Re: SBS 2003 and Replication Errors with Remote DC
- From: "Ken Sheppard" <ksheppard31@xxxxxxxxxxx>
- Date: Sat, 12 Apr 2008 14:41:13 -0400
KJ, thanks for your reply. Here's the dcdiag output that you requested. I just promoted the remote DC last week, so I still have time to solve the replication issues.
Thanks.
Ken
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SBS
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SBS passed test Connectivity
Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BDC passed test Connectivity
Testing server: Alpharetta\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SBS
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
Site
CN=NTDS Site
Settings,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
was skipped because it never had an ISTG running in it.
......................... SBS passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SBS passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SBS passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SBS.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... SBS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SBS\netlogon
Verified share \\SBS\sysvol
......................... SBS passed test NetLogons
Starting test: Advertising
The DC SBS is advertising itself as a DC and having a DS.
The DC SBS is advertising as an LDAP server
The DC SBS is advertising as having a writeable directory
The DC SBS is advertising as a Key Distribution Center
The DC SBS is advertising as a time server
The DS SBS is advertising as a GC.
......................... SBS passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... SBS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3606 to 4105
* rIDPreviousAllocationPool is 3606 to 4105
* rIDNextRID: 3781
......................... SBS passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SBS on DC SBS.
* SPN found :LDAP/sbs.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/sbs.homrich-berg.local
* SPN found :LDAP/SBS
* SPN found :LDAP/sbs.homrich-berg.local/HB
* SPN found
:LDAP/deb39f46-0dc8-4e38-b87e-ec5594766894._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/deb39f46-0dc8-4e38-b87e-ec5594766894/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local
* SPN found :HOST/SBS
* SPN found :HOST/sbs.homrich-berg.local/HB
* SPN found :GC/sbs.homrich-berg.local/homrich-berg.local
......................... SBS passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SBS passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SBS passed test OutboundSecureChannels
Starting test: ObjectsReplicated
SBS is in domain DC=homrich-berg,DC=local
Checking for CN=SBS,OU=Domain Controllers,DC=homrich-berg,DC=local
in domain DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
......................... SBS passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SBS passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SBS passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8000061E
Time Generated: 04/12/2008 10:34:34
Event String: All domain controllers in the following site that
can replicate the directory partition over this
transport are currently unavailable.
Site:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Directory partition:
DC=homrich-berg,DC=local
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
An Error Event occured. EventID: 0xC000051F
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
DC=homrich-berg,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
An Warning Event occured. EventID: 0x8000061E
Time Generated: 04/12/2008 10:34:34
Event String: All domain controllers in the following site that
can replicate the directory partition over this
transport are currently unavailable.
Site:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Directory partition:
CN=Configuration,DC=homrich-berg,DC=local
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
An Error Event occured. EventID: 0xC000051F
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
CN=Configuration,DC=homrich-berg,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
An Warning Event occured. EventID: 0x80000785
Time Generated: 04/12/2008 10:34:55
Event String: The attempt to establish a replication link for
the following writable directory partition
failed.
Directory partition:
DC=homrich-berg,DC=local
Source domain controller:
CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Source domain controller address:
bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local
Intersite transport (if any):
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
This domain controller will be unable to
replicate with the source domain controller until
this problem is corrected.
User Action
Verify if the source domain controller is
accessible or network connectivity is available.
Additional Data
Error value:
1722 The RPC server is unavailable.
......................... SBS failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SBS passed test systemlog
Starting test: VerifyReplicas
......................... SBS passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SBS,OU=Domain Controllers,DC=homrich-berg,DC=local and backlink
on
CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=SBS,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on CN=SBS,OU=Domain
Controllers,DC=homrich-berg,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SBS,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... SBS passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important
DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a
given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article: Q312862
[3] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article Q312862
......................... SBS failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC BDC for domain homrich-berg.local in site
Default-First-Site-Name
Checking machine account for DC SBS on DC BDC.
* SPN found :LDAP/sbs.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/sbs.homrich-berg.local
* SPN found :LDAP/SBS
* SPN found :LDAP/sbs.homrich-berg.local/HB
* SPN found
:LDAP/deb39f46-0dc8-4e38-b87e-ec5594766894._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/deb39f46-0dc8-4e38-b87e-ec5594766894/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local
* SPN found :HOST/SBS
* SPN found :HOST/sbs.homrich-berg.local/HB
* SPN found :GC/sbs.homrich-berg.local/homrich-berg.local
Checking for CN=SBS,OU=Domain Controllers,DC=homrich-berg,DC=local
in domain DC=homrich-berg,DC=local on 2 servers
Object is up-to-date on all servers.
