Re: Troubleshooting DC with dcdiag

From: Mark Renoden [MSFT] (markreno_at_online.microsoft.com)
Date: 11/01/04 

Date: Tue, 2 Nov 2004 10:31:29 +1100

Hi Dave

Looking at this, it hasn't replicated successfully since 2004-08-06. This
being so, attempting to bring this DC back into replication is a bad idea
given we're past the tombstone lifetime. I'd suggest taking a look at

332199 Using the DCPROMO /FORCEREMOVAL Command to Force the Demotion of
Active
http://support.microsoft.com/?id=332199

The more information section touches on the 60 day lifetime. Your best
course of action at this stage is probably using /Forceremoval to eliminate
the DC, cleaning up the directory using metadata cleanup and rebuilding this
problematic DC from scratch. For steps to clean up the directory (as
referenced in the above mentioned article):

216498 How to remove data in Active Directory after an unsuccessful domain
http://support.microsoft.com/?id=216498

Kind regards 

-- 
Mark Renoden [MSFT]
Windows Platform Support Team
Email: markreno@online.microsoft.com
Please note you'll need to strip ".online" from my email address to email 
me; I'll post a response back to the group.
This posting is provided "AS IS" with no warranties, and confers no rights.
"Dave" <Dave@discussions.microsoft.com> wrote in message 
news:FDB5C203-7AC2-49AE-AB09-2367F293A5A5@microsoft.com...
> Communication between the sites has been spotty at best for at least the 
> last
> 6-8 weeks, but it is up continuously now.  I have no trouble logging into 
> it
> or any of the other servers/desktops that reside at that the remote 
> location.
>
> "Mark Renoden [MSFT]" wrote:
>
>> Hi Dave
>>
>> How long is a "while"?
>>
>> Kind regards
>> -- 
>> Mark Renoden [MSFT]
>> Windows Platform Support Team
>> Email: markreno@online.microsoft.com
>>
>> Please note you'll need to strip ".online" from my email address to email
>> me; I'll post a response back to the group.
>>
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>>
>> "Dave" <Dave@discussions.microsoft.com> wrote in message
>> news:1EB09D24-BCE2-4EAE-BC81-3AC84D1D579F@microsoft.com...
>> > I'm having some problems with a remote site DC after the network
>> > connection
>> > between our main site and the remote site has been down for a while. 
>> > Any
>> > insight would be greatly appreciated.  The local DC has no issues when
>> > Dcdiag
>> > is run.  Here is what I get when I run dcdiag from the remote DC:
>> > -------------------------------------------------------------------------
>> > C:\>dcdiag
>> >
>> > DC Diagnosis
>> >
>> > Performing initial setup:
>> >   Done gathering initial info.
>> >
>> > Doing initial non skippeable tests
>> >
>> >   Testing server: DOMAIN\RemoteDC
>> >      Starting test: Connectivity
>> >         ......................... RemoteDC passed test Connectivity
>> >
>> > Doing primary tests
>> >
>> >   Testing server: DOMAIN\RemoteDC
>> >      Starting test: Replications
>> >         [Replications Check,RemoteDC] A recent replication attempt 
>> > failed:
>> >            From LocalDC to RemoteDC
>> >            Naming Context: CN=Schema,CN=Configuration,DC=DOMAIN,DC=com
>> >            The replication generated an error (5):
>> >            Access is denied.
>> >            The failure occurred at 2004-11-01 15:51.22.
>> >            The last success occurred at 2004-08-06 07:57.08.
>> >            3733 failures have occurred since the last success.
>> >         [Replications Check,RemoteDC] A recent replication attempt 
>> > failed:
>> >            From LocalDC to RemoteDC
>> >            Naming Context: CN=Configuration,DC=DOMAIN,DC=com
>> >            The replication generated an error (5):
>> >            Access is denied.
>> >            The failure occurred at 2004-11-01 15:51.21.
>> >            The last success occurred at 2004-08-06 07:57.08.
>> >            3734 failures have occurred since the last success.
>> >         [Replications Check,RemoteDC] A recent replication attempt 
>> > failed:
>> >            From LocalDC to RemoteDC
>> >            Naming Context: DC=DOMAIN,DC=com
>> >            The replication generated an error (5):
>> >            Access is denied.
>> >            The failure occurred at 2004-11-01 15:51.21.
>> >            The last success occurred at 2004-08-06 07:57.07.
>> >            3733 failures have occurred since the last success.
>> >         ......................... RemoteDC passed test Replications
>> >      Starting test: NCSecDesc
>> >         ......................... RemoteDC passed test NCSecDesc
>> >      Starting test: NetLogons
>> >         ......................... RemoteDC passed test NetLogons
>> >      Starting test: Advertising
>> >         Warning: RemoteDC is not advertising as a time server.
>> >         ......................... RemoteDC failed test Advertising
