Re: SBS2003 + tombstoned WIN2K DC
- From: jdr.smith@xxxxxxxxxx
- Date: Wed, 03 Oct 2007 09:11:17 -0700
On 3 Oct, 16:42, "kj [SBS MVP]" <KevinJ....@xxxxxxxxxxxxxxxxxx> wrote:
jdr.sm...@xxxxxxxxxx wrote:
If I ping domain.local I get a response from the IP of the tombstoned
DC not the SBS2003.
Jim.
Time to break out the AD tools (DCDiag, Netdiag) and see what's up.
dcdiag /c / v
and
netdiag
from both servers and post if needed.
SBS2003 DCDIAG servername changed to XYZ etc etc >
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine XYZ-server, is a DC.
* Connecting to directory service on server XYZ-server.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\XYZ-SERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... XYZ-SERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\XYZ-SERVER
Starting test: Replications
* Replications Check
[Replications Check,XYZ-SERVER] A recent replication attempt
failed:
From WIN2K to XYZ-SERVER
Naming Context: DC=XYZGB,DC=local
The replication generated an error (8614):
Win32 Error 8614
The failure occurred at 2007-10-03 16:55:59.
The last success occurred at 2006-10-22 15:56:20.
16941 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
XYZ-SERVER: Current time is 2007-10-03 16:59:28.
DC=XYZGB,DC=local
Last replication recieved from WIN2K at 2006-10-22
15:56:20.
WARNING: This latency is over the Tombstone Lifetime
of 60 days!
* Replication Site Latency Check
......................... XYZ-SERVER passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... XYZ-SERVER passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... XYZ-SERVER passed test
CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=XYZGB,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=XYZGB,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=XYZGB,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=XYZGB,DC=local
(Domain,Version 2)
......................... XYZ-SERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... XYZ-SERVER passed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \
\WIN2K.XYZGB.local, when we were trying to reach XYZ-SERVER.
Server is not responding or is not considered suitable.
The DC XYZ-SERVER is advertising itself as a DC and having a
DS.
The DC XYZ-SERVER is advertising as an LDAP server
The DC XYZ-SERVER is advertising as having a writeable
directory
The DC XYZ-SERVER is advertising as a Key Distribution Center
The DC XYZ-SERVER is advertising as a time server
Warning: XYZ-SERVER is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for
the GC are available.
......................... XYZ-SERVER failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Domain Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role PDC Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Rid Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
......................... XYZ-SERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* XYZ-server.XYZGB.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2109 to 2608
* rIDPreviousAllocationPool is 2109 to 2608
* rIDNextRID: 2608
* Warning :Next rid pool not allocated
* Warning :There is less than 0% available RIDs in the
current pool
......................... XYZ-SERVER passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/XYZ-server.XYZGB.local/XYZGB.local
* SPN found :LDAP/XYZ-server.XYZGB.local
* SPN found :LDAP/XYZ-SERVER
* SPN found :LDAP/XYZ-server.XYZGB.local/XYZGB
* SPN found :LDAP/16670ee9-6ca3-4f08-87f4-
efe09c2949b0._msdcs.XYZGB.local
* SPN found :E3514235-4B06-11D1-
AB04-00C04FC2DCD2/16670ee9-6ca3-4f08-87f4-efe09c2949b0/XYZGB.local
* SPN found :HOST/XYZ-server.XYZGB.local/XYZGB.local
* SPN found :HOST/XYZ-server.XYZGB.local
* SPN found :HOST/XYZ-SERVER
* SPN found :HOST/XYZ-server.XYZGB.local/XYZGB
* SPN found :GC/XYZ-server.XYZGB.local/XYZGB.local
......................... XYZ-SERVER passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
IsmServ Service is stopped on [XYZ-SERVER]
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... XYZ-SERVER failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... XYZ-SERVER passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
XYZ-SERVER is in domain DC=XYZGB,DC=local
Checking for CN=XYZ-SERVER,OU=Domain
Controllers,DC=XYZGB,DC=local in domain DC=XYZGB,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local in domain
CN=Configuration,DC=XYZGB,DC=local on 1 servers
Object is up-to-date on all servers.