[SBS] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... SBS passed test CheckSecurityError
Testing server: Default-First-Site-Name\BDC
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
Site
CN=NTDS Site
Settings,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
was skipped because it never had an ISTG running in it.
......................... BDC passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BDC passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BDC passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... BDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BDC\netlogon
Verified share \\BDC\sysvol
......................... BDC passed test NetLogons
Starting test: Advertising
The DC BDC is advertising itself as a DC and having a DS.
The DC BDC is advertising as an LDAP server
The DC BDC is advertising as having a writeable directory
The DC BDC is advertising as a Key Distribution Center
The DC BDC is advertising as a time server
The DS BDC is advertising as a GC.
......................... BDC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... BDC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2606 to 3105
* rIDPreviousAllocationPool is 2606 to 3105
* rIDNextRID: 2698
......................... BDC passed test RidManager
Starting test: MachineAccount
Checking machine account for DC BDC on DC BDC.
* SPN found :LDAP/BDC.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/BDC.homrich-berg.local
* SPN found :LDAP/BDC
* SPN found :LDAP/BDC.homrich-berg.local/HB
* SPN found
:LDAP/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local
* SPN found :HOST/BDC
* SPN found :HOST/BDC.homrich-berg.local/HB
* SPN found :GC/BDC.homrich-berg.local/homrich-berg.local
......................... BDC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BDC passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... BDC passed test OutboundSecureChannels
Starting test: ObjectsReplicated
BDC is in domain DC=homrich-berg,DC=local
Checking for CN=BDC,OU=Domain Controllers,DC=homrich-berg,DC=local
in domain DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
......................... BDC passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BDC passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BDC passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... BDC passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... BDC passed test systemlog
Starting test: VerifyReplicas
......................... BDC passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BDC,OU=Domain Controllers,DC=homrich-berg,DC=local and backlink
on
CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=BDC,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on CN=BDC,OU=Domain
Controllers,DC=homrich-berg,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=BDC,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... BDC passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important
DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a
given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article: Q312862
[3] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article Q312862
......................... BDC failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC BDC for domain homrich-berg.local in site
Default-First-Site-Name
Checking machine account for DC BDC on DC BDC.
* SPN found :LDAP/BDC.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/BDC.homrich-berg.local
* SPN found :LDAP/BDC
* SPN found :LDAP/BDC.homrich-berg.local/HB
* SPN found
:LDAP/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local
* SPN found :HOST/BDC
* SPN found :HOST/BDC.homrich-berg.local/HB
* SPN found :GC/BDC.homrich-berg.local/homrich-berg.local
[BDC] No security related replication errors were found on this DC!
To target the connection to a specific source DC use /ReplSource:<DC>.
......................... BDC passed test CheckSecurityError
Testing server: Alpharetta\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or dc's no longer replicating this
nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... ALPHA passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ALPHA passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ALPHA passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
The DS ALPHA is advertising as a GC.
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... ALPHA passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4106 to 4605
* rIDPreviousAllocationPool is 4106 to 4605
* rIDNextRID: 4107
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/alpha.homrich-berg.local
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.homrich-berg.local/HB
* SPN found
:LDAP/bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/bc3a5606-08db-44ab-916b-e4775c58a550/homrich-berg.local
* SPN found :HOST/alpha.homrich-berg.local/homrich-berg.local
* SPN found :HOST/alpha.homrich-berg.local
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.homrich-berg.local/HB
* SPN found :GC/alpha.homrich-berg.local/homrich-berg.local
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... ALPHA passed test OutboundSecureChannels
Starting test: ObjectsReplicated
ALPHA is in domain DC=homrich-berg,DC=local
Checking for CN=ALPHA,OU=Domain
Controllers,DC=homrich-berg,DC=local in domain DC=homrich-berg,DC=local on 3
servers
Authoritative attribute nTSecurityDescriptor on ALPHA
(writeable)
usnLocalChange = 16386
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16386
timeLastOriginatingChange = 2008-04-08 16:35:54
VersionLastOriginatingChange = 2
Out-of-date attribute nTSecurityDescriptor on BDC (writeable)
