Re: Domain conroller does not show active directory
- From: Abdul Baseer <AbdulBaseer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun, 28 Aug 2005 09:37:02 -0700
the below is the complete dcdiag report
any sugessions please.
* Analyzing the connection topology for
DC=newjed,DC=hyderabad,DC=gov,DC=s
a.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones
,DC=hyderabad,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones
,DC=hyderabad,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Conf
iguration,DC=hyderabad,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,
DC=hyderabad,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=hyderabad,DC=gov,
DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=Tamir,DC=Jedda
h,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=newjed,DC=Jedd
ah,DC=gov,DC=sa.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=hyderabad,DC=gov,DC=sa
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=hyderabad,DC=gov,DC=sa
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=hyderabad,DC=gov,DC=sa
(Configuration,Version 2)
* Security Permissions Check for
DC=hyderabad,DC=gov,DC=sa
(Domain,Version 2)
* Security Permissions Check for
DC=Tamir,DC=hyderabad,DC=gov,DC=sa
(Domain,Version 1)
* Security Permissions Check for
DC=newjed,DC=hyderabad,DC=gov,DC=sa
(Domain,Version 1)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DC1 passed test NetLogons
Starting test: Advertising
Fatal Error:DsGetDcName (DC1) call failed, error 1355
The Locator could not find the server.
......................... DC1 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
Role Domain Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First
-Site-Name,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
Role PDC Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
Role Rid Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=DC1,CN=Servers,C
N=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* dc1.hyderabad.gov.sa is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1103 to 1602
* rIDPreviousAllocationPool is 1103 to 1602
* rIDNextRID: 1602
* Warning :Next rid pool not allocated
* Warning :There is less than 0% available RIDs in the current pool
......................... DC1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/dc1.hyderabad.gov.sa/hyderabad.gov.sa
* SPN found :LDAP/dc1.hyderabad.gov.sa
* SPN found :LDAP/DC1
* SPN found :LDAP/dc1.hyderabad.gov.sa/hyderabad
* SPN found
:LDAP/96f72f07-302d-4d70-b910-0815f1bb7289._msdcs.hyderabad.go
v.sa
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/96f72f07-302d-4d70-b9
10-0815f1bb7289/hyderabad.gov.sa
* SPN found :HOST/dc1.hyderabad.gov.sa/hyderabad.gov.sa
* SPN found :HOST/dc1.hyderabad.gov.sa
* SPN found :HOST/DC1
* SPN found :HOST/dc1.hyderabad.gov.sa/hyderabad
* SPN found :GC/dc1.hyderabad.gov.sa/hyderabad.gov.sa
......................... DC1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=hyderabad,DC=gov,DC=sa
Checking for CN=DC1,OU=Domain Controllers,DC=hyderabad,DC=gov,DC=sa
in dom
ain DC=hyderabad,DC=gov,DC=sa on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-N
ame,CN=Sites,CN=Configuration,DC=hyderabad,DC=gov,DC=sa in domain
CN=Configuration,
DC=hyderabad,DC=gov,DC=sa on 1 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/28/2005 15:54:43
Event String: The File Replication Service is having trouble
enabling replication from DC2 to DC1 for
c:\windows\sysvol\domain using the DNS name
Dc2.hyderabad.gov.sa. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
Dc2.hyderabad.gov.sa from this computer.
[2] FRS is not running on Dc2.hyderabad.gov.sa.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... DC1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... DC1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00004105
Time Generated: 08/28/2005 18:51:42
Event String: The maximum account identifier allocated to this
domain controller has been assigned. The domain
controller has failed to obtain a new identifier
pool. A possible reason for this is that the
domain controller has been unable to contact the
master domain controller. Account creation on
this controller will fail until a new pool has
been allocated. There may be network or
connectivity problems in the domain, or the
master domain controller may be offline or
missing from the domain. Verify that the master
domain controller is running and connected to the
domain.
An Error Event occured. EventID: 0x0000410B
Time Generated: 08/28/2005 18:51:42
Event String: The request for a new account-identifier pool
failed. The operation will be retried until the
request succeeds. The error is
"
The requested FSMO operation failed. The current FSMO holder could not be
contac
ted.
"
An Error Event occured. EventID: 0x00004105
Time Generated: 08/28/2005 18:51:53
Event String: The maximum account identifier allocated to this
domain controller has been assigned. The domain
controller has failed to obtain a new identifier
pool. A possible reason for this is that the
domain controller has been unable to contact the
master domain controller. Account creation on
this controller will fail until a new pool has
been allocated. There may be network or
connectivity problems in the domain, or the
master domain controller may be offline or
missing from the domain. Verify that the master
domain controller is running and connected to the
domain.
An Error Event occured. EventID: 0x00004105
Time Generated: 08/28/2005 18:52:25
Event String: The maximum account identifier allocated to this
domain controller has been assigned. The domain
controller has failed to obtain a new identifier
pool. A possible reason for this is that the
domain controller has been unable to contact the
master domain controller. Account creation on
this controller will fail until a new pool has
been allocated. There may be network or
connectivity problems in the domain, or the
master domain controller may be offline or
missing from the domain. Verify that the master
domain controller is running and connected to the
domain.
