SCOM 2012 R2 Domain Functional Requirement
Hi
We are planning to deploy SCOM 2012 R2 in our environment. We are running Windows 2012 AD and have Domain and Forest functional levels of
Windows Server 2012 R2. The Environmental prerequisites stated on Technet article
http://technet.microsoft.com/en-us/library/hh487285.aspx under section "Domain Functional Level", following description is provided:
Windows Server Active Directory can operate at different functional levels. These levels are distinguished by the version of the Windows Server operating system that is permitted on the domain controllers present in the domain. System Center 2012 – Operations
Manager requires that the domain functional level be Windows 2000 native, Windows Server 2003 interim, Windows Server 2003, or Windows Server 2008. The domain functional level of Windows Server 2008 R2 is also supported (for the SP1 version of System Center
2012 – Operations Manager, Windows Server 2008 R2 SP1 and Windows Server 2012 are supported). For System Center 2012 – Operations Manager to function properly, you must check the domain functional level and raise it to the appropriate version.
This description does not includes Domain Functional Level of Windows Server 2012 R2.
Does SCOM 2012 R2 supports domain and forest functional levels of Windows Server 2012 R2?
Thanks
Taranjeet Singh
zamn
Yes.
I has a SCOM 2012 R2 deploy in domain with forest and domain functional levels of Windows Server 2012 R2 and it work fine. Moreover, SCOM monitoring is more depend on kerberos encrpytion of data transfer rather than functional level.
Roger
Similar Messages
-
Is there a matrix showing the difference with features of agent vs. agentless in SCOM 2012?
Is there a matrix showing the difference with features of agent vs. agentless in SCOM 2012?
Agent monitoring requires an agent installation on the target machine
Agentless monitoring
An agentless-managed computer is a Windows-based computer that is discovered by using the Operations console. You assign an management server or agent-managed computer to provide remote (proxy) agent functionality for the computers.
Agentless-managed computers are managed as if there is an agent installed on them. Not all management packs work in agentless mode.
Agentless versus Agent-based server monitoring
http://thwack.solarwinds.com/community/solarwinds-community/geek-speak_tht/blog/2013/02/11/agentless-versus-agent-based-server-monitoring
Roger -
Hyper-v 2012 R2 Live migration issue in 2003 Domain function Level
hi Team ,
i recently build 2012 R2 Hyper-v Cluster with three node. Everrything working fine with out any issue . Cluster working also fine. Later i came across one issue when tried to Live migration virtual machine from one host to another . it failed all the time
while quick migration is working . i gone through few articles and find it is known issue with hyper-v 2012 R2 where domain functional level is set to 2003 . although they have provided Hotfix but no solution.
http://support.microsoft.com/kb/2838043
Please let me know if any one face similar issue and able to resolve by any hotfix. My host are updated .
Thanks
Ravindra
RaviHi Ravi1987,
The KB2838043 is applied for Server 2012 node, Could you offer us the related cluster error event id, or you can refer the following article to check your cluster
network binding order is correct or not.
Configuring Windows Failover Cluster Networks
http://blogs.technet.com/b/askcore/archive/2014/02/20/configuring-windows-failover-cluster-networks.aspx
You can try to install recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters first, then monitor this issue again.
The KB download:
Recommended hotfixes and updates for Windows Server 2012 R2-based failover clusters
http://support.microsoft.com/kb/2920151
More information:
Windows Server 2008 R2 Live Migration – “The devil may be in the networking details.”
http://blogs.technet.com/b/askcore/archive/2009/12/10/windows-server-2008-r2-live-migration-the-devil-may-be-in-the-networking-details.aspx
I’m glad to be of help to you! -
SCOM 2012 R2 Hardware Requirements
Hi,
I am trying to work out what specification machines to use for a deployment of SCOM 2012 R2. I have searched on this forum, online generally and used the sizing guide but its all a bit vague. The sizing guide spat out the result below but as you can see
it makes no mention of CPU speeds or server HDD space apart from the DW server which says 300GB. The sizing wizard also spat out 14.43GB for the Ops DB and 427.45GB for the DW DB based on managing 600 servers, no network devices or applications.
