Re: BDC DCDIAG Problem
- From: "kj" <kj@xxxxxxxxxxx>
- Date: Tue, 21 Nov 2006 10:23:38 -0700
Testing server: Default-First-Site-Name\BDCr
You have a second AD SITE with the same subnet as the first site? Why?"
This is what dcpromo gave me, if there is something incorrect here I would
like to change it but I am not sure how or where to do so - please advise
if
possible.
Hmm, maybe somebody slipped %me% some de-cafe.
3) Directory Service and File Replication are working fine on both PDC
and
BDC.
[BDC] Directory Binding Error -2146892976:
It may be replicating, but there still is an issue. Have you run the windows
server Security Configuration Wizard on this server perhaps?
Please run and post unedited output from the following. (posting your
internal domain names and private ip address is not a security risk.) If you
feel you must "munge" settings, please do so accurately
netdiag /v
dcdiag /c /v /e
I'd suggest running both from each DC. You should get similar results, but
it is good to have a baseline at this point.
--
/kj
"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:F9314BC9-DFC0-4304-9423-40521C3ED103@xxxxxxxxxxxxxxxx
Hello kj,
I have had some time to go through the issues you raised on our network
and
I have corrected some and still seek answers on others.
1) the additional DNS entries were used for secure website access - that
has changed and we do not need them anymore, so I have reduced all this
down
to using host headers and 1 Ip.
2) the DNS was removed and reinstalled on the BDC, and all is fine.
3) Directory Service and File Replication are working fine on both PDC
and
BDC.
4) Have run DCDIAG and DCDIAG /Test:DNS on PDC (SBS2003) and all is fine.
5) Have run DCDIAG on BDC and still have error - This is where I need
help.
I ran DCPROMO to set up the BDC and it ran fine; It did whatever it did
and
I end up with whatever it gave me. I have included the ipconfig /all and
DCDIAG from the BDC below.
You had mentioned
"Testing server: Default-First-Site-Name\BDCr
You have a second AD SITE with the same subnet as the first site? Why?"
This is what dcpromo gave me, if there is something incorrect here I would
like to change it but I am not sure how or where to do so - please advise
if
possible.
Thanks
Paul
******************************************
IPCONFIG /ALL
Windows IP Configuration
Host Name . . . . . . . . . . . . : BDC
Primary Dns Suffix . . . . . . . : DOMAIN.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : DOMAIN.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection
Physical Address. . . . . . . . . : 00-12-50-60-FD-45
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
192.168.16.4
Primary WINS Server . . . . . . . : 192.168.16.2
************************************************
DCDIAG REPORT
Domain Controller Diagnosis
Performing initial setup:
[BDC] Directory Binding Error -2146892976:
The system detected a possible attempt to compromise security. Please
ensure
that you can contact the server that authenticated you.
This may limit some of the tests that can be performed.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
[BDC] DsBindWithSpnEx() failed with error -2146892976,
The system detected a possible attempt to compromise security.
Please
ensure that you can contact the server that authenticated you..
......................... BDC failed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\BDC
Skipping all tests, because server BDC is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : DOMAIN
Starting test: CrossRefValidation
......................... DOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DOMAIN passed test CheckSDRefDom
Running enterprise tests on : DOMAIN.local
Starting test: Intersite
......................... DOMAIN.local passed test Intersite
Starting test: FsmoCheck
......................... DOMAIN.local passed test FsmoCheck
"kj" wrote:
Hmm. I'm a little confused here.
The BDC "main" ip address is ....
Does this DC have more than one NIC?, If so why, and if not, why the
addtional IP's bound to one NIC?
made BDC a
secondary DNS server
You configured the DC as a DNS "Secondary" (Read Only zone)? If so,
you
should undo this. Just have DNS installed, no need to create "anything"
at
this point. Configure this server to use the other DC for DNS until
replication is completed.
Testing server: Default-First-Site-Name\2ndryDNSserver
You have a second AD SITE with the same subnet as the first site?
Why?
--
/kj
"Paul" <Paul@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:92FAEE8F-18C6-47C1-9F2D-67A835431D86@xxxxxxxxxxxxxxxx
I am setting up a BDC in an SBS2003 network and have run dcpromo, made
BDC
a
secondary DNS server, and have made the BDC a GC. After restart I
noticed
a
warning in the File Replication Service event log.
Source: NtFrs Event ID: 13508
The File Replication Service is having trouble enabling replication
from PDC to BDC for c:\windows\sysvol\domain using the DNS name
PDCservername.domainname.local ...
Network appears to be running fine, no blazing errors to speak of, but
something needs tweaking here. Unfortunately I am not well versed in
this
area and need assistance in resolution. I have attached IPConfig /all
and
DCDiag.exe results below.
Any assistance is appreciated greatly.
Paul
IPConfig /all yields the following (Note that I have some IPs setup for
websites on this server, Main IP for the BDC is 192.168.16.4, PDC is
192.168.16.2, Firewall is 192.168.16.1; 1 NIC in PDC):
Windows IP Configuration
Host Name . . . . . . . . . . . . : BDC
Primary Dns Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : domainname.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network
Connection
Physical Address. . . . . . . . . : 00-12-50-60-FD-45
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.16.8
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.6
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.16.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.16.1
DNS Servers . . . . . . . . . . . : 192.168.16.2
Primary WINS Server . . . . . . . : 192.168.16.2
DCDiag.exe yields the following:
Domain Controller Diagnosis
Performing initial setup:
[2ndryDNSserver] Directory Binding Error -2146892976:
The system detected a possible attempt to compromise security.
Please
ensure
that you can contact the server that authenticated you.
This may limit some of the tests that can be performed.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\2ndryDNSserver
Starting test: Connectivity
The host
41df6d50-a4cf-4e8f-be9c-233c1d23dafe._msdcs.domainname.loca
l could not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(41df6d50-a4cf-4e8f-be9c-233c1d23dafe._msdcs.domainname.local)
couldn't be resolved, the server name
(2ndryDNSserver.domainname.local)
resolved to the IP address (192.168.16.4) and was pingable.
Check
that the IP address is registered correctly with the DNS
server.
......................... 2ndryDNSserver failed test
Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\2ndryDNSserver
Skipping all tests, because server 2ndryDNSserver is
not responding to directory service requests
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : domainname
Starting test: CrossRefValidation
......................... domainname passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... domainname passed test CheckSDRefDom
Running enterprise tests on : domainname.local
Starting test: Intersite
......................... domainname.local passed test
Intersite
Starting test: FsmoCheck
[2ndryDNSserver] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
......................... domainname.local passed test
FsmoCheck
.
- Follow-Ups:
- Re: BDC DCDIAG Problem
- From: Paul
- Re: BDC DCDIAG Problem
- From: Paul
- Re: BDC DCDIAG Problem
- References:
- BDC DCDIAG Problem
- From: Paul
- Re: BDC DCDIAG Problem
- From: kj
- Re: BDC DCDIAG Problem
- From: Paul
- BDC DCDIAG Problem
- Prev by Date: Re: Personnel Changes
- Next by Date: Re: Problem accessing one user's folder
- Previous by thread: Re: BDC DCDIAG Problem
- Next by thread: Re: BDC DCDIAG Problem
- Index(es):
Relevant Pages
|
