Re: AD replication not working on new DC
- From: Saic@SWN <SaicSWN@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 16 Apr 2009 09:25:02 -0700
DCDIAG for main-fs01 (part 2):
Doing initial required tests
Testing server: main\main-2K1
Starting test: Connectivity
* Active Directory LDAP Services Check
main-2K1.currentTime = 20090416141000.0Z
main-2K1.highestCommittedUSN = 13541069
main-2K1.isSynchronized = 1
main-2K1.isGlobalCatalogReady = 1
Failure Analysis: main-2K1 ... OK.
* Active Directory RPC Services Check
......................... main-2K1 passed test Connectivity
Testing server: main\main-EX
Starting test: Connectivity
* Active Directory LDAP Services Check
main-EX.currentTime = 20090416141000.0Z
main-EX.highestCommittedUSN = 4473423
main-EX.isSynchronized = 1
main-EX.isGlobalCatalogReady = 1
Failure Analysis: main-EX ... OK.
* Active Directory RPC Services Check
......................... main-EX passed test Connectivity
Testing server: main\main-BA
Starting test: Connectivity
* Active Directory LDAP Services Check
main-BA.currentTime = 20090416141000.0Z
main-BA.highestCommittedUSN = 6131959
main-BA.isSynchronized = 1
main-BA.isGlobalCatalogReady = 1
Failure Analysis: main-BA ... OK.
* Active Directory RPC Services Check
......................... main-BA passed test Connectivity
Testing server: main\main-AB
Starting test: Connectivity
* Active Directory LDAP Services Check
main-AB.currentTime = 20090416141002.0Z
main-AB.highestCommittedUSN = 8170397
main-AB.isSynchronized = 1
main-AB.isGlobalCatalogReady = 1
Failure Analysis: main-AB ... OK.
* Active Directory RPC Services Check
......................... main-AB passed test Connectivity
Testing server: main\main-FS01
Starting test: Connectivity
* Active Directory LDAP Services Check
Failure Analysis: main-FS01 ... OK.
* Active Directory RPC Services Check
......................... main-FS01 passed test Connectivity
Doing primary tests
Testing server: main\main-2K1
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=mainetwork,DC=org has 3 cursors.
DC=DomainDnsZones,DC=mainetwork,DC=org has 3 cursors.
CN=Schema,CN=Configuration,DC=mainetwork,DC=org has 14 cursors.
CN=Configuration,DC=mainetwork,DC=org has 14 cursors.
DC=mainetwork,DC=org has 14 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=mainetwork,DC=org
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=mainetwork,DC=org
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=mainetwork,DC=org
Latency information for 10 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 1 had no latency information (Win2K DC).
CN=Configuration,DC=mainetwork,DC=org
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=mainetwork,DC=org
Latency information for 10 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 1 had no latency information (Win2K DC).
* Replication Site Latency Check
Site Settings = CN=NTDS Site
Settings,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
[0x904de,v=68106,t=2009-04-16
09:45:03,g=f7465443-5524-46f4-8b85-c9c56fa4d8f8,orig=4473372,local=13541009]
Elapsed time (sec) = 1501
......................... main-2K1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... main-2K1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... main-2K1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC main-2K1.
* Security Permissions Check for
DC=ForestDnsZones,DC=mainetwork,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mainetwork,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mainetwork,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=mainetwork,DC=org
(Domain,Version 2)
......................... main-2K1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\main-2K1\netlogon
Verified share \\main-2K1\sysvol
......................... main-2K1 passed test NetLogons
Starting test: Advertising
The DC main-2K1 is advertising itself as a DC and having a DS.
The DC main-2K1 is advertising as an LDAP server
The DC main-2K1 is advertising as having a writeable directory
The DC main-2K1 is advertising as a Key Distribution Center
The DC main-2K1 is advertising as a time server
The DS main-2K1 is advertising as a GC.