usnLocalChange = 1872820
LastOriginatingDsa = BDC
usnOriginatingChange = 1872820
timeLastOriginatingChange = 2008-04-08 16:24:18
VersionLastOriginatingChange = 1
Out-of-date attribute nTSecurityDescriptor on SBS (writeable)
usnLocalChange = 8449225
LastOriginatingDsa = BDC
usnOriginatingChange = 1872820
timeLastOriginatingChange = 2008-04-08 16:24:18
VersionLastOriginatingChange = 1
Authoritative attribute servicePrincipalName on ALPHA
(writeable)
usnLocalChange = 16489
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16489
timeLastOriginatingChange = 2008-04-08 17:20:53
VersionLastOriginatingChange = 8
Out-of-date attribute servicePrincipalName on BDC (writeable)
usnLocalChange = 1872842
LastOriginatingDsa = BDC
usnOriginatingChange = 1872842
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 2
Out-of-date attribute servicePrincipalName on SBS (writeable)
usnLocalChange = 8449246
LastOriginatingDsa = BDC
usnOriginatingChange = 1872842
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 2
Checking for CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Authoritative attribute msDS-hasMasterNCs on ALPHA (writeable)
usnLocalChange = 16534
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16534
timeLastOriginatingChange = 2008-04-08 17:23:19
VersionLastOriginatingChange = 11
Out-of-date attribute msDS-hasMasterNCs on BDC (writeable)
usnLocalChange = 1872841
LastOriginatingDsa = BDC
usnOriginatingChange = 1872841
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 1
Out-of-date attribute msDS-hasMasterNCs on SBS (writeable)
usnLocalChange = 8449250
LastOriginatingDsa = BDC
usnOriginatingChange = 1872841
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 1
......................... ALPHA failed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/11/2008 11:02:29
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/11/2008 17:17:32
(Event String could not be retrieved)
......................... ALPHA failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:36
(Event String could not be retrieved)
......................... ALPHA failed test systemlog
Starting test: VerifyReplicas
......................... ALPHA passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local and
backlink
on
CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local are
correct.
The system object reference (serverReferenceBL)
CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... ALPHA passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various important
DN
references. Note, that these problems can be reported because of
latency in replication. So follow up to resolve the following
problems, only if the same problem is reported on all DCs for a
given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article: Q312862
[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and if so
clean up this DCs SYSVOL FRS Member Object. Also see Knowledge
Base Article Q312862
......................... ALPHA failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC ALPHA for domain homrich-berg.local in site Alpharetta
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found :LDAP/alpha.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/alpha.homrich-berg.local
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.homrich-berg.local/HB
* SPN found
:LDAP/bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/bc3a5606-08db-44ab-916b-e4775c58a550/homrich-berg.local
* SPN found :HOST/alpha.homrich-berg.local/homrich-berg.local
* SPN found :HOST/alpha.homrich-berg.local
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.homrich-berg.local/HB
* SPN found :GC/alpha.homrich-berg.local/homrich-berg.local
[ALPHA] No security related replication errors were found on this
DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... ALPHA passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : homrich-berg
Starting test: CrossRefValidation
......................... homrich-berg passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... homrich-berg passed test CheckSDRefDom
Running enterprise tests on : homrich-berg.local
Starting test: Intersite
Doing intersite inbound replication test on site Alpharetta:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site Alpharetta is: ALPHA.
Checking for down bridgeheads ...
Bridghead Default-First-Site-Name\SBS is up and replicating
fine.
Bridghead Alpharetta\ALPHA is up and replicating fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating into site
Alpharetta.
Doing intersite inbound replication test on site
Default-First-Site-Name:
Locating & Contacting Intersite Topology Generator (ISTG) ...
The ISTG for site Default-First-Site-Name is: SBS.
Checking for down bridgeheads ...
*Warning: Remote bridgehead Alpharetta\ALPHA is not eligible
as
a bridgehead due to too many failures. Replication may be
disrupted into the local site Default-First-Site-Name.
Bridghead Default-First-Site-Name\SBS is up and replicating
fine.
Doing in depth site analysis ...
Remote site Alpharetta is replicating to the local site
Default-First-Site-Name the writeable NC ForestDnsZones
correctly.
Remote site Alpharetta is replicating to the local site
Default-First-Site-Name the writeable NC DomainDnsZones
correctly.
Remote site Alpharetta is replicating to the local site
Default-First-Site-Name the writeable NC Schema correctly.
Remote site Alpharetta is replicating to the local site
Default-First-Site-Name the writeable NC Configuration
correctly.
Remote site Alpharetta is replicating to the local site
Default-First-Site-Name the writeable NC homrich-berg
correctly.
