provide a
short explanation that would also be great.
<cfquery datasource="cart" name="tags">
SELECT COUNT(tag) AS tagCount, tag
FROM list
GROUP BY tag
</cfquery>
<cfset tagValueArray =
ListToArray(ValueList(tags.tagCount))>
<cfset max = ArrayMax(tagValueArray)>
<cfset min = ArrayMin(tagValueArray)>
<cfset diff = max - min>
<cfset distribution = diff / 3>
<style type="text/css">
<!--
.smallestTag { font-size: xx-small; }
.smallTag { font-size: small; }
.mediumTag { font-size: medium; }
.largeTag { font-size: large; }
.largestTag { font-size: xx-large; }
-->
</style>
<cfoutput query="tags">
<cfif tags.tagCount EQ min>
<cfset class="smallestTag">
<cfelseif tags.tagCount EQ max>
<cfset class="largestTag">
<cfelseif tags.tagCount GT (min + (distribution*2))>
<cfset class="largeTag">
<cfelseif tags.tagCount GT (min + distribution)>
<cfset class="mediumTag">
<cfelse>
<cfset class="smallTag">
</cfif>
<a href="/tag/#tags.tag#"
class="#class#">#tags.tag#</a>
</cfoutput> -
Which objects are recorded in a TBOM?
Hello all,
In a dynamic recording of the TBOM for the BPCA, what level of objects is recorded? For example, does it capture every field on the screen? Does it capture a field even if the user recording it does not click onto that field? Does it record fields in tabs that the user did not view?
We are trying to figure out how detailed we have to be in recording these TBOMs to catch the information we want.
Thanks,
MicheleHi Michele,
Please have in mind that during the dynamic TBOM creation all objects
that are executed/touched during the execution of the transaction are
recorded. You can look at which objects are in the TBOM by cklicking on
the 'Display TBOM content' icon on the TBOM screen in the project.
You can also check whether TBOMS for your project have
been recorded.
You can do this in transaction SOLAR_EVAL by executing the report
'Test -> Business Process Change Analyzer - TBOM Analyzer' for
your project.
The following document explains all necessary steps for BPCA in detail:
https://websmp107.sap-ag.de/~sapidb/011000358700000932192009E
Kind regards,
Fabricius -
Which emails are returned in a POP3 session
Hi,
I want to implement a POP3 email client to download messages from exchange server (using C#.Net).
After a POP3 connection is made, STAT command tells the count of messages available. Messages can be downloaded in that session using the sequence numbers. I want to know how POP3 service determines which messages are NEW for which client.
Suppose two clients (one mobile and one desktop application) connect to POP3 server. Mobile client downloads some messages. Now when desktop client connects to POP3 server, how will POP3 server determine which messages are new for this session (it should
also return the messages which were downloaded by mobile client).
I looked a lot in documentation, but didn't found anything in this regard. Please help.
Regards,
Rajiv
RajivHello,
To get the number of the Record from the begining of the file, you may use the RECNUM parameter in the External Table definition:
http://download.oracle.com/docs/cd/B19306_01/server.102/b14215/ldr_field_list.htm#sthref1264
You define a Column:
<column_name> RECNUMThen, in your Query, you may use the ORDER operator to this column.
By that way, you ensure to always respect the Record order in the file.
Hope this help.
Best regards,
Jean-Valentin -
Validate whether all the records are present in the list before writing
Hi,
I have the below code:-
List<CustomerVO> custlist = new ArrayList<CustomerVO>();
for (CustomerVO customerVO : custlist) {
try {
saveRecord(customerVO);
} catch (Exception e) {
custlist.add(customerVO);
if(){ // Here i need to compare whether all the records in the list are processed and there is no more records
// if so i wrire the all the error details at once by calling the writeErrorDetails
writeErrorDetails(frbVOlist);
Here in the if block I need compare whether all the records in the list are processed and there is no more records to process ,
if so write all the error details at once by calling the writeErrorDetails in the .TXT file.
The problem here is, how i will know whether the all the records are processed from the custList, so that I can write all of then atonce.
If the If conditional block is not there, then for each record failure a separate .txt file will be created. Hence if there are 4 failed records
then 4 .txt error file will be generated. Which should be avoided and i want to write all the 4 failed records in a single .txt file.
Hence, what may be the If condition i need to check from the list whether all the records are processed. Please , let me know your opinion.
Thanks.797836 wrote:
List<CustomerVO> custlist = new ArrayList<CustomerVO>();
for (CustomerVO customerVO : custlist) {
try {
saveRecord(customerVO);
} catch (Exception e) {Look at the following statement in the catch block.
custlist.add(customerVO);Is this correct? Why are you adding the faild record to the custlist again? I think, it should be like,
frbVOlist.add(customerVO);
if(){ // Here i need to compare whether all the records in the list are processed and there is no more records
// if so i wrire the all the error details at once by calling the writeErrorDetails
writeErrorDetails(frbVOlist);
}Call the writeErrorDetails(frbVOlist) after the end of the for loop by checking the size of the frbVOlist > 0. -
Data Records are missing in between while loading from R/3 (ECC) to BI.