......................... XYZ-SERVER passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... XYZ-SERVER passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... XYZ-SERVER passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Error Event occured. EventID: 0xC00007C4
Time Generated: 10/03/2007 16:48:32
Event String: The local domain controller has attempted
toreplicate the following object from the followingsource domain
controller. This object is notpresent on the local domain controller
because itmay have been deleted and already garbagecollected. Source
domain controller: bcf3c2c3-2aa9-4213-b4e9-
ddf4cd98457e._msdcs.XYZGB.local Object: DC="81
CNF:99788e74-74db-463a-809e-e75a8f1d1c1a",DC=0.0.10.in-
addr.arpa,CN=MicrosoftDNS,CN=System,DC=XYZGB,DC=local Object GUID:
99788e74-74db-463a-809e-e75a8f1d1c1a Replication will not continue
with the sourcedomain controller until the situation has
beenresolved. User Action Verify that the object was deleted on this
domaincontroller or in the forest. If objectrestoration is desired,
authoritatively restorethe object on the source domain controller.
Ifrestoration isn't desired, install the supporttools included on the
installation CD and use"repadmin /removelingeringobjects" on the
sourcedomain controller to remove the object from theforest and
continue replication. To allowautomatic restoration of this object and
futuresimilar objects, the following registry key canbe set. Registry
Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict
Replication Consistency
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/03/2007 16:50:45
Event String: It has been too long since this machine
lastreplicated with the named source machine. Thetime between
replications with this source hasexceeded the tombstone lifetime.
Replication hasbeen stopped with this source. The reason that
replication is not allowed tocontinue is that the two machine's views
ofdeleted objects may now be different. The sourcemachine may still
have copies of objects thathave been deleted (and garbage collected)
on thismachine. If they were allowed to replicate, thesource machine
might return objects which havealready been deleted. Time of last
successful replication:2006-10-22 15:56:20 Invocation ID of source:
0567f6cc-f6bc-0567-880b-b80458c62600 Name of source:
bcf3c2c3-2aa9-4213-b4e9-ddf4cd98457e._msdcs.XYZGB.local Tombstone
lifetime (days): 60 The replication operation has failed. User
Action: Determine which of the two machines wasdisconnected from the
forest and is now out ofdate. You have three options: 1. Demote or
reinstall the machine(s) that weredisconnected. 2. Use the "repadmin /
removelingeringobjects"tool to remove inconsistent deleted objects
andthen resume replication. 3. Resume replication. Inconsistent
deletedobjects may be introduced. You can continuereplication by using
the following registry key.Once the systems replicate once, it
isrecommended that you remove the key to reinstatethe protection.
Registry Key:HKLM\System\CurrentControlSet\Services\NTDS\Parameters
\Allow Replication With Divergent and Corrupt Partner
An Error Event occured. EventID: 0xC00007FA
Time Generated: 10/03/2007 16:55:59
Event String: It has been too long since this machine
lastreplicated with the named source machine. Thetime between
replications with this source hasexceeded the tombstone lifetime.
Replication hasbeen stopped with this source. The reason that
replication is not allowed tocontinue is that the two machine's views
ofdeleted objects may now be different. The sourcemachine may still
have copies of objects thathave been deleted (and garbage collected)
on thismachine. If they were allowed to replicate, thesource machine
might return objects which havealready been deleted. Time of last
successful replication:2006-10-22 15:56:20 Invocation ID of source:
0567f6cc-f6bc-0567-880b-0c0558c62600 Name of source:
bcf3c2c3-2aa9-4213-b4e9-ddf4cd98457e._msdcs.XYZGB.local Tombstone
lifetime (days): 60 The replication operation has failed. User
Action: Determine which of the two machines wasdisconnected from the
forest and is now out ofdate. You have three options: 1. Demote or
reinstall the machine(s) that weredisconnected. 2. Use the "repadmin /
removelingeringobjects"tool to remove inconsistent deleted objects
andthen resume replication. 3. Resume replication. Inconsistent
deletedobjects may be introduced. You can continuereplication by using
the following registry key.Once the systems replicate once, it
isrecommended that you remove the key to reinstatethe protection.