>> >      Starting test: KnowsOfRoleHolders
>> >         [LocalDC] DsBind() failed with error -2146893022,
>> >         The target principal name is incorrect..
>> >         Warning: LocalDC is the Schema Owner, but is not responding to 
>> > DS
>> > RPC B
>> > ind.
>> >         [LocalDC] LDAP bind failed with error 31,
>> >         A device attached to the system is not functioning..
>> >         Warning: LocalDC is the Schema Owner, but is not responding to
>> > LDAP
>> > Bin
>> > d.
>> >         Warning: LocalDC is the Domain Owner, but is not responding to 
>> > DS
>> > RPC B
>> > ind.
>> >         Warning: LocalDC is the Domain Owner, but is not responding to
>> > LDAP
>> > Bin
>> > d.
>> >         Warning: LocalDC is the PDC Owner, but is not responding to DS 
>> > RPC
>> > Bind
>> > .
>> >         Warning: LocalDC is the PDC Owner, but is not responding to 
>> > LDAP
>> > Bind.
>> >         Warning: LocalDC is the Rid Owner, but is not responding to DS 
>> > RPC
>> > Bind
>> > .
>> >         Warning: LocalDC is the Rid Owner, but is not responding to 
>> > LDAP
>> > Bind.
>> >         Warning: LocalDC is the Infrastructure Update Owner, but is not
>> > respond
>> > ing to DS RPC Bind.
>> >         Warning: LocalDC is the Infrastructure Update Owner, but is not
>> > respond
>> > ing to LDAP Bind.
>> >         ......................... RemoteDC failed test 
>> > KnowsOfRoleHolders
>> >      Starting test: RidManager
>> >         [RemoteDC] DsBindWithCred() failed with error -2146893022. The
>> > target pr
>> > incipal name is incorrect.
>> >         ......................... RemoteDC failed test RidManager
>> >      Starting test: MachineAccount
>> >         ......................... RemoteDC passed test MachineAccount
>> >      Starting test: Services
>> >            w32time Service is stopped on [RemoteDC]
>> >            Could not open IISADMIN Service on [RemoteDC]:failed with 
>> > 1060:
>> > The s
>> > pecified service does not exist as an installed service.
>> >            Could not open SMTPSVC Service on [RemoteDC]:failed with 
>> > 1060:
>> > The sp
>> > ecified service does not exist as an installed service.
>> >         ......................... RemoteDC failed test Services
>> >      Starting test: ObjectsReplicated
>> >         ......................... RemoteDC passed test 
>> > ObjectsReplicated
>> >      Starting test: frssysvol
>> >         There are errors after the SYSVOL has been shared.
>> >         The SYSVOL can prevent the AD from starting.
>> >         ......................... RemoteDC passed test frssysvol
>> >      Starting test: kccevent
>> >         An Warning Event occured.  EventID: 0x8000061E
>> >            Time Generated: 11/01/2004   15:41:21
>> >            (Event String could not be retrieved)
>> >         An Error Event occured.  EventID: 0xC000051F
>> >            Time Generated: 11/01/2004   15:41:21
>> >            (Event String could not be retrieved)
>> >         An Warning Event occured.  EventID: 0x8000061E
>> >            Time Generated: 11/01/2004   15:41:21
>> >            (Event String could not be retrieved)
>> >         An Error Event occured.  EventID: 0xC000051F
>> >            Time Generated: 11/01/2004   15:41:21
>> >            (Event String could not be retrieved)
>> >         ......................... RemoteDC failed test kccevent
>> >      Starting test: systemlog
>> >         ......................... RemoteDC passed test systemlog
>> >
>> >   Running enterprise tests on : DOMAIN.com
>> >      Starting test: Intersite
>> >         ......................... DOMAIN.com passed test Intersite
>> >      Starting test: FsmoCheck
>> >         ......................... DOMAIN.com passed test FsmoCheck
>> >
>> >
>>
>>
>>

Relevant Pages

  • Re: Troubleshooting DC with dcdiag
    ... >>>>> RPC B ... >>>>> LDAP ... >>>>> Bind ... >>>>> pecified service does not exist as an installed service. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Troubleshooting DC with dcdiag
    ... > between our main site and the remote site has been down for a while. ... > RPC B ... > LDAP ... > Bind. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Troubleshooting DC with dcdiag
    ... >> RPC B ... >> LDAP ... >> Bind. ... >> pecified service does not exist as an installed service. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Query AD from DMZ via LDAP?
    ... You don't really need ADAM for this unless you need LDAP simple bind, ... authentication to apps on the public internet, ...
    (microsoft.public.windows.server.active_directory)
  • Re: LDAP bind authentication
    ... As far as I understand it, for authentication against an LDAP back- ... username that is entered, create a DN, and tries to do an LDAP bind ... Solaris doesn't need to use a proxy account. ...
    (comp.unix.solaris)