Re: DNS Nightmare - Can't create forward zone

Yahoo! I've managed to get somewhere... I've now got a DNS service with
an AD-integrated forward zone set up.

There are still some worrying items in the output from dcdiag though -
I've included the output below in the hope that someone can shed some
light on my (new?) problem.

================

Command Line: "dcdiag.exe /v /d /c"

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine ag-dbsvr, is a DC.
* Connecting to directory service on server ag-dbsvr.
ag-dbsvr.currentTime = 20060505121831.0Z
ag-dbsvr.highestCommittedUSN = 307279
ag-dbsvr.isSynchronized = 1
ag-dbsvr.isGlobalCatalogReady = 1
* Collecting site info.
* Identifying all servers.
AG-DBSVR.currentTime = 20060505121831.0Z
AG-DBSVR.highestCommittedUSN = 307279
AG-DBSVR.isSynchronized = 1
AG-DBSVR.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.


===============================================Printing out pDsInfo

GLOBAL:
ulNumServers=2
pszRootDomain=mydomain.net
pszNC=
pszRootDomainFQDN=DC=mydomain,DC=net
pszConfigNc=CN=Configuration,DC=mydomain,DC=net
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mydomain,DC=net
iSiteOptions=0
dwTombstoneLifeTimeDays=60

dwForestBehaviorVersion=0

HomeServer=1, AG-DBSVR

SERVER: pServer[0].pszName=TEMPSVR
pServer[0].pszGuidDNSName=7ae70e6f-3be2-45c3-a013-04661ca67912._msdcs.mydomain.net
pServer[0].pszDNSName=tempsvr.mydomain.net
pServer[0].pszDn=CN=NTDS
Settings,CN=TEMPSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pServer[0].pszComputerAccountDn=(null)
pServer[0].uuidObjectGuid=7ae70e6f-3be2-45c3-a013-04661ca67912
pServer[0].uuidInvocationId=7ae70e6f-3be2-45c3-a013-04661ca67912
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=00000000 00000000

pServer[0].ftRemoteConnectTime=00000000 00000000

pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[2]=DC=mydomain,DC=net

SERVER: pServer[1].pszName=AG-DBSVR
pServer[1].pszGuidDNSName=1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net
pServer[1].pszDNSName=ag-dbsvr.mydomain.net
pServer[1].pszDn=CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pServer[1].pszComputerAccountDn=CN=AG-DBSVR,OU=Domain
Controllers,DC=mydomain,DC=net
pServer[1].uuidObjectGuid=1750286d-b0a6-4633-a9d0-63967c9a5fcb
pServer[1].uuidInvocationId=45155c5d-16a3-4ddf-952c-325ec78e6707
pServer[1].iSite=0 (Default-First-Site-Name)
pServer[1].iOptions=1
pServer[1].ftLocalAcquireTime=059f5850 01c6703e

pServer[1].ftRemoteConnectTime=058c4580 01c6703e

pServer[1].ppszMasterNCs:
ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[2]=DC=mydomain,DC=net

SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pSites[0].pszISTG=CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pSites[0].iSiteOption=0

pSites[0].cServers=2

NC: pNCs[0].pszName=Schema
pNCs[0].pszDn=CN=Schema,CN=Configuration,DC=mydomain,DC=net

pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[0].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[0].aCrInfo[0].iSourceServer=1
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=


NC: pNCs[1].pszName=Configuration
pNCs[1].pszDn=CN=Configuration,DC=mydomain,DC=net

pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[1].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[1].aCrInfo[0].iSourceServer=1
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=


NC: pNCs[2].pszName=mydomain
pNCs[2].pszDn=DC=mydomain,DC=net

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=IBUSINESS,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[2].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[2].aCrInfo[0].iSourceServer=1
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=