Registry Key:HKLM\System\CurrentControlSet\Services\NTDS\Parameters
\Allow Replication With Divergent and Corrupt Partner
An Error Event occured. EventID: 0xC00007C4
Time Generated: 10/03/2007 16:59:28
Event String: The local domain controller has attempted
toreplicate the following object from the followingsource domain
controller. This object is notpresent on the local domain controller
because itmay have been deleted and already garbagecollected. Source
domain controller: bcf3c2c3-2aa9-4213-b4e9-
ddf4cd98457e._msdcs.XYZGB.local Object: DC="81
CNF:99788e74-74db-463a-809e-e75a8f1d1c1a",DC=0.0.10.in-
addr.arpa,CN=MicrosoftDNS,CN=System,DC=XYZGB,DC=local Object GUID:
99788e74-74db-463a-809e-e75a8f1d1c1a Replication will not continue
with the sourcedomain controller until the situation has
beenresolved. User Action Verify that the object was deleted on this
domaincontroller or in the forest. If objectrestoration is desired,
authoritatively restorethe object on the source domain controller.
Ifrestoration isn't desired, install the supporttools included on the
installation CD and use"repadmin /removelingeringobjects" on the
sourcedomain controller to remove the object from theforest and
continue replication. To allowautomatic restoration of this object and
futuresimilar objects, the following registry key canbe set. Registry
Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Strict
Replication Consistency
......................... XYZ-SERVER failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 10/03/2007 16:47:04
Event String: The kerberos client received
aKRB_AP_ERR_MODIFIED error from the serverWKSTN02$. The target name
used was cifs/WKSTN02.This indicates that the password used to
encryptthe kerberos service ticket is different thanthat on the target
server. Commonly, this is dueto identically named machine accounts in
thetarget realm (XYZGB.LOCAL), and the client realm. Please contact
your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 10/03/2007 16:47:04
Event String: The kerberos client received
aKRB_AP_ERR_MODIFIED error from the serverWKSTN02$. The target name
used wascifs/WKSTN02.XYZGB.local. This indicates that thepassword used
to encrypt the kerberos serviceticket is different than that on the
targetserver. Commonly, this is due to identicallynamed machine
accounts in the target realm(XYZGB.LOCAL), and the client realm.
Pleasecontact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 10/03/2007 16:50:20
Event String: The kerberos client received
aKRB_AP_ERR_MODIFIED error from the serverWKSTN06$. The target name
used was cifs/WKSTN06.This indicates that the password used to
encryptthe kerberos service ticket is different thanthat on the target
server. Commonly, this is dueto identically named machine accounts in
thetarget realm (XYZGB.LOCAL), and the client realm. Please contact
your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 10/03/2007 16:50:20
Event String: The kerberos client received
aKRB_AP_ERR_MODIFIED error from the serverWKSTN06$. The target name
used wascifs/WKSTN06.XYZGB.local. This indicates that thepassword used
to encrypt the kerberos serviceticket is different than that on the
targetserver. Commonly, this is due to identicallynamed machine
accounts in the target realm(XYZGB.LOCAL), and the client realm.
Pleasecontact your system administrator.
......................... XYZ-SERVER failed test systemlog
Starting test: VerifyReplicas
......................... XYZ-SERVER passed test
VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=XYZ-
SERVER,OU=Domain Controllers,DC=XYZGB,DC=local and backlink on
CN=XYZ-SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local are correct.