Minimum Hardware Recommendation:
Role: (Total: 2) (1) management server managing up to 1000 agents, plus (1) management server for HA, managing up to 10 SDK users total
Hardware:
• 4 disk RAID 10
• 16 GB RAM
• 4 Cores
Role: Operations Database Server
Hardware:
• 6 disk RAID 10 (Data)
• 2 disk RAID 1 (Log)
• 16 GB RAM
• 4 Cores
Role: Operations Data Warehouse Server
Hardware:
• 12 disk RAID 10 (Data) (300 GB)
• 2 disk RAID 1 (Log)
• 16 GB RAM
• 4 Cores
Role: Web Console Server & SQL Server Reporting Services Server
Hardware:
• 2 disk RAID 1
• 8 GB RAM
• 4 Cores
I have also seen in the documentation that the management servers only require 1024MB of free space on the System Drive, that seems a bit overkill to have that spread across 4 disks at RAID 10. With regards to the DW disk requirements does it really need
300GB on 12 disk RAID 10 plus the 427.45GB for the Data Warehouse?
If someone could possibly clear this up I would be extremely grateful.
SYour 4 cores CPU have met the requirement. SCOM does not use CPU resource much.
Juke Chou
TechNet Community Support -
Domain Functional Level: 2008 R2 to 2012 R2
My current forest and domain functional levels are 2008 R2. I know I can safely upgrade the functional levels in most cases, but I want to specifically know with regards to Lync.
Our entire environment, including Lync, is running on Windows Server 2012 R2. (We have no domain joined clients.)
Can I safely raise the forest and domain functional levels to 2012 R2 without impacting Lync?you can easily upgrade the funtional level without any issues since you have all the Domain Controllers on Win server 2008R2.
http://support2.microsoft.com/kb/2869728/en-us
For more details : Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
pankaj(MCT) -
AD Integration: 1 Forest containing 2 Domains - Run Accounts/Profiles (SCOM 2012)
I know there are plenty of threads on AD integration & Run As accounts\Profiles, but none quite answering my scenario...so here goes.
1 Forest containing 2 domains -
abc.com and
def.com.
abc.comcontains SCOM 2012 infrastructure (Mgmt Servers (MS1, MS2), Ops DB, Reporting DWDB).
abc.com
1. Created SCOM Admins
Global Security group
2. Created SCOM_MS_Action
domain user account (used during SCOM setup & also Local Admin on all
abc.com machines via Action Account AD group/GPO)
3. Ran MomADAdmin.exe DEV-OPSMGR12 "abc\SCOM Admins" abc\SCOM_MS_Action abc.com
(SCOM_MS_Action
added to SCOM Admins group as a result)
4. Created Auto Agent Assign
rule for abc.com
against MS1 for "servers", Run As Profile left as
default setting.
RESULT: All servers in abc.com
populated MS_PrimarySG_xxx
group as expected.
def.com
5. Created SCOM Admins
Global Security group
6. Created SCOM_AD_Assign
domain user account
7. Ran MomADAdmin.exe DEV-OPSMGR12 "def\SCOM Admins" def\SCOM_AD_Assign def.com
(SCOM_AD_Assign added to
SCOM Admins group as a result)
8. Created Run As Account (Windows) "def\SCOM_AD_Assign"
Do I need to create this?
9. Set "def\SCOM_AD_Assign"
Run As account to "More Secure"
Is"More Secure" correct, otherwise "Less Secure" causes errors on abc.com clients?
10. Created Run As Profile "def AD Agent Discovery" & assigned to
Default Management Pack
Do I need to create a new Run As Profile?
Was this the correct MP as when creating a new MP I got errors about it being unsealed when assigning to new Auto Agent Assign
rule? I was under the impression never to use the Default MP?
11. Associated "def\SCOM_AD_Assign" Run As account to "def AD Agent Discovery"
Run As Profile, targetting "All Objects"
Is this correct?