3 NC TARGETS: Schema, Configuration, mydomain,
1 TARGETS: AG-DBSVR,

=============================================Done Printing pDsInfo

Doing initial required tests

Testing server: Default-First-Site-Name\AG-DBSVR
Starting test: Connectivity
* Active Directory LDAP Services Check
Failure Analysis: AG-DBSVR ... OK.
* Active Directory RPC Services Check
......................... AG-DBSVR passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AG-DBSVR
Starting test: Replications
* Replications Check
CN=Schema,CN=Configuration,DC=mydomain,DC=net has 2 cursors.
[Replications Check,AG-DBSVR] A recent replication attempt
failed:
From TEMPSVR to AG-DBSVR
Naming Context:
CN=Schema,CN=Configuration,DC=mydomain,DC=net
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2006-05-05 12:50:32.
The last success occurred at 2006-04-25 14:58:36.
231 failures have occurred since the last success.
[TEMPSVR] DsBindWithSpnEx() failed with error 1722,
Win32 Error 1722.
Printing RPC Extended Error Info:
Error Record 1, ProcessID is 1128 (DcDiag)
System Time is: 5/5/2006 12:18:52:250
Generating component is 8 (winsock)
Status is 1722: The RPC server is unavailable.

Detection location is 323
Error Record 2, ProcessID is 1128 (DcDiag)
System Time is: 5/5/2006 12:18:52:250
Generating component is 8 (winsock)
Status is 1237: The operation could not be completed. A
retry should be performed.

Detection location is 313
Error Record 3, ProcessID is 1128 (DcDiag)
System Time is: 5/5/2006 12:18:52:250
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to
respond.

Detection location is 311
NumberOfParameters is 3
Long val: 135
Pointer val: 0
Pointer val: 0
Error Record 4, ProcessID is 1128 (DcDiag)
System Time is: 5/5/2006 12:18:52:250
Generating component is 8 (winsock)
Status is 10060: A connection attempt failed because the
connected party did not properly respond after a period of time, or
established connection failed because connected host has failed to
respond.

Detection location is 318
The source remains down. Please check the machine.
CN=Configuration,DC=mydomain,DC=net has 2 cursors.
[Replications Check,AG-DBSVR] A recent replication attempt
failed:
From TEMPSVR to AG-DBSVR
Naming Context: CN=Configuration,DC=mydomain,DC=net
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2006-05-05 12:50:11.
The last success occurred at 2006-04-25 15:29:41.
231 failures have occurred since the last success.
The source remains down. Please check the machine.
DC=mydomain,DC=net has 2 cursors.
[Replications Check,AG-DBSVR] A recent replication attempt
failed:
From TEMPSVR to AG-DBSVR
Naming Context: DC=mydomain,DC=net
The replication generated an error (1722):
Win32 Error 1722
The failure occurred at 2006-05-05 12:49:50.
The last success occurred at 2006-04-25 15:28:35.
239 failures have occurred since the last success.
The source remains down. Please check the machine.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
AG-DBSVR: Current time is 2006-05-05 13:18:31.
CN=Schema,CN=Configuration,DC=mydomain,DC=net
Last replication recieved from TEMPSVR at 2006-04-25
14:58:36.
CN=Configuration,DC=mydomain,DC=net
Last replication recieved from TEMPSVR at 2006-04-25
15:29:41.
DC=mydomain,DC=net
Last replication recieved from TEMPSVR at 2006-04-25
15:28:35.
* Replication Site Latency Check
Site Settings = CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
[0x904de,v=306,t=2006-05-05
12:39:29,g=45155c5d-16a3-4ddf-952c-325ec78e6707,orig=307254,local=307254]
Elapsed time (sec) = 2363
......................... AG-DBSVR passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... AG-DBSVR passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
* Performing downstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
* Analyzing the alive system replication topology for
CN=Configuration,DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
* Performing downstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
* Analyzing the alive system replication topology for
DC=mydomain,DC=net.
* Performing upstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
* Performing downstream (of target) analysis.
DsReplicaSyncAllW failed with error Win32 Error 8440.
......................... AG-DBSVR passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC AG-DBSVR.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydomain,DC=net
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mydomain,DC=net
(Configuration,Version 2)
* Security Permissions Check for
DC=mydomain,DC=net
(Domain,Version 2)
......................... AG-DBSVR passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\AG-DBSVR\netlogon
Verified share \\AG-DBSVR\sysvol
......................... AG-DBSVR passed test NetLogons
Starting test: Advertising
The DC AG-DBSVR is advertising itself as a DC and having a DS.
The DC AG-DBSVR is advertising as an LDAP server
The DC AG-DBSVR is advertising as having a writeable directory
The DC AG-DBSVR is advertising as a Key Distribution Center
The DC AG-DBSVR is advertising as a time server
The DS AG-DBSVR is advertising as a GC.
......................... AG-DBSVR passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
Role Domain Owner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
Role PDC Owner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
Role Rid Owner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
......................... AG-DBSVR passed test
KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID
Manager$,CN=System,DC=mydomain,DC=net
* Available RID Pool for the Domain is 3863 to 1073741823
fSMORoleOwner = CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
* ag-dbsvr.mydomain.net is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=AG-DBSVR,OU=Domain
Controllers,DC=mydomain,DC=net
* rIDAllocationPool is 2863 to 3362
* rIDPreviousAllocationPool is 2863 to 3362
* rIDNextRID: 2879
......................... AG-DBSVR passed test RidManager
Starting test: MachineAccount
Checking machine account for DC AG-DBSVR on DC AG-DBSVR.
* SPN found :LDAP/ag-dbsvr.mydomain.net/mydomain.net
* SPN found :LDAP/ag-dbsvr.mydomain.net
* SPN found :LDAP/AG-DBSVR
* SPN found :LDAP/ag-dbsvr.mydomain.net/IBUSINESS
* SPN found
:LDAP/1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/1750286d-b0a6-4633-a9d0-63967c9a5fcb/mydomain.net
* SPN found :HOST/ag-dbsvr.mydomain.net/mydomain.net
* SPN found :HOST/ag-dbsvr.mydomain.net
* SPN found :HOST/AG-DBSVR
* SPN found :HOST/ag-dbsvr.mydomain.net/IBUSINESS
* SPN found :GC/ag-dbsvr.mydomain.net/mydomain.net
......................... AG-DBSVR passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... AG-DBSVR passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... AG-DBSVR passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
AG-DBSVR is in domain DC=mydomain,DC=net
Checking for CN=AG-DBSVR,OU=Domain
Controllers,DC=mydomain,DC=net in domain DC=mydomain,DC=net on 1
servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
in domain CN=Configuration,DC=mydomain,DC=net on 1 servers
Object is up-to-date on all servers.
......................... AG-DBSVR passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... AG-DBSVR passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 05/05/2006 12:23:54
(Event String could not be retrieved)
......................... AG-DBSVR failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8025082C
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x8025082C
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000748
Time Generated: 05/05/2006 13:19:28
(Event String could not be retrieved)
......................... AG-DBSVR failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 12:52:19
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was