......................... homrich-berg.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
PDC Name: \\sbs.homrich-berg.local
Locator Flags: 0xe000017d
Time Server Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
KDC Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
......................... homrich-berg.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: sbs.homrich-berg.local
Domain: homrich-berg.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No WMI connectivity
[Error details: 0x800706ba (Type: HRESULT - Facility:
Win32, Description: The RPC server is unavailable.) - Connection to WMI
server failed]
DC: BDC.homrich-berg.local
Domain: homrich-berg.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Error: No WMI connectivity
[Error details: 0x800706ba (Type: HRESULT - Facility:
Win32, Description: The RPC server is unavailable.) - Connection to WMI
server failed]
DC: alpha.homrich-berg.local
Domain: homrich-berg.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Broadcom NetXtreme 57xx Gigabit
Controller:
MAC address is 00:11:43:B3:74:5D
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.2 (<name unavailable>) [Valid]
192.168.16.2 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Invalid]
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 192.228.79.201 [Invalid]
Name: c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90 [Invalid]
Name: e.root-servers.net. IP: 192.203.230.10 [Invalid]
Name: f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Invalid]
Name: h.root-servers.net. IP: 128.63.2.53 [Invalid]
Name: i.root-servers.net. IP: 192.36.148.17 [Invalid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid]
Name: m.root-servers.net. IP: 202.12.27.33 [Invalid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone homrich-berg.local.
Test record _dcdiag_test_record added successfully in zone
homrich-berg.local.
Test record _dcdiag_test_record deleted successfully in
zone homrich-berg.local.
TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom NetXtreme 57xx Gigabit
Controller:
Matching A record found at DNS server 192.168.1.2:
alpha.homrich-berg.local
Matching CNAME record found at DNS server 192.168.1.2:
bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local
Matching DC SRV record found at DNS server 192.168.1.2:
_ldap._tcp.dc._msdcs.homrich-berg.local
Matching GC SRV record found at DNS server 192.168.1.2:
_ldap._tcp.gc._msdcs.homrich-berg.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS server
failure.)]
DNS server: 192.168.1.1 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.1
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS server
failure.)]
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS name
does not exist.)]
DNS server: 192.168.1.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
DNS server: 192.168.16.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg
Ext
________________________________________________________________
Domain: homrich-berg.local
sbs PASS FAIL n/a n/a n/a n/a
n/a
BDC PASS FAIL n/a n/a n/a n/a
n/a
alpha PASS PASS FAIL PASS PASS PASS
n/a
......................... homrich-berg.local failed test DNS
"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message news:uYgZ5YFnIHA.484@xxxxxxxxxxxxxxxxxxxxxxx
shepcon wrote:I'm running SBS 2003 Premium w/SP1 (not R2). I have created a remote
branch office DC running Windows 2003 Standard. The sites are linked
with a hardware VPN alliance at the remote site back to my SBS with
ISA. The remote site is using 192.168.1.* and the SBS is running the
standard 192.168.16.*. When I promoted the remote server using DC
promo, everything went fine and I rebooted. I have setup DNS on the
remote office and created a new site, subnets, intersite messaging
and reverse DNS at the main site in SBS. I can ping successfully in
both directions.
The problem I'm having now is that it doesn't appear that replication
is occuring on the changes that I'm making to AD Users and Computers
in the branch office. DCPROMO did create the <automatically
generated> links between my three DCs (SBS and another W2003 server
in my main office and my remote W2003 server). However, the branch
office DC replicates with the additional DC in my main office and not
my SBS, which was set this way by DCPROMO. The standard DC shares
were created by DCPROMO like SYSVOL and NETLOGON.
I'm currently getting NTDS KCC 1272 entries in my Event Viewer that
state "The following directory partition is no longer replicated from
the source domain controller..."
Any help at resolving these replication issues would be greatly
appreciated. I did use Marina Roos' documents on the branch office
server setups, which was quite helpful.
Thanks.
Ken
start with a dcdiag /c /e /v
post the complete output and we'll go from there.
urgency may also be an issue, how long has it not been replicating?
--
/kj
.
- Follow-Ups:
- Re: SBS 2003 and Replication Errors with Remote DC
- From: kj [SBS MVP]
- Re: SBS 2003 and Replication Errors with Remote DC
- References:
- SBS 2003 and Replication Errors with Remote DC
- From: shepcon
- Re: SBS 2003 and Replication Errors with Remote DC
- From: kj [SBS MVP]
- SBS 2003 and Replication Errors with Remote DC
- Prev by Date: 2nd DC and DNS in a SBS 2003 Network
- Next by Date: Re: SBS 2003 and Replication Errors with Remote DC
- Previous by thread: Re: SBS 2003 and Replication Errors with Remote DC
- Next by thread: Re: SBS 2003 and Replication Errors with Remote DC
- Index(es):
Relevant Pages
|