12. Created Auto Agent Assign
rule for def.com
against MS1 for "servers", Run As Profile changed to "def AD Agent Discovery."
RESULT: def.com contains OperationsManagement\DEV-OPSMGR12
container but no MS_PrimarySG_xxx
group exists?
Do I need to add my Run As account to the "Active Directory Based Agent Assignment Account" Run As Profile as well as/instead of creating a Run As Profile? - and if so, do I target All Objects, Class, Group,
Object?
Thanks in advance - I find these Run As accounts very confusing when it comes to multiple domains!OK, solved this one myself. To answer my own questions :) this is what needed to be done (whether it's entirely correct or not is up for debate, however I ended up with the result I was after, so I am happy for now):
def.com
5. Created SCOM Admins
Global Security group
6. Created SCOM_AD_Assign
domain user account
7. Ran MomADAdmin.exe DEV-OPSMGR12 "def\SCOM Admins" def\SCOM_AD_Assign def.com
(SCOM_AD_Assign added toSCOM Admins group as a result)
8. Created Run As Account (Windows) "def\SCOM_AD_Assign"
Do I need to create this?
YES
9. Set "def\SCOM_AD_Assign"Run As account to
"More Secure"
Is "More Secure" correct, otherwise "Less Secure" causes errors on abc.com clients?
YES, and added the Management Servers as "...the computers to which the credentials will be distributed"
10. Created Run As Profile "def AD Agent Discovery" & assigned to
Default Management Pack
Do I need to create a new Run As Profile?
YES
Was this the correct MP as when creating a new MP I got errors about it being unsealed when assigning to new Auto Agent Assign rule? I was under the impression
never to use the Default MP?
Questionable, I did select the Default MP, otherwise the unsealed error occured when creating the Auto Agent Assign rule
11. Associated "def\SCOM_AD_Assign" Run As account to "def AD Agent Discovery"
Run As Profile, targeting "All Objects"
Is this correct?
NO, instead I targeted the Class "AD Assignment Resource Pool"
12. Created Auto Agent Assign
rule for def.com
against MS1 for "servers", Run As Profile changed to "def AD Agent Discovery."
Do I need to add my Run As account to the "Active Directory Based Agent Assignment Account" Run As Profile as well as/instead of creating a Run As Profile? - and if so, do I target All Objects, Class, Group, Object?
NO, otherwise alerts appear in regards to abc.com discovery rules breaking. Looks like for additional domains this rule should not be touched.
RESULT: All servers in def.com
populated MS_PrimarySG_xxx
group as expected
Note: Domain Controllers should not be included in the Auto Assign rules supposedly (makes sense) so I altered the query to ensure they didn't populate in the
MS_PrimarySG_xxx group:
(&(sAMAccountType=805306369)(objectCategory=computer)(objectClass=computer)(operatingSystem=*Server*)) (!(primaryGroupID=516))
(!(primaryGroupID=516)) equates to exclude DCs.
Hope this helps others
Steve -
Deploying SCOM 2012 Agents to untrusted Forests/Domain
Can we deploy SCOM 2012 agents to untrusted forest/domain? I don't want to use SCCM 2012 for installing agents via package deployment. Pls suggest.
Regards,
RaviYes, You can deploy SCOM Agent to untrusted domain manually and using Certificate.
For deployment scom Agent, you can refer below links
http://www.toolzz.com/?p=279
http://jimmoldenhauer.blogspot.com/2012/11/scom-2012-deploying-agents-to-untrusted.html
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali -
SCSM 2012 with 2003 domain functional level supported?
All,
I am running SCCM 2007. Now I need to install Service Manager 2012SP1. Domain functional level is 2003 with 2008 DC.
will this allow me to install SCSM 2012SP1 with full features? or will it be reduced functionality?
will there be any schema extension when I install SCSM 2012? pleas note we already have SCCM 2007 running.
can I upgrade SCCM 2007 to SCCM 2012?
it would be helpful if you could share some link about whether its possible or not.
Thanks.
