Re: dcdiag errors
- From: "Gerry Armstrong" <gerrya@xxxxxxxxxxx>
- Date: Wed, 7 Dec 2005 07:54:16 -0400
Brenda, thanks for your reply but I think I may have solved this issue now.
I had DNS issues as well as the TimeServer service was disabled. I am hoping
fixing both of those problems will prevent this event from reoccuring, if it
doesn't then I will re-post with the reports you requested.
Thanks for your response, its good to know that people do get answers here.
Gerry.
""Brandy Nee [MSFT]"" <v-branee@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:%23pZ1j2v%23FHA.1236@xxxxxxxxxxxxxxxxxxxxxxxx
> Hello Gerry,
>
> Thank you for posting to the SBS Newsgroup.
>
> I understand that there are two DCs (SBS 2K3 Server and Windows Server
> 2003) in domain. You got DCdiag error on the SBS Server. if I have
> misunderstood your concern, please let me know.
>
> I have read through the DCdiag you pasted to Newsgroup. I noticed
> following
> error information, please see:
>
> ===========
>
> There are warning or error events within the last 24 hours after
> the
>
> SYSVOL has been shared. Failing SYSVOL replication problems may
> cause
>
> Group Policy problems.
> An Warning Event occured. EventID: 0x800034C4
> Time Generated: 12/06/2005 00:47:11
> (Event String could not be retrieved)
> ......................... TOWNER-S1 failed test frsevent
> Starting test: kccevent
> * The KCC Event log test
> Found no KCC errors in Directory Service Event log in the last 15
> minutes.
> ......................... TOWNER-S1 passed test kccevent
> Starting test: systemlog
> * The System Event log test
> An Error Event occured. EventID: 0x40000005
> Time Generated: 12/06/2005 07:58:51
> Event String: The kerberos client received a KRB_AP_ERR_TKT_NYV
>
> error from the server LOIS$. This indicates that
>
> the ticket used against that server is not yet
>
> valid (in relationship to that server time).
>
> ===========
>
> Based on my research,
>
> Event ID 0x800034C4 means EVENT_FRS_LONG_JOIN.
>
> Event ID 0x40000005 means Access is Denied.
>
> Due to lack of information for research, I need your help to gather
> following information for research:
>
> 1. On the SBS Server, run "eventvwr" (without quotation marks), right
> click
> Application, select Save Log File As. Please save the log file as .evt
> file. Please also perform the same steps to gather the Security and System
> Event Log. Zip these three log files, and send to my mailbox:
> v-branee@xxxxxxxxxxxxxx
>
> 2. On the Windows Server 2003, perform the same steps above, and send the
> log file to me.
>
> 3. Is there any detail symptom on the SBS Server? I mean does SBS Server
> function well?
>
> 4. I also found following information for you, please see:
>
> a. On the SBS Server, run "services.msc" (without quotation marks), make
> sure that File Replication Service is enable and running as Automatic.
>
> b. If you got any Event ID describe in the following KB article, please
> see:
>
> FRS Event Log Error Codes
> http://support.microsoft.com/?id=308406
>
> Please take your time to perform the steps above and collect the
> information for us to troubleshoot your issue. I am looking forward to
> hearing from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check
> the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In
> doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
>
>
> --------------------
>>From: "Gerry Armstrong" <gerrya@xxxxxxxxxxx>
>>Newsgroups: microsoft.public.windows.server.sbs
>>Subject: dcdiag errors
>>Date: Tue, 6 Dec 2005 08:50:26 -0400
>>Organization: Posted via Supernews, http://www.supernews.com
>>Message-ID: <11pb27doluna563@xxxxxxxxxxxxxxxxxx>
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2527
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2527
>>X-RFC2646: Format=Flowed; Original
>>X-Complaints-To: abuse@xxxxxxxxxxxxx
>>Lines: 284
>>Path:
> TK2MSFTNGXA02.phx.gbl!TK2MSFTNGP08.phx.gbl!newsfeed00.sul.t-online.de!t-onli
> ne.de!83.128.0.12.MISMATCH!news-out2.kabelfoon.nl!newsfeed.kabelfoon.nl!xind
> i.nntp.kabelfoon.nl!138.199.65.86.MISMATCH!sn-ams-06!sn-ams-03!sn-post-ams-0
> 1!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
>>Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:228081
>>X-Tomcat-NG: microsoft.public.windows.server.sbs
>>
>>Guys, I have a smal domain with two controllers, one SBS2003 and one
>>Standard 2003 server. I am getting the below results on the SBS2003 server
>>which was the initial controller at this installation, the Standard 2003
> was
>>added recently. No errors are reported when I run dcdiag on the Standard
>>2003 server but I get some shown below on the SBS2003 server. Any
>>suggestions as to what the problem is and how to fix it will be welcome!