......................... main-2K1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
......................... main-2K1 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=mainetwork,DC=org
* Available RID Pool for the Domain is 8102 to 1073741823
fSMORoleOwner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
* main-2K1.mainetwork.org is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=main-2K1,OU=Domain
Controllers,DC=mainetwork,DC=org
* rIDAllocationPool is 1102 to 1601
* rIDPreviousAllocationPool is 1102 to 1601
* rIDNextRID: 1274
......................... main-2K1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC main-2K1 on DC main-2K1.
* SPN found :LDAP/main-2K1.mainetwork.org/mainetwork.org
* SPN found :LDAP/main-2K1.mainetwork.org
* SPN found :LDAP/main-2K1
* SPN found :LDAP/main-2K1.mainetwork.org/main
* SPN found
:LDAP/256fd3a7-5170-4a3e-abe4-cc1c61dbd1ef._msdcs.mainetwork.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/256fd3a7-5170-4a3e-abe4-cc1c61dbd1ef/mainetwork.org
* SPN found :HOST/main-2K1.mainetwork.org/mainetwork.org
* SPN found :HOST/main-2K1.mainetwork.org
* SPN found :HOST/main-2K1
* SPN found :HOST/main-2K1.mainetwork.org/main
* SPN found :GC/main-2K1.mainetwork.org/mainetwork.org
......................... main-2K1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... main-2K1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... main-2K1 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
main-2K1 is in domain DC=mainetwork,DC=org
Checking for CN=main-2K1,OU=Domain Controllers,DC=mainetwork,DC=org
in domain DC=mainetwork,DC=org on 5 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org in domain CN=Configuration,DC=mainetwork,DC=org on 5 servers
Object is up-to-date on all servers.
......................... main-2K1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... main-2K1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the SYSVOL has been shared. Failing SYSVOL replication problems may
cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/15/2009 13:17:20
(Event String could not be retrieved)
......................... main-2K1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... main-2K1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... main-2K1 passed test systemlog
Starting test: VerifyReplicas
......................... main-2K1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=main-2K1,OU=Domain Controllers,DC=mainetwork,DC=org and backlink on
CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
are correct.
The system object reference (frsComputerReferenceBL)
CN=main-2K1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=mainetwork,DC=org and backlink on
CN=main-2K1,OU=Domain Controllers,DC=mainetwork,DC=org are correct.
The system object reference (serverReferenceBL)
CN=main-2K1,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=mainetwork,DC=org and backlink on
CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org are correct.
......................... main-2K1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... main-2K1 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC main-AB for domain mainetwork.org in site main
Checking machine account for DC main-2K1 on DC main-AB.
* SPN found :LDAP/main-2K1.mainetwork.org/mainetwork.org
* SPN found :LDAP/main-2K1.mainetwork.org
* SPN found :LDAP/main-2K1
* SPN found :LDAP/main-2K1.mainetwork.org/main
* SPN found
:LDAP/256fd3a7-5170-4a3e-abe4-cc1c61dbd1ef._msdcs.mainetwork.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/256fd3a7-5170-4a3e-abe4-cc1c61dbd1ef/mainetwork.org
* SPN found :HOST/main-2K1.mainetwork.org/mainetwork.org
* SPN found :HOST/main-2K1.mainetwork.org
* SPN found :HOST/main-2K1
* SPN found :HOST/main-2K1.mainetwork.org/main
* SPN found :GC/main-2K1.mainetwork.org/mainetwork.org
Checking for CN=main-2K1,OU=Domain Controllers,DC=mainetwork,DC=org
in domain DC=mainetwork,DC=org on 2 servers
Object is up-to-date on all servers.
[main-2K1] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... main-2K1 passed test CheckSecurityError
Testing server: main\main-EX
Starting test: Replications
* Replications Check
CN=Schema,CN=Configuration,DC=mainetwork,DC=org has 14 cursors.