KailashCThomas,
Thanks for your response. Can I do a direct upgrade SCCM 2007 SP3 to SCCM 2012 or do I need to plan a migration? I mean fresh install SCCM 2012 and then migrate the data over ?
Thanks.
KailashC -
Hi All,
It looks like in SCOM 2012 there are two ways to monitor a web application (URL monitoring):
Way no 1: (Using the Web Application Transaction Monitoring template)
Way no 2: (Using the Web
Application Availability Monitoring template)
We have created some monitors using
Web Application Availability Monitoring to check if URL is up without any authentication method.
However, we have few URLs for which we need Client Certificates to be used for accessing them but found no option in SCOM 2012 to configured the certificates.
I have searched a lot on the Tech Net library but no clue. Does anyone know how to successfully monitor an URL requiring certificate authentication on SCOM 2012 ? or, at least, using no matter which method?
Thanks.
Regards,
Raju.Hi,
Based on my research, it is not possible by using the built-in monitoring templates. Both of them handles “normal”, server-side, SSL-certs, and the transaction monitor handles basic/digest/NTLM authentication, but client certificate based authentication
is not a configurable option.
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?
Hi,
my current servers:
Domain Controllers= Windows Server 2012 R2 (current domain functional level is windows 2008 R2)
Mail servers= Exchange 2010 SP3 on Windows 2008 R2
Lync= Lync 2010 on Windows server 2008 R2
What is the effect if I Raise my domain functional level to Windows Server 2012 R2 ?
I am very worried about Exchange & Lync if we do this action
please adviceDo not raise the forest functional level higher if you have or will have any domain controllers running
an earlier version of Windows Server , which is (windows Nt4.0, Window 2000 or windows 2003)
but as a matter of fact I dont see any of those in your network so you can easily upgrade the funtional level without any issues
Listed below link has the table which shows the effects of upgrading the domain functional levels to Windows 2012
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels
http://www.arabitpro.com -
hi,
I have recently tried to install the O365 Management Pack on our SCOM 2012 Mgmt Server. I ran into the following requirements:
O365 MP needs:
System Center Core Library / Microsoft.SystemCenter.Library 7.0.8432.0, currently 7.0.8427.0
Health Library / System.Health.Library 7.0.8432.0, currently 7.0.8427.0
Microsoft.SystemCenter.Visualization.Library / Microsoft.SystemCenter.Visualization.Library 7.0.9538.0, currently 7.0.8560
Unfortunately, our current libraries are not at the level of the requirements. How/where can I get the required MPs ? I thought O365 supports SCOM 2012!
dave
Hi,
Office 365 management pack:
Supported Operating System
Windows Server 2012 R2
The Office 365 Management Pack for Operations Manager is designed for the following versions of System Center Operations Manager: • System Center
Operations Manager 2012 • System Center Operations Manager 2012 SP1 • System Center Operations Manager 2012 R2
More details:
http://www.microsoft.com/en-us/download/details.aspx?id=43708
As we can see the management pack require Windows Server 2012 R2. Did your environment meet this requirement?
Regards,
Yan Li
Regards, Yan Li -
Active Directoy Domain Functional Levels - Recommendations / Requirements / Minimum ?
Hi All,
What are the Active Directoy Domain Functional Levels requirements for BizTalk 2013 R2?
Would be useful to know the same for BizTalk 2010 also.
I have been looking for sometime but cannot find any documentation.
We are planning on installing BizTalk 2013 R2 and we have a domnain functional level of 2008.
Many Thanks..Would be useful to know the same for BizTalk 2010 also.--> I am sure you would have checked this
blog post by Sandro, if not, Have a look.
Installing BizTalk Server 2010
in a Basic Multi-Computer Environment: The need for a Domain Controller – Windows Groups and Service Accounts (Part 2)
Hope this helps for you.
Greetings,HTH
Naushad Alam
When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or
Mark As Answer
alamnaushad.wordpress.com -
Non supported version of SQL with new install of SCOM 2012 SP1
I have SQL 2012 SP1 running on Server 2012. I have tried the SCOM installation with and without CU2 (to fix the 1618 installation error)
SC VMM installed cleanly and appears to work.