......................... DC1 failed test systemlog
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=hyderabad,DC=gov,DC=sa and backlink
on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=hyderabad,DC=gov,DC=sa
are correct.
The system object reference (frsComputerReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Servi
ce,CN=System,DC=hyderabad,DC=gov,DC=sa
and backlink on CN=DC1,OU=Domain
Controllers,DC=hyderabad,DC=gov,DC=sa
are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Servi
ce,CN=System,DC=hyderabad,DC=gov,DC=sa
and backlink on
CN=NTDS
Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,
CN=Configuration,DC=hyderabad,DC=gov,DC=sa
are correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : hyderabad
Starting test: CrossRefValidation
......................... hyderabad passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hyderabad passed test CheckSDRefDom
Running enterprise tests on : hyderabad.gov.sa
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... hyderabad.gov.sa passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Preferred Time Server Name: \\dc1.hyderabad.gov.sa
Locator Flags: 0xe00003e5
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... hyderabad.gov.sa failed test FsmoCheck
C:\Documents and Settings\Administrator>
"Dmitry Korolyov [MVP]" wrote:
> Does your DNS work ok? I.e. is your DC using correct DNS server? It should
> be using the server which is able to resolve ad-related records (usually the
> DNS server is installed on the DC, but this is not neccessary). I suggest
> that your check your DNS configuration before doing anything else.
>
> Also, it would be great if we were able to look at complete dcdiag /c /v log
> from that DC, as well as on errors in directory services event log.
>
> --
> Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
> MVP: Windows Server - Directory Services
>
>
> "Abdul Baseer" <AbdulBaseer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> news:EDD9A435-0519-4A2F-86B1-CAAFA861941D@xxxxxxxxxxxxxxxx
> > dear Dmitry Korolyov,
> >
> > it looks like case #2 as u said in your erlier mail plesae help me out as
> > this is a government organisation with very important users and unluckly
> > we
> > dont have addetional domain controller. and the system should be up with
> > in
> > 24 hours from now else it would be a big panalty for my firm.
> >
> > any sugessions will be of greate help.
> > regards
> > Abdul Baseer
> >
> > "Abdul Baseer" wrote:
> >
> >> the below are the results from dcdiag
> >>
> >> Starting test: FsmoCheck
> >> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
> >> A Global Catalog Server could not be located - All GC's are
> >> down.
> >> Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
> >> A Primary Domain Controller could not be located.
> >> The server holding the PDC role is down.
> >> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> >> A Time Server could not be located.
> >> The server holding the PDC role is down.
> >> Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
> >> A KDC could not be located - All the KDCs are down.
> >> ......................... domain.com failed test FsmoCheck
> >>
> >> any sugessions will be of great help.
> >>
> >> "Dmitry Korolyov [MVP]" wrote:
> >>
> >> > THere are two main possible reasons:
> >> > 1) The dc with RID Master FSMO role for your domain could not be
> >> > contacted
> >> > (because it is offline, unreachable etc)
> >> > 3) The DC with RID Master FSMO role for your domain is screwed up, and
> >> > you
> >> > have a RID collision. This is a very very bad thing to have, so let's
> >> > hope
> >> > your case is #1
> >> >
> >> > To troubleshoot it, use any available utility to verify connectivity
> >> > with
> >> > RID master (repomon, dcdiag etc).
> >> >
> >> > --
> >> > Dmitry Korolyov [d__k@xxxxxxxxxxxxxxxxxxxxxx]
> >> > MVP: Windows Server - Directory Services
> >> >
> >> >
> >> > "Abdul Baseer" <AbdulBaseer@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
> >> > news:464E7861-B730-4E19-B25F-0FF7F317041C@xxxxxxxxxxxxxxxx
> >> > > users are not able to create and i even ot able to add any machine to
> >> > > domiain controller i got the error as below
> >> > >
> >> > > the windows can not create objects because the directory service has
> >> > > exceeded the pool of relative identifiers.
> >> > >
> >> >
> >> >
> >> >
>
>
>
.
- Follow-Ups:
- Re: Domain conroller does not show active directory
- From: Dmitry Korolyov [MVP]
- Re: Domain conroller does not show active directory
- References:
- Domain conroller does not show active directory
- From: Abdul Baseer
- Re: Domain conroller does not show active directory
- From: Dmitry Korolyov [MVP]
- Re: Domain conroller does not show active directory
- From: Abdul Baseer
- Re: Domain conroller does not show active directory
- From: Abdul Baseer
- Re: Domain conroller does not show active directory
- From: Dmitry Korolyov [MVP]
- Domain conroller does not show active directory
- Prev by Date: Re: TCP/IP Urgent help
- Next by Date: Re: Domain conroller does not show active directory
- Previous by thread: Re: Domain conroller does not show active directory
- Next by thread: Re: Domain conroller does not show active directory
- Index(es):
Relevant Pages
|