LDAP/ag-dbsvr.mydomain.net/mydomain.net@xxxxxxxxxxxxx

This indicates that the password used to encrypt

the kerberos service ticket is different than

that on the target server. Commonly, this is due

to identically named machine accounts in the

target realm (mydomain.NET), and the client

realm. Please contact your system

administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 12:53:09
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was cifs/ag-dbsvr.mydomain.net. This

indicates that the password used to encrypt the

kerberos service ticket is different than that on

the target server. Commonly, this is due to

identically named machine accounts in the target

realm (mydomain.NET), and the client realm.

Please contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 12:55:37
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was LDAP/AG-DBSVR. This indicates that the

password used to encrypt the kerberos service

ticket is different than that on the target

server. Commonly, this is due to identically

named machine accounts in the target realm

(mydomain.NET), and the client realm.

Please contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 13:05:23
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was

LDAP/ag-dbsvr.mydomain.net/mydomain.net.

This indicates that the password used to encrypt

the kerberos service ticket is different than

that on the target server. Commonly, this is due

to identically named machine accounts in the

target realm (mydomain.NET), and the client

realm. Please contact your system

administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 13:05:23
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was

LDAP/ag-dbsvr.mydomain.net/IBUSINESS. This

indicates that the password used to encrypt the

kerberos service ticket is different than that on

the target server. Commonly, this is due to

identically named machine accounts in the target

realm (mydomain.NET), and the client realm.

Please contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 13:18:52
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was

LDAP/1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net.

This indicates that the password used to encrypt

the kerberos service ticket is different than

that on the target server. Commonly, this is due

to identically named machine accounts in the

target realm (mydomain.NET), and the client

realm. Please contact your system

administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 05/05/2006 13:22:01
Event String: The kerberos client received a

KRB_AP_ERR_MODIFIED error from the server

host/ag-dbsvr.mydomain.net. The target name

used was cifs/AG-DBSVR. This indicates that the

password used to encrypt the kerberos service

ticket is different than that on the target

server. Commonly, this is due to identically

named machine accounts in the target realm

(mydomain.NET), and the client realm.