>>
>>Domain Controller Diagnosis
>>
>>Performing initial setup:
>> * Verifying that the local machine towner-s1, is a DC.
>> * Connecting to directory service on server towner-s1.
>> * Collecting site info.
>> * Identifying all servers.
>> * Identifying all NC cross-refs.
>> * Found 2 DC(s). Testing 1 of them.
>> Done gathering initial info.
>>
>>Doing initial required tests
>>
>> Testing server: Default-First-Site-Name\TOWNER-S1
>> Starting test: Connectivity
>> * Active Directory LDAP Services Check
>> * Active Directory RPC Services Check
>> ......................... TOWNER-S1 passed test Connectivity
>>
>>Doing primary tests
>>
>> Testing server: Default-First-Site-Name\TOWNER-S1
>> Starting test: Replications
>> * Replications Check
>> * Replication Latency Check
>> DC=ForestDnsZones,DC=towner,DC=local
>> Latency information for 1 entries in the vector were
> ignored.
>> 1 were retired Invocations. 0 were either: read-only
>>replicas and are not verifiably latent, or dc's no longer replicating this
>>nc. 0 had no latency information (Win2K DC).
>> DC=DomainDnsZones,DC=towner,DC=local
>> Latency information for 1 entries in the vector were
> ignored.
>> 1 were retired Invocations. 0 were either: read-only
>>replicas and are not verifiably latent, or dc's no longer replicating this
>>nc. 0 had no latency information (Win2K DC).
>> CN=Schema,CN=Configuration,DC=towner,DC=local
>> Latency information for 1 entries in the vector were
> ignored.
>> 1 were retired Invocations. 0 were either: read-only
>>replicas and are not verifiably latent, or dc's no longer replicating this
>>nc. 0 had no latency information (Win2K DC).
>> CN=Configuration,DC=towner,DC=local
>> Latency information for 1 entries in the vector were
> ignored.
>> 1 were retired Invocations. 0 were either: read-only
>>replicas and are not verifiably latent, or dc's no longer replicating this
>>nc. 0 had no latency information (Win2K DC).
>> DC=towner,DC=local
>> Latency information for 1 entries in the vector were
> ignored.
>> 1 were retired Invocations. 0 were either: read-only
>>replicas and are not verifiably latent, or dc's no longer replicating this
>>nc. 0 had no latency information (Win2K DC).
>> * Replication Site Latency Check
>> ......................... TOWNER-S1 passed test Replications
>> Test omitted by user request: Topology
>> Test omitted by user request: CutoffServers
>> Starting test: NCSecDesc
>> * Security Permissions check for all NC's on DC TOWNER-S1.
>> * Security Permissions Check for
>> DC=ForestDnsZones,DC=towner,DC=local
>> (NDNC,Version 2)
>> * Security Permissions Check for
>> DC=DomainDnsZones,DC=towner,DC=local
>> (NDNC,Version 2)
>> * Security Permissions Check for
>> CN=Schema,CN=Configuration,DC=towner,DC=local
>> (Schema,Version 2)
>> * Security Permissions Check for
>> CN=Configuration,DC=towner,DC=local
>> (Configuration,Version 2)
>> * Security Permissions Check for
>> DC=towner,DC=local
>> (Domain,Version 2)
>> ......................... TOWNER-S1 passed test NCSecDesc
>> Starting test: NetLogons
>> * Network Logons Privileges Check
>> Verified share \\TOWNER-S1\netlogon
>> Verified share \\TOWNER-S1\sysvol
>> ......................... TOWNER-S1 passed test NetLogons
>> Starting test: Advertising
>> The DC TOWNER-S1 is advertising itself as a DC and having a DS.