The install for SCOM produces an error that says, "The installed version of SQL Server is not supported". I have not been able to find any log from the install that has that error in it.
Also, I have not been able to determine the true requirements of the SQL server for SCOM. (I found dock SCOM 2012 RTM and SQL 2008 R2, but noting for 2012 SP1.
Can someone point me to the correct place for the install log with (hopefully more information) and/or the requrements for the SQL installation?
RoyThe log is not created yet because it has not started the install.
The firewall is the most common issue indeed. Temporarily Disable the firewall and see whether you can continue.
Are you using a developers edition? The only 2 editions supported are standard and Enterprise.
The true requirements for SCOM 2012 sp1:
We recommend that you check for updates and hotfixes for SQL Server. Note the following database considerations for Operations Manager:
SQL Server 2008 R2 and SQL Server 2012 are available in both Standard and Enterprise editions. Operations Manager will function with both editions.
Operations Manager does not support hosting its databases or SQL Server Reporting Services on a 32-bit edition of SQL Server.
Using a different version of SQL Server for different Operations Manager features is not supported. The same version should be used for all features.
SQL Server collation settings for all databases must be one of the following: SQL_Latin1_General_CP1_CI_AS, French_CI_AS, Cyrillic_General_CI_AS, Chinese_PRC_CI_AS, Japanese_CI_AS, Traditional_Spanish_CI_AS, or Latin1_General_CI_AS. No other collation
settings are supported.
The SQL Server Agent service must be started, and the startup type must be set to automatic.
Side-by-side installation of System Center Operations Manager 2007 R2 reporting and System Center 2012 Service Pack 1 (SP1), Operations Manager reporting on the same server is not supported.
The db_owner role for the operational database must be a domain account. If you set the SQL Server Authentication to Mixed mode, and then try to add a local SQL Server login on the operational database, the Data Access service will not be able to start.
For information about how to resolve the issue, see System Center Data Access Service Start Up Failure Due to SQL Configuration Change
If you plan to use the Network Monitoring features of System Center 2012 – Operations Manager, you should move the tempdb database to a separate disk that has multiple spindles. For more information, see
tempdb Database.
Found here:
http://technet.microsoft.com/en-us/library/jj656654.aspx#BKMK_RBF_OperationsDatabase
It's doing common things uncommonly well that brings succes. -
SCOM 2012 Global Architecture, One management group or multiple?
Hi Folks,
I work for a global firm, we have multiple data caters in different regions. America, UK, Australia, China etc etc. We are looking to roll out SCOM 2012 for monitoring all systems. Our environment
1,000 Windows servers
All servers on the same Active Directory domain
10 Mbps links between data centers.
My question is around whether to use multiple management groups or one? I’ve seen recommendations for both. For example
In the Infrastructure Planning and Design guide for SCOM 2012 it is stated:
“A centralized management model with large remote locations works best with a management group in each region and a local management group (which provides a consolidated view of alerts and status) in the parent location. In this case, the centralized management
group connects through the software development kit (SDK) and functions as an additional console on each of the connected management groups.”
However moderators in this forum have stated
“Each management group has its own set of SQL Servers and Management Servers \ Gateways. It also adds considerably to administrative overhead. I'd try to avoid
multiple management groups where possible.”
” It will get expensive in terms of hardware and software with multiple management groups and you will duplicate a lot of work with regards to overrides”
“If you go with multiple Management Groups then you would need to add on a fair number of SQL licenses plus additional hardware. “
“Presumably if I have multiple management groups will that mean I will have to
create rules for each Management Group- correct. Same
with overrides. It could add a lot of administrative overhead. “
It would seem easier to just deploy one management group with the management servers in one datacenter but I’m concerned with performance. I’ve heard
stories about SCOM deployments architected in this way not performing well because of network latency. i.e admins from all regions besides the region local to the SCOM deployment not wanting to use SCOM because application performance is too slow.