Please contact your system administrator.
......................... AG-DBSVR failed test systemlog
Starting test: VerifyReplicas
......................... AG-DBSVR passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=AG-DBSVR,OU=Domain Controllers,DC=mydomain,DC=net and
backlink

on


CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net

are correct.
The system object reference (frsComputerReferenceBL)

CN=AG-DBSVR,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=mydomain,DC=net

and backlink on

CN=AG-DBSVR,OU=Domain Controllers,DC=mydomain,DC=net are
correct.
The system object reference (serverReferenceBL)

CN=AG-DBSVR,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=mydomain,DC=net

and backlink on

CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net

are correct.
......................... AG-DBSVR passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various
important DN

references. Note, that these problems can be reported
because of

latency in replication. So follow up to resolve the following

problems, only if the same problem is reported on all DCs for
a given

domain or if the problem persists after replication has had

reasonable time to replicate changes.
[1] Problem: Missing Expected Value

Base Object:


CN=TEMPSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net

Base Object Description: "Server Object"

Value Object Attribute: serverReference

Value Object Description: "DC Account Object"

Recommended Action: This could hamper authentication (and
thus

replication, etc). Check if this server is deleted, and
if so

clean up this DCs Account Object. If the problem persists
and

this is not a deleted DC, authoratively restore the DSA
object from

a good copy, for example the DSA on the DSA's home server.


[2] Problem: Missing Expected Value

Base Object:

CN=NTSERVER,OU=Domain Controllers,DC=mydomain,DC=net

Base Object Description: "DC Account Object"

Value Object Attribute Name: serverReferenceBL

Value Object Description: "Server Object"

Recommended Action: Check if this server is deleted, and
if so

clean up this DCs Account Object.


[3] Problem: Missing Expected Value

Base Object:

CN=NTSERVER,OU=Domain Controllers,DC=mydomain,DC=net

Base Object Description: "DC Account Object"

Value Object Attribute Name: frsComputerReferenceBL

Value Object Description: "SYSVOL FRS Member Object"

Recommended Action: See Knowledge Base Article: Q312862


[4] Problem: Missing Expected Value

Base Object:

CN=TEMPSVR,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=mydomain,DC=net

Base Object Description: "SYSVOL FRS Member Object"

Value Object Attribute Name: frsComputerReference

Value Object Description: "DC Account Object"

Recommended Action: Check if this server is deleted, and
if so

clean up this DCs SYSVOL FRS Member Object. Also see
Knowledge

Base Article: Q312862


......................... AG-DBSVR failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
DcDiag: uncaught exception raised, continuing search


===============

Specifically, why on earth is the PDC role not working? I had hoped
that all of these issues would magically disappear once the DNS issue
was rectified!

Thanks again for all your help, and thanks in advance for the help I
hope you're going to give with this one! ;-)

Berty

.

Relevant Pages

  • Re: DNS Nightmare - Cant create forward zone
    ... the server "tempsvr.mydomain.net" object. ... Verifying that the local machine ag-dbsvr, ... The replication generated an error: ... Performing downstream (of target) analysis. ...
    (microsoft.public.win2000.active_directory)
  • Re: AD replication not working on new DC
    ... Testing server: main\main-2K1 ... Replication Latency Check ... Performing upstream analysis. ... Performing downstream (of target) analysis. ...
    (microsoft.public.windows.server.active_directory)
  • Re: AD Replication fails with RPC error
    ... Connecting to directory service on server tahoe. ... Replication Site Latency Check ... Performing upstream analysis. ... Performing downstream (of target) analysis. ...
    (microsoft.public.windows.server.active_directory)
  • Re: SBS2003 + tombstoned WIN2K DC
    ... The replication generated an error: ... Performing upstream analysis. ... Performing downstream (of target) analysis. ... Server is not responding or is not considered suitable. ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 and Replication Errors with Remote DC
    ... I just promoted the remote DC last week, so I still have time to solve the replication issues. ... Domain Controller Diagnosis ... Connecting to directory service on server alpha. ... Performing upstream analysis. ...
    (microsoft.public.windows.server.sbs)