The system object reference (frsComputerReferenceBL)
CN=XYZ-SERVER,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=XYZGB,DC=local and backlink
on CN=XYZ-SERVER,OU=Domain Controllers,DC=XYZGB,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=XYZ-SERVER,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=XYZGB,DC=local and backlink
on CN=NTDS Settings,CN=XYZ-SERVER,CN=Servers,CN=Default-First-
Site-Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local are
correct.
......................... XYZ-SERVER passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... XYZ-SERVER passed test
VerifyEnterpriseReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : XYZGB
Starting test: CrossRefValidation
......................... XYZGB passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... XYZGB passed test CheckSDRefDom
Running enterprise tests on : XYZGB.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope provided by the command line arguments provided.
......................... XYZGB.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\WIN2K.XYZGB.local
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\XYZ-server.XYZGB.local
Locator Flags: 0xe00003e5
KDC Name: \\WIN2K.XYZGB.local
Locator Flags: 0xe00001f8
......................... XYZGB.local failed test FsmoCheck
SBS2003 NETDIAG >
.......................................
Computer Name: XYZ-SERVER
DNS Host Name: XYZ-server.XYZGB.local
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
List of installed hotfixes :
KB819696
KB822132
KB822742
KB822743
KB822744
KB822745
KB822925
KB823559
KB823980
KB824073
KB824105
KB824139
KB824146
KB825117
KB826238
KB826936
Q147222
Netcard queries test . . . . . . . : Passed
[WARNING] The net card 'RAS Async Adapter' may not be working
because it has not received any packets.
Per interface results:
Adapter : Server Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : XYZ-server
IP Address . . . . . . . . : 10.0.0.2
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . :
Primary WINS Server. . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.2
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Passed
Adapter : Network Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : XYZ-server
IP Address . . . . . . . . : ***.***.***.108
Subnet Mask. . . . . . . . : 255.255.255.192
Default Gateway. . . . . . : ***.***.***.65
Primary WINS Server. . . . : 10.0.0.2
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . : 10.0.0.2
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Adapter : {55F5CA30-53D3-4DDD-8AA6-4427B5BD4AFC}
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : XYZ-server
IP Address . . . . . . . . : 10.0.0.23
Subnet Mask. . . . . . . . : 255.255.255.255
Default Gateway. . . . . . :
NetBIOS over Tcpip . . . . : Disabled
Dns Servers. . . . . . . . :
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Skipped
[WARNING] No gateways defined for this adapter.
NetBT name test. . . . . . : Skipped
NetBT is disabled on this interface. [Test skipped]
WINS service test. . . . . : Skipped
NetBT is disable on this interface. [Test skipped].
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{6E8DAE0F-1754-48A4-AA82-7B1B2A80C9F5}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{6E8DAE0F-1754-48A4-AA82-7B1B2A80C9F5}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{6E8DAE0F-1754-48A4-AA82-7B1B2A80C9F5}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed
information
The command completed successfully
WIN2K DCDIAG servername changed to WIN2K etc etc >
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine WIN2K, is a DC.
* Connecting to directory service on server WIN2K.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WIN2K
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... WIN2K passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WIN2K
Starting test: Replications
* Replications Check
......................... WIN2K passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... WIN2K passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=XYZGB,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... WIN2K passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=XYZGB,DC=local
* Security Permissions Check for
CN=Configuration,DC=XYZGB,DC=local
* Security Permissions Check for
DC=XYZGB,DC=local
......................... WIN2K passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... WIN2K passed test NetLogons
Starting test: Advertising
The DC WIN2K is advertising itself as a DC and having a DS.