What would the SCOM experts recommend for this scenario?
MH1) My question is around whether to use multiple management groups or one?
Factors to consider in determine the number of Management group
• Scaling
• Agents separated from their management server by WAN-speed network links
• Political, administrative or security requirements within the organization requiring separate management groups.
• A view of AD DS topology required across multiple forests.
• A dedicated management group required for auditing purposes.
• Disaster recovery functionality required.
• Consolidated views of connected management groups required in Operations Manager.
• Operations Manager integration with the VMM console.
With refer to your situation
a) 1,000 Windows servers
b) All servers on the same Active Directory domain
c) 10 Mbps links between data centers.
It is suggest that one Management group is required.
2) It would seem easier to just deploy one management group with the management servers in one datacenter but I’m concerned with performance
It is recommend that you should deploy Gateway server in region office which has more than 10 agents.
• Gateway server reduce network bandwidth utilization. Agents located across WAN links consume network bandwidth, potentially affecting service delivery to and from the remote location. A gateway server can consolidate the traffic.
Roger -
Upgrade to Server 2012 R2 domain controllers from 2003
I am at a loss as to what I did wrong here. Everything seems to be working fine except for one subnet (which is behind a hardware firewall).
We had two Server 2003 domain controllers and one of them was failing. I raised the forest functional level of our old primary domain controllers to 2003. I built the first replacement Server 2012 R2 domain controller. Added the AD DS roles
and promoted it as a domain controller. I let it sit for a couple days. The FSMO roles were currently being handled by our other 2003 domain controller. Once this had been sitting for a while (don't recall how long) I ran dcpromo on the failing
server and demoted it. Once demoted I shut it down and pulled it out of the rack. I then built our second 2012 R2 server and gave it the same IP as the failing one. Installed the AD DS roles and integrated DNS as prompted by the wizard.
I then made it the operations master for Schema master, Domain naming master, PDC, RID pool manager, and Infrastructure master. Then I ran dcpromo on the second 2003 domain controller to demote it and removed it from the network. I then demoted
the first new controller (DC03) changed the hostname and IP to the name and IP of the second 2003 controller and promoted it again. I'm not sure at what point things broke, but everything works from the same subnet that the domain controllers are in,
just not a second subnet that is through a hardware firewall. I don't see anything getting blocked while watching firewall logs so I don't think the firewall is the issue.
Here is the dcdiag and ipconfig from the first controller (which has all 5 FSMO roles).
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\username>dcdiag /v /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine WGDDC01, is a Directory Server.
Home Server = WGDDC01
* Connecting to directory service on server WGDDC01.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=wgd,DC=inet
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=wgd,DC=inet,LD
AP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WGDDC01,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=WGDDC02,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=wgd,DC=inet
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WGDDC01
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... WGDDC01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WGDDC01
Test omitted by user request: Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Test omitted by user request: FrsEvent
Test omitted by user request: DFSREvent
Test omitted by user request: SysVolCheck
Test omitted by user request: KccEvent
Test omitted by user request: KnowsOfRoleHolders
Test omitted by user request: MachineAccount
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Test omitted by user request: ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Test omitted by user request: Replications
Test omitted by user request: RidManager
Test omitted by user request: Services
Test omitted by user request: SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: VerifyReferences
Test omitted by user request: VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... WGDDC01 failed test DNS
Running partition tests on : DomainDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : ForestDnsZones
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Schema
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : Configuration
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running partition tests on : wgd
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : wgd.inet
Starting test: DNS
Test results for domain controllers:
DC: WGDDC01.wgd.inet
Domain: wgd.inet
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2012 R2 Standard (Service Pack level:
0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000010] Broadcom NetXtreme Gigabit Ethernet:
MAC address is B0:83:FE:C1:98:07
IP Address is static
IP address: 10.240.1.23
DNS servers:
10.240.1.23 (WGDDC01) [Valid]
10.240.1.24 (WGDDC02) [Valid]
127.0.0.1 (WGDDC01) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS s
erver is running)
[Error details: 5 (Type: Win32 - Description: Access is denied
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 10.240.1.23 (WGDDC01)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS server: 10.240.1.24 (WGDDC02)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
Domain: wgd.inet
WGDDC01 PASS WARN n/a n/a n/a
n/a n/a
......................... wgd.inet passed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC01
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.23
10.240.1.24
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
When I try to bind a machine to the domain I get an error message that says "
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "wgd.inet":
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.wgd.inet
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.240.1.24
10.240.1.23
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
Please let me know if I'm missing something or if there are other things I can check.
