Re: Help with GPO problem! PLEASE!!
- From: "Adam" <Adam@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 23 Sep 2005 15:08:02 -0700
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine APEX, is a DC.
* Connecting to directory service on server APEX.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\APEX
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... APEX passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\APEX
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=executivereports,DC=com
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0
had no
latency information (Win2K DC).
CN=Configuration,DC=executivereports,DC=com
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0
had no
latency information (Win2K DC).
DC=executivereports,DC=com
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas
and are not verifiably latent, or dc's no longer replicating this nc. 0
had no
latency information (Win2K DC).
* Replication Site Latency Check
......................... APEX passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=executivereports
,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=executivereports
,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=s
aengerassociates,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=executivereports
,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=executivereports,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... APEX passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones
,DC=executivereports,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones
,DC=executivereports,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Conf
iguration,DC=executivereports,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,
DC=executivereports,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=executivereports
,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... APEX passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC APEX.
* Security Permissions Check for
DC=ForestDnsZones,DC=executivereports,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=executivereports,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=executivereports,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=executivereports,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=executivereports,DC=com
(Domain,Version 2)
......................... APEX passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\APEX\netlogon
Verified share \\APEX\sysvol
......................... APEX passed test NetLogons
Starting test: Advertising
The DC APEX is advertising itself as a DC and having a DS.
The DC APEX is advertising as an LDAP server
The DC APEX is advertising as having a writeable directory
The DC APEX is advertising as a Key Distribution Center
The DC APEX is advertising as a time server
The DS APEX is advertising as a GC.
......................... APEX passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com
Role Domain Owner = CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com
Role PDC Owner = CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=APEX,CN=Servers,
CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com
......................... APEX passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2125 to 1073741823
* APEX.executivereports.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1625 to 2124
* rIDPreviousAllocationPool is 1625 to 2124
* rIDNextRID: 1640
......................... APEX passed test RidManager
Starting test: MachineAccount
Checking machine account for DC APEX on DC APEX.
* SPN found :LDAP/APEX.executivereports.com/executivereports.com
* SPN found :LDAP/APEX.executivereports.com
* SPN found :LDAP/APEX
* SPN found :LDAP/APEX.executivereports.com/REGENT
* SPN found
:LDAP/ee851f74-aae1-43a6-bf62-689058bf3679._msdcs.executivereports.com
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/ee851f74-aae1-43a6-bf
62-689058bf3679/executivereports.com
* SPN found :HOST/APEX.executivereports.com/executivereports.com
* SPN found :HOST/APEX.executivereports.com
* SPN found :HOST/APEX
* SPN found :HOST/APEX.executivereports.com/REGENT
* SPN found :GC/APEX.executivereports.com/executivereports.com
......................... APEX passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... APEX passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... APEX passed test OutboundSecureChannels
Starting test: ObjectsReplicated
APEX is in domain DC=executivereports,DC=com
Checking for CN=APEX,OU=Domain Controllers,DC=executivereports,DC=com
in domain DC=executivereports,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=executivereports,DC=com in domain
CN=Configur
ation,DC=executivereports,DC=com on 1 servers
Object is up-to-date on all servers.
......................... APEX passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... APEX passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... APEX passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... APEX passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 09/23/2005 14:55:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/23/2005 14:55:47
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/23/2005 14:55:48
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 09/23/2005 14:55:48
(Event String could not be retrieved)
......................... APEX failed test systemlog
Starting test: VerifyReplicas
......................... APEX passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=APEX,OU=Domain Controllers,DC=executivereports,DC=com and backlink
on
CN=APEX,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
,DC=executivereports,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=APEX,CN=Domain System Volume (SYSVOL share),CN=File Replication
Serv
ice,CN=System,DC=executivereports,DC=com
and backlink on
CN=APEX,OU=Domain Controllers,DC=executivereports,DC=com are correct.
The system object reference (serverReferenceBL)
CN=APEX,CN=Domain System Volume (SYSVOL share),CN=File Replication
Serv
ice,CN=System,DC=executivereports,DC=com
and backlink on
CN=NTDS
Settings,CN=APEX,CN=Servers,CN=Default-First-Site-Name,CN=Sites
,CN=Configuration,DC=executivereports,DC=com
are correct.