Dear Experts,
I have created a custom DataSource on Custom Function Module. This datasource contains 600 fields. (I know its a monster and splitting options are thinner).
1) Validate the data using RSA3 in R/3 and showed the correct record count.
2) Validate the data by debugging the FM, still showed the correct record count.
But while loading from R/3 to BI, records are missing.
Various Scenarios load from R/3 to BI:
1a) Loaded full load (78000 records) with all default data transfer settings. PSA showed up with 72000 records (missing 6000) only. Compared the Idocs vs data packets, both reconciled.
1b) Loaded full load (78000) with modified settings (15000 KB / data packet). PSA showed up with 74000 records (missing 4000) only.
2a) Loaded with selection parameters (took a small chunk) (7000 records) with default data transfer settings. PSA showed up only 5000 records (missing 2000).
2b) Loaded with selection parameters (7000 records) with modified settings (15000 KB / data packet). PSA showed up all 7000 records.
3a) Loaded with selection parameters (took further small chunk) (4000 records). PSA showed up all records regardless data transfer settings.
Also please look at this piece of code from the function module,
IF l_wa_interface-isource = 'ZBI_ARD_TRANS'.
l_package_size = l_wa_interface-maxsize DIV 60.
ENDIF.
I really appreciate your advise or help in this regard.
Thanks much,
AnilHi,
Which module u want?
if its SD(for example)
steps>>
1>In AWB goto "business content"
2> goto "Info provider"
3>Under infoarea select SD cubes
4> Drag related cubes and ODS to right panel
5> Set the grouping option "In Data flow before&afterwards"
6>Install the collected objects
Go to R/3
7> Use Tcode RSA5 Transfer all regarding SD module datasources
Goto BW
8> Right click on the source system "Replicate datasources"
[DataSources|http://help.sap.com/saphelp_nw70/helpdata/en/3c/7b88408bc0bb4de10000000a1550b0/frameset.htm]
Edited by: Obily on Jul 10, 2008 8:36 AM -
Authorizations for which transactions are required in BW?
Hi,
Can any ony please give some information regarding
Authorizations for which transactions are required in BW Production Support?
Regards,
AryanHi Aryan,
Authorizations for the following transactions are required in BW
1. RSA1
2. SM37
3. ST22
4. ST04
5. SE38
6. SE37
7. SM12
8. RSKC
9. SM51
10. RSRV
11.RSPC
13.RSMON
The Process Chain Maintenance (transaction RSPC) is used to define, change and view process chains.
Upload Monitor (transaction RSMO or RSRQ (if the request is known)
The Workload Monitor (transaction ST03) shows important overall key performance indicators (KPIs) for the system performance
The OS Monitor (transaction ST06) gives you an overview on the current CPU, memory, I/O and network load on an application server instance.
The database monitor (transaction ST04) checks important performance indicators in the database, such as database size, database buffer quality and database indices.
The SQL trace (transaction ST05) records all activities on the database and enables you to check long runtimes on a DB table or several similar accesses to the same data.
The ABAP runtime analysis (transaction SE30)
The Cache Monitor (accessible with transaction RSRCACHE or from RSRT) shows among other things the cache size and the currently cached queries. The Export/Import Shared buffer determines the cache size; it should be at least 40MB.
****Assign Points If Helpful****
Regards,
Ravikanth -
How to determine which elements are queryable via Web Services QueryPage
I am trying to query opportunities by associated opportunity product revenue records, but I continue to receive errors like "Unexpected text: = '9598015'".
From reviewing the forums, it looks like this is when I am querying a field that is not defined to be queryable.
Could someone please tell me how to determine which fields are queryable on a particular record type like this? I have tried using basic short text fields and indexed short text fields - but continue to receive the error message above.
Thanks in advance.I found at least partial answers to my questions.
MessageContext.getPropertyNames() can be used to see the properties on a given flow.
MessageContext.getProperty(prop) can be used to get information for paroperties such as:
prop=javax.xml.rpc.service.endpoint.address
prop=wsdl.portName
-- Frank
Maybe you are looking for
-
How to delete preferences in Motion 5.1.1
Just thought I'd share this. I saw a post on fcp.co that they had introduced a way to delete the preferences for FCP in the latest update. I looked it up, and Motion 5.1.1 now has the same option. If you hold down Command+Option when launching the a
-
SQL not working as Concurrent Program
Hi I have the following sql pl/sql script which when I run in TOAD, works fine and successfully updates the custom tables declare v_position_id number; v_curr_org_id number; v_new_org_id number; begin select pos.position_id into v_position_id from xx
-
Hi, May I know if there is a difference between statistical posting (like F-38 statistical posting and F-19 for reversal statistical) and noted item (F-47). I know that noted item only create 1 line and able to track in line item display whereas stat
-
Good afternoon, I'm looking to build/create an inexpensive two node cluster. I have a SLES11SP1 server that is running XEN as a virtual hosting server, I run about five servers in a virtual environment. I have three USB drives set up to host my Guest
-
OLTP and OLAP databases on same SQL Server?
Would you put OLTP and OLAP databases on same SQL Server or separate? I realize the ideal would be separate, but that means 2 expensive licenses instead of 1. Most of our OLTP stuff happens during the day while OLTP processing happens at night (so g