Thanks!
I forgot to mention that after the 2003 domain controllers were out of the environment, I raised the domain and forest functional level to 2012 R2. All clients in the environment are Windows XP Pro or above. The XP Pro boxes will be going away as
soon as our vendor supports their software to run on Windows 7.We now have 2 2012 R2 DCs. The 2003 DCs are gone. Metadata from the old DCs is all cleaned up. DNS seems to be working fine in 3 out of 4 subnets. The 4th is behind a hardware firewall and I can see the IP address of the machine I am trying to bind to the
domain connecting to the two new domain controllers but the client machine that is trying to bind gives an error. An Active Directory Domain Controller for the domain wgd.inet could not be contacted. It seems that this is just a DNS issue for one
particular subnet (10.240.2.0/24). This subnet is setup in AD Sites and Services\Sites\Subnets\10.240.2.0/24 (Site: Default-First-Site-Name).
When trying to do anything with nslookup from the 10.240.2.0/24 subnet it times out. The route is there and I can watch it connect through our hardware firewall over port 53.
DC01
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master WGDDC01.wgd.inet
Domain naming master WGDDC01.wgd.inet
PDC WGDDC01.wgd.inet
RID pool manager WGDDC01.wgd.inet
Infrastructure master WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC01
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter WGD_INET:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-98-07
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.23
10.240.1.24
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{2C28B0FA-6BF8-4201-A6DA-081AED63B496}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe>
DC02
Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.
C:\Users\dsmythe>netdom query fsmo
Schema master WGDDC01.wgd.inet
Domain naming master WGDDC01.wgd.inet
PDC WGDDC01.wgd.inet
RID pool manager WGDDC01.wgd.inet
Infrastructure master WGDDC01.wgd.inet
The command completed successfully.
C:\Users\dsmythe>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : WGDDC02
Primary Dns Suffix . . . . . . . : wgd.inet
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : wgd.inet
Ethernet adapter NIC1:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : B0-83-FE-C1-9F-74
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.240.1.24(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.240.1.1
DNS Servers . . . . . . . . . . . : 10.240.1.24
10.240.1.23
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{4F45E51E-FC2F-49ED-85CF-0750A9EEECF5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\dsmythe>
Maybe you are looking for
-
I have an ABAP wrapper program that generates a job with multiple steps using JOB_OPEN, SUBMIT...VIA JOB and JOB_CLOSE. The generated job will have multiple steps and each step can have an error message. How do I code SUBMIT statement to allow proces
-
External hard drive, restore problem! Files are gone...?
All the files are gone... but the folders are still there. Here is what happened: Step 1 I restored everything from main HD (two disk striped RAID) to external hard disk (Western Digital MyBook 1TB ). The external disk was mac formated (Mac OS Extend
-
Hi! We have two companies in our building, Company A and Company B. Company A has 50 client computers and one brand new DC (Win 2012 R2 Std). Company B has 5 clients and one established DC (Win 2008 R2 Foundation). I work for Company A and I have th
-
How to binding and change VM property value when DataTrigger?
Hi all, Please see the below code. The current work is when mouse over myButton then set textbox value as 3. Then binding this value to ViewModel property, at this time, the new value of ViewModel property also be 3. The textbox just like a bridge. C
-
Is there a way to apply an effect (same settings) on multiple files?
I think the title pretty much says it all. I know that I can create a preset and for the dozen or so files I'm working with now that's not such a big deal, but if I get work through this client I could be working with fifty or so files and the time t