......................... APEX passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... APEX passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC APEX for domain executivereports.com in site
Default-First-S
ite-Name
Checking machine account for DC APEX on DC APEX.
* SPN found :LDAP/APEX.executivereports.com/executivereports.com
* SPN found :LDAP/APEX.executivereports.com
* SPN found :LDAP/APEX
* SPN found :LDAP/APEX.executivereports.com/REGENT
* SPN found
:LDAP/ee851f74-aae1-43a6-bf62-689058bf3679._msdcs.executivereports.com
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/ee851f74-aae1-43a6-bf
62-689058bf3679/executivereports.com
* SPN found :HOST/APEX.executivereports.com/executivereports.com
* SPN found :HOST/APEX.executivereports.com
* SPN found :HOST/APEX
* SPN found :HOST/APEX.executivereports.com/REGENT
* SPN found :GC/APEX.executivereports.com/executivereports.com
[APEX] No security related replication errors were found on this
DC! T
o target the connection to a specific source DC use /ReplSource:<DC>.
......................... APEX passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : executivereports
Starting test: CrossRefValidation
......................... executivereports passed test
CrossRefValidat
ion
Starting test: CheckSDRefDom
......................... executivereports passed test CheckSDRefDom
Running enterprise tests on : executivereports.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... executivereports.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\APEX.executivereports.com
Locator Flags: 0xe00003fd
PDC Name: \\APEX.executivereports.com
Locator Flags: 0xe00003fd
Time Server Name: \\APEX.executivereports.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\APEX.executivereports.com
Locator Flags: 0xe00003fd
KDC Name: \\APEX.executivereports.com
Locator Flags: 0xe00003fd
......................... executivereports.com passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: APEX.executivereports.com
Domain: executivereports.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Servic
e Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] Intel(R) PRO/1000 MT Network Connection:
MAC address is XX:XX:XX:XX:XX:XX
IP address is static
IP address: 192.168.10.3
DNS servers:
192.168.10.3 (<name unavailable>) [Valid]
Adapter [00000008] Intel(R) PRO/100 S Server Adapter:
MAC address is XX:XX:XX:XX:XX:XX
IP address is static
IP address: XX.XXX.XX.XXX
DNS servers:
192.168.10.3 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(pri
mary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone executivereports.com.
Test record _dcdiag_test_record added successfully in zone
executivereports.com.
Test record _dcdiag_test_record deleted successfully in
zone executivereports.com.
TEST: Records registration (RReg)
Network Adapter [00000001] Intel(R) PRO/1000 MT Network
Connec
tion:
Matching A record found at DNS server 192.168.10.3:
APEX.executivereports.com
Matching CNAME record found at DNS server 192.168.10.3:
ee851f74-aae1-43a6-bf62-689058bf3679._msdcs.executivereports.com
Matching DC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.dc._msdcs.executivereports.com
Matching GC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.gc._msdcs.executivereports.com
Matching PDC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.pdc._msdcs.executivereports.com
Network Adapter [00000008] Intel(R) PRO/100 S Server
Adapter:
Matching A record found at DNS server 192.168.10.3:
APEX.executivereports.com
Matching CNAME record found at DNS server 192.168.10.3:
ee851f74-aae1-43a6-bf62-689058bf3679._msdcs.executivereports.com
Matching DC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.dc._msdcs.executivereports.com
Matching GC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.gc._msdcs.executivereports.com
Matching PDC SRV record found at DNS server 192.168.10.3:
_ldap._tcp.pdc._msdcs.executivereports.com
Summary of test results for DNS servers used by the above domain
contro
llers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9002 (Type: Win32 - Description: DNS server
failu
re.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server
failu
re.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name
does no
t exist.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server.
DNS server: 192.168.10.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the
fores
t root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: executivereports.com
APEX PASS PASS PASS PASS PASS PASS n/a
......................... executivereports.com passed test DNS
.
- References:
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- From: Adam
- Re: Help with GPO problem! PLEASE!!
- From: Steven L Umbach
- Re: Help with GPO problem! PLEASE!!
- Prev by Date: Re: Cannot remove Software Restriction Policy
- Next by Date: Re: Group Policy problem
- Previous by thread: Re: Help with GPO problem! PLEASE!!
- Next by thread: GPOStatus
- Index(es):
Relevant Pages
|
Loading