CN=Configuration,DC=mainetwork,DC=org has 14 cursors.
DC=mainetwork,DC=org has 14 cursors.
* Replication Latency Check
CN=Schema,CN=Configuration,DC=mainetwork,DC=org
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=mainetwork,DC=org
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=mainetwork,DC=org
Latency information for 9 entries in the vector were ignored.
9 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
Site Settings = CN=NTDS Site
Settings,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
[0x904de,v=68106,t=2009-04-16
09:45:03,g=f7465443-5524-46f4-8b85-c9c56fa4d8f8,orig=4473372,local=4473372]
Elapsed time (sec) = 1517
......................... main-EX passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... main-EX passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=mainetwork,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... main-EX passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC main-EX.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mainetwork,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mainetwork,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=mainetwork,DC=org
(Domain,Version 2)
......................... main-EX passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\main-EX\netlogon
Verified share \\main-EX\sysvol
......................... main-EX passed test NetLogons
Starting test: Advertising
The DC main-EX is advertising itself as a DC and having a DS.
The DC main-EX is advertising as an LDAP server
The DC main-EX is advertising as having a writeable directory
The DC main-EX is advertising as a Key Distribution Center
The DC main-EX is advertising as a time server
The DS main-EX is advertising as a GC.
......................... main-EX passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
......................... main-EX passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=mainetwork,DC=org
* Available RID Pool for the Domain is 8102 to 1073741823
fSMORoleOwner = CN=NTDS
Settings,CN=main-2K1,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org
* main-2K1.mainetwork.org is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=main-EX,OU=Domain
Controllers,DC=mainetwork,DC=org
* rIDAllocationPool is 6102 to 6601
* rIDPreviousAllocationPool is 6102 to 6601
* rIDNextRID: 6144
......................... main-EX passed test RidManager
Starting test: MachineAccount
Checking machine account for DC main-EX on DC main-EX.
* SPN found :LDAP/main-ex.mainetwork.org/mainetwork.org
* SPN found :LDAP/main-ex.mainetwork.org
* SPN found :LDAP/main-EX
* SPN found :LDAP/main-ex.mainetwork.org/main
* SPN found
:LDAP/18f59a89-e9e8-4cef-ab46-2bc6fec94aae._msdcs.mainetwork.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/18f59a89-e9e8-4cef-ab46-2bc6fec94aae/mainetwork.org
* SPN found :HOST/main-ex.mainetwork.org/mainetwork.org
* SPN found :HOST/main-ex.mainetwork.org
* SPN found :HOST/main-EX
* SPN found :HOST/main-ex.mainetwork.org/main
* SPN found :GC/main-ex.mainetwork.org/mainetwork.org
......................... main-EX passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... main-EX passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... main-EX passed test OutboundSecureChannels
Starting test: ObjectsReplicated
main-EX is in domain DC=mainetwork,DC=org
Checking for CN=main-EX,OU=Domain Controllers,DC=mainetwork,DC=org
in domain DC=mainetwork,DC=org on 5 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=main-EX,CN=Servers,CN=main,CN=Sites,CN=Configuration,DC=mainetwork,DC=org in domain CN=Configuration,DC=mainetwork,DC=org on 5 servers
Object is up-to-date on all servers.
......................... main-EX passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... main-EX passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... main-EX passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... main-EX passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... main-EX passed test systemlog
Starting test: VerifyReplicas
DcDiag: uncaught exception raised, continuing search
.
- References:
- AD replication not working on new DC
- From: Saic@SWN
- Re: AD replication not working on new DC
- From: Paul Bergson [MVP-DS]
- AD replication not working on new DC
- Prev by Date: Re: AD replication not working on new DC
- Next by Date: Re: DCPROMO /Forceremoval task
- Previous by thread: Re: AD replication not working on new DC
- Next by thread: Re: AD replication not working on new DC
- Index(es):
Relevant Pages
|
Loading