>> The DC TOWNER-S1 is advertising as an LDAP server
>> The DC TOWNER-S1 is advertising as having a writeable directory
>> The DC TOWNER-S1 is advertising as a Key Distribution Center
>> The DC TOWNER-S1 is advertising as a time server
>> The DS TOWNER-S1 is advertising as a GC.
>> ......................... TOWNER-S1 passed test Advertising
>> Starting test: KnowsOfRoleHolders
>> Role Schema Owner = CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>> Role Domain Owner = CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>> Role PDC Owner = CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>> Role Rid Owner = CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>> Role Infrastructure Update Owner = CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>> ......................... TOWNER-S1 passed test
>> KnowsOfRoleHolders
>> Starting test: RidManager
>> * Available RID Pool for the Domain is 2609 to 1073741823
>> * towner-s1.towner.local is the RID Master
>> * DsBind with RID Master was successful
>> * rIDAllocationPool is 1609 to 2108
>> * rIDPreviousAllocationPool is 1609 to 2108
>> * rIDNextRID: 1631
>> ......................... TOWNER-S1 passed test RidManager
>> Starting test: MachineAccount
>> Checking machine account for DC TOWNER-S1 on DC TOWNER-S1.
>> * SPN found :LDAP/towner-s1.towner.local/towner.local
>> * SPN found :LDAP/towner-s1.towner.local
>> * SPN found :LDAP/TOWNER-S1
>> * SPN found :LDAP/towner-s1.towner.local/TOWNER
>> * SPN found
>>:LDAP/c309bfa7-ea14-49dc-9430-2518c993b3a0._msdcs.towner.local
>> * SPN found
>>:E3514235-4B06-11D1-AB04-00C04FC2DCD2/c309bfa7-ea14-49dc-9430-2518c993b3a0/
> towner.local
>> * SPN found :HOST/towner-s1.towner.local/towner.local
>> * SPN found :HOST/towner-s1.towner.local
>> * SPN found :HOST/TOWNER-S1
>> * SPN found :HOST/towner-s1.towner.local/TOWNER
>> * SPN found :GC/towner-s1.towner.local/towner.local
>> ......................... TOWNER-S1 passed test MachineAccount
>> Starting test: Services
>> * Checking Service: Dnscache
>> * Checking Service: NtFrs
>> * Checking Service: IsmServ
>> IsmServ Service is stopped on [TOWNER-S1]
>> * Checking Service: kdc
>> * Checking Service: SamSs
>> * Checking Service: LanmanServer
>> * Checking Service: LanmanWorkstation
>> * Checking Service: RpcSs
>> * Checking Service: w32time
>> * Checking Service: NETLOGON
>> ......................... TOWNER-S1 failed test Services
>> Test omitted by user request: OutboundSecureChannels
>> Starting test: ObjectsReplicated
>> TOWNER-S1 is in domain DC=towner,DC=local
>> Checking for CN=TOWNER-S1,OU=Domain
> Controllers,DC=towner,DC=local
>>in domain DC=towner,DC=local on 1 servers
>> Object is up-to-date on all servers.
>> Checking for CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>>in domain CN=Configuration,DC=towner,DC=local on 1 servers
>> Object is up-to-date on all servers.
>> ......................... TOWNER-S1 passed test ObjectsReplicated
>> Starting test: frssysvol
>> * The File Replication Service SYSVOL ready test
>> File Replication Service's SYSVOL is ready
>> ......................... TOWNER-S1 passed test frssysvol
>> Starting test: frsevent
>> * The File Replication Service Event log test
>> There are warning or error events within the last 24 hours after
>>the
>>
>> SYSVOL has been shared. Failing SYSVOL replication problems may
>>cause
>>
>> Group Policy problems.
>> An Warning Event occured. EventID: 0x800034C4
>> Time Generated: 12/06/2005 00:47:11
>> (Event String could not be retrieved)
>> ......................... TOWNER-S1 failed test frsevent
>> Starting test: kccevent
>> * The KCC Event log test
>> Found no KCC errors in Directory Service Event log in the last 15
>>minutes.