The DC WIN2K is advertising as an LDAP server
The DC WIN2K is advertising as having a writeable directory
The DC WIN2K is advertising as a Key Distribution Center
The DC WIN2K is advertising as a time server
......................... WIN2K passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Domain Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role PDC Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Rid Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=XYZ-
SERVER,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local
......................... WIN2K passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2609 to 1073741823
* XYZ-server.XYZGB.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1609 to 2108
* rIDNextRID: 1645
* rIDPreviousAllocationPool is 1609 to 2108
......................... WIN2K passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/WIN2K.XYZGB.local/XYZGB.local
* SPN found :LDAP/WIN2K.XYZGB.local
* SPN found :LDAP/WIN2K
* SPN found :LDAP/WIN2K.XYZGB.local/XYZGB
* SPN found :LDAP/bcf3c2c3-2aa9-4213-b4e9-
ddf4cd98457e._msdcs.XYZGB.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/
bcf3c2c3-2aa9-4213-b4e9-ddf4cd98457e/XYZGB.local
* SPN found :HOST/WIN2K.XYZGB.local/XYZGB.local
* SPN found :HOST/WIN2K.XYZGB.local
* SPN found :HOST/WIN2K
* SPN found :HOST/WIN2K.XYZGB.local/XYZGB
* SPN found :GC/WIN2K.XYZGB.local/XYZGB.local
......................... WIN2K passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... WIN2K passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... WIN2K passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
WIN2K is in domain DC=XYZGB,DC=local
Checking for CN=WIN2K,OU=Domain Controllers,DC=XYZGB,DC=local
in domain DC=XYZGB,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WIN2K,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=XYZGB,DC=local in domain
CN=Configuration,DC=XYZGB,DC=local on 1 servers
Object is up-to-date on all servers.
......................... WIN2K passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... WIN2K passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... WIN2K passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... WIN2K passed test systemlog
Running enterprise tests on : XYZGB.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope provided by the command line arguments provided.
......................... XYZGB.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error
1355
A Global Catalog Server could not be located - All GC's are
down.
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\WIN2K.XYZGB.local
Locator Flags: 0xe00001f8
Preferred Time Server Name: \\XYZ-server.XYZGB.local
Locator Flags: 0xe00003e5
KDC Name: \\WIN2K.XYZGB.local
Locator Flags: 0xe00001f8
......................... XYZGB.local failed test FsmoCheck
WIN2K NETDIAG >
........................................
Computer Name: WIN2K
DNS Host Name: WIN2K.XYZGB.local
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 6 Model 8 Stepping 10, GenuineIntel
List of installed hotfixes :
KB329115
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828741
KB828749
KB835732
KB837001
KB839643
KB839645
KB840315
KB840987
KB841356
KB841533
KB841872
KB841873
KB842526
KB871250
KB873339
KB885835
KB885836
KB889293-IE6SP1-20041111.235619
KB890175
KB891711
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : WIN2K
IP Address . . . . . . . . : 10.0.0.3
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.0.0.2
Primary WINS Server. . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.2
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{FAE6C290-4B8D-4CEF-90A2-E1613A134123}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.2' and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{FAE6C290-4B8D-4CEF-90A2-E1613A134123}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{FAE6C290-4B8D-4CEF-90A2-E1613A134123}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Passed
Secure channel for domain 'XYZGB' is to '\\XYZ-
server.XYZGB.local'.
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully
END....
Any ideas ?
Jim.
.
- Follow-Ups:
- Re: SBS2003 + tombstoned WIN2K DC
- From: kj [SBS MVP]
- Re: SBS2003 + tombstoned WIN2K DC
- References:
- SBS2003 + tombstoned WIN2K DC
- From: jdr . smith
- Re: SBS2003 + tombstoned WIN2K DC
- From: jdr . smith
- Re: SBS2003 + tombstoned WIN2K DC
- From: kj [SBS MVP]
- SBS2003 + tombstoned WIN2K DC
- Prev by Date: Re: Manually installing 3rd Party Certificate
- Next by Date: Re: DHCP & Sharepoint Issue - Server Error in '/'
- Previous by thread: Re: SBS2003 + tombstoned WIN2K DC
- Next by thread: Re: SBS2003 + tombstoned WIN2K DC
- Index(es):
Relevant Pages
|
Loading