>> ......................... TOWNER-S1 passed test kccevent
>> Starting test: systemlog
>> * The System Event log test
>> An Error Event occured. EventID: 0x40000005
>> Time Generated: 12/06/2005 07:58:51
>> Event String: The kerberos client received a
>> KRB_AP_ERR_TKT_NYV
>>
>>error from the server LOIS$. This indicates that
>>
>>the ticket used against that server is not yet
>>
>>valid (in relationship to that server time).
>>
>>Contact your system administrator to make sure
>>
>>the client and server times are in sync, and that
>>
>>the KDC in realm TOWNER.LOCAL is in sync with
>>
>>the KDC in the client realm.
>> ......................... TOWNER-S1 failed test systemlog
>> Test omitted by user request: VerifyReplicas
>> Starting test: VerifyReferences
>> The system object reference (serverReference)
>>
>> CN=TOWNER-S1,OU=Domain Controllers,DC=towner,DC=local and
> backlink
>>on
>>
>>
> CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration
> ,DC=towner,DC=local
>>
>> are correct.
>> The system object reference (frsComputerReferenceBL)
>>
>> CN=TOWNER-S1,CN=Domain System Volume (SYSVOL share),CN=File
>>Replication Service,CN=System,DC=towner,DC=local
>>
>> and backlink on CN=TOWNER-S1,OU=Domain
>>Controllers,DC=towner,DC=local
>>
>> are correct.
>> The system object reference (serverReferenceBL)
>>
>> CN=TOWNER-S1,CN=Domain System Volume (SYSVOL share),CN=File
>>Replication Service,CN=System,DC=towner,DC=local
>>
>> and backlink on
>>
>> CN=NTDS
>>Settings,CN=TOWNER-S1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
> figuration,DC=towner,DC=local
>>
>> are correct.
>> ......................... TOWNER-S1 passed test VerifyReferences
>> Test omitted by user request: VerifyEnterpriseReferences
>> Test omitted by user request: CheckSecurityError
>>
>> Running partition tests on : ForestDnsZones
>> Starting test: CrossRefValidation
>> ......................... ForestDnsZones passed test
>>CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... ForestDnsZones passed test
>> CheckSDRefDom
>>
>> Running partition tests on : DomainDnsZones
>> Starting test: CrossRefValidation
>> ......................... DomainDnsZones passed test
>>CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... DomainDnsZones passed test
>> CheckSDRefDom
>>
>> Running partition tests on : Schema
>> Starting test: CrossRefValidation
>> ......................... Schema passed test CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Schema passed test CheckSDRefDom
>>
>> Running partition tests on : Configuration
>> Starting test: CrossRefValidation
>> ......................... Configuration passed test
>>CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... Configuration passed test CheckSDRefDom
>>
>> Running partition tests on : towner
>> Starting test: CrossRefValidation
>> ......................... towner passed test CrossRefValidation
>> Starting test: CheckSDRefDom
>> ......................... towner passed test CheckSDRefDom
>>
>> Running enterprise tests on : towner.local
>> Starting test: Intersite
>> Skipping site Default-First-Site-Name, this site is outside the
>>scope
>>
>> provided by the command line arguments provided.
>> ......................... towner.local passed test Intersite
>> Starting test: FsmoCheck
>> GC Name: \\towner-s1.towner.local
>> Locator Flags: 0xe00003fd
>> PDC Name: \\towner-s1.towner.local
>> Locator Flags: 0xe00003fd
>> Time Server Name: \\towner-s1.towner.local
>> Locator Flags: 0xe00003fd
>> Preferred Time Server Name: \\towner-s1.towner.local
>> Locator Flags: 0xe00003fd
>> KDC Name: \\towner-s1.towner.local
>> Locator Flags: 0xe00003fd
>> ......................... towner.local passed test FsmoCheck
>> Test omitted by user request: DNS
>> Test omitted by user request: DNS
>>
>>
>>
>
.
- Follow-Ups:
- Re: dcdiag errors
- From: "Brandy Nee [MSFT]"
- Re: dcdiag errors
- References:
- dcdiag errors
- From: Gerry Armstrong
- RE: dcdiag errors
- From: "Brandy Nee [MSFT]"
- dcdiag errors
- Prev by Date: RE: Outgoing Faxing
- Next by Date: Cannot connect to server
- Previous by thread: RE: dcdiag errors
- Next by thread: Re: dcdiag errors
- Index(es):
Relevant Pages
|
