Re: SBS 2003 and Replication Errors with Remote DC

---

• From: "Ken Sheppard" <ksheppard31@xxxxxxxxxxx>
• Date: Sun, 13 Apr 2008 07:16:11 -0400

---

KJ, I did make the changes that you suggested on the DNS of my alpha server and rebooted. Following the reboot, I did run the simple DNS test that you suggested by adding a host (A) record to my SBS server. Following a short period the record did replicate over to alpha successfully. However, when I manually deleted the record from alpha, the deletion did not replicate back to sbs. It appears that changes only replicate in one direction. Also, I continue to get NTDS KCC errors1925 1865 and 1311 about every 15 minutes on my DCs.

Any further suggestions would be greatly appreciated.

Ken


"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message news:uh7z4hNnIHA.5268@xxxxxxxxxxxxxxxxxxxxxxx

Ken Sheppard wrote:

I have setup the primary DNS on the alpha server to point DNS to my
SBS server. Should I also point my forwarders on alpha to sbs or
keep it pointing to my ISP DNS?

Ken

Doesn't matter at this point, you can leave it as it. You should restart the alpha server as soon as you can to get things going.

A simple DNS replication test is to create a host record in the SBS server and wait till it shows up in the remote (alpha) server. Then use the alpha server to delete the host (A) record and ensure that it is removed from the SBS dns copy.

"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
news:eu9SmBNnIHA.3532@xxxxxxxxxxxxxxxxxxxxxxx

Ken Sheppard wrote:

KJ, thanks for your reply. Here's the dcdiag output that you
requested. I just promoted the remote DC last week, so I still
have time to solve
the replication issues.

Thanks.

Ken

Event String: All domain controllers in the following
site that can replicate the directory partition over this
transport are currently unavailable.

Site:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

Or, one or more domain

controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.

I have

setup DNS on the remote office and created a new site, subnets,

DNS should be setup as AD integrated and replicated. You should need
to do nothing more than install DNS and that should be done before
dcpromo.

DNS servers:
192.168.1.2 (<name unavailable>) [Valid]
192.168.16.2 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found The Active Directory zone on this DC/DNS
server was found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Invalid]

So, either fixup the alpha site dns or point it to use the SBS dns
server and allow replication to complete (including the DNS forest
and domain zones) before pointing it back to using itself for DNS.

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine alpha, is a DC.
* Connecting to directory service on server alpha.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SBS
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SBS passed test Connectivity

Testing server: Default-First-Site-Name\BDC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BDC passed test Connectivity

Testing server: Alpharetta\ALPHA
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ALPHA passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SBS
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
Site
CN=NTDS Site
Settings,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
was skipped because it never had an ISTG running in it.
......................... SBS passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=homrich-berg,DC=local. * Performing upstream (of target)
analysis. * Performing downstream (of target) analysis.
......................... SBS passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SBS passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SBS.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... SBS passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SBS\netlogon
Verified share \\SBS\sysvol
......................... SBS passed test NetLogons
Starting test: Advertising
The DC SBS is advertising itself as a DC and having a DS.
The DC SBS is advertising as an LDAP server
The DC SBS is advertising as having a writeable directory
The DC SBS is advertising as a Key Distribution Center
The DC SBS is advertising as a time server
The DS SBS is advertising as a GC.
......................... SBS passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... SBS passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3606 to 4105
* rIDPreviousAllocationPool is 3606 to 4105
* rIDNextRID: 3781
......................... SBS passed test RidManager
Starting test: MachineAccount
Checking machine account for DC SBS on DC SBS.
* SPN found :LDAP/sbs.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/sbs.homrich-berg.local
* SPN found :LDAP/SBS
* SPN found :LDAP/sbs.homrich-berg.local/HB
* SPN found

LDAP/deb39f46-0dc8-4e38-b87e-ec5594766894._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/deb39f46-0dc8-4e38-b87e-ec5594766894/homrich-berg.local

* SPN found :HOST/sbs.homrich-berg.local/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local
* SPN found :HOST/SBS
* SPN found :HOST/sbs.homrich-berg.local/HB
* SPN found :GC/sbs.homrich-berg.local/homrich-berg.local
......................... SBS passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SBS passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... SBS passed test
OutboundSecureChannels Starting test: ObjectsReplicated
SBS is in domain DC=homrich-berg,DC=local
Checking for CN=SBS,OU=Domain
Controllers,DC=homrich-berg,DC=local in domain
DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
......................... SBS passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SBS passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... SBS passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x8000061E
Time Generated: 04/12/2008 10:34:34
Event String: All domain controllers in the following
site that can replicate the directory partition over this
transport are currently unavailable.

Site:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

Directory partition:
DC=homrich-berg,DC=local
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

An Error Event occured. EventID: 0xC000051F
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.

Directory partition:
DC=homrich-berg,DC=local

There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.

User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.

If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.

Sites:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local








An Warning Event occured. EventID: 0x8000061E
Time Generated: 04/12/2008 10:34:34
Event String: All domain controllers in the following
site that can replicate the directory partition over this
transport are currently unavailable.

Site:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

Directory partition:
CN=Configuration,DC=homrich-berg,DC=local
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

An Error Event occured. EventID: 0xC000051F
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.

Directory partition:
CN=Configuration,DC=homrich-berg,DC=local

There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.

User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.

If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 04/12/2008 10:34:34
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.

Sites:
CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local








An Warning Event occured. EventID: 0x80000785
Time Generated: 04/12/2008 10:34:55
Event String: The attempt to establish a replication link
for the following writable directory partition
failed.

Directory partition:
DC=homrich-berg,DC=local
Source domain controller:
CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local

Source domain controller address:
bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local

Intersite transport (if any):
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local


This domain controller will be unable to
replicate with the source domain controller until
this problem is corrected.

User Action
Verify if the source domain controller is
accessible or network connectivity is available.

Additional Data
Error value:
1722 The RPC server is unavailable.
......................... SBS failed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... SBS passed test systemlog
Starting test: VerifyReplicas
......................... SBS passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SBS,OU=Domain Controllers,DC=homrich-berg,DC=local and
backlink on

CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct. The system object reference
(frsComputerReferenceBL) CN=SBS,CN=Domain System Volume (SYSVOL
share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local and backlink on
CN=SBS,OU=Domain Controllers,DC=homrich-berg,DC=local are
correct. The system object reference (serverReferenceBL)
CN=SBS,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... SBS passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various
important DN
references. Note, that these problems can be reported
because of latency in replication. So follow up to resolve
the following problems, only if the same problem is reported
on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article: Q312862

[3] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article Q312862

......................... SBS failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC BDC for domain homrich-berg.local in site
Default-First-Site-Name
Checking machine account for DC SBS on DC BDC.
* SPN found :LDAP/sbs.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/sbs.homrich-berg.local
* SPN found :LDAP/SBS
* SPN found :LDAP/sbs.homrich-berg.local/HB
* SPN found

LDAP/deb39f46-0dc8-4e38-b87e-ec5594766894._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/deb39f46-0dc8-4e38-b87e-ec5594766894/homrich-berg.local

* SPN found :HOST/sbs.homrich-berg.local/homrich-berg.local
* SPN found :HOST/sbs.homrich-berg.local
* SPN found :HOST/SBS
* SPN found :HOST/sbs.homrich-berg.local/HB
* SPN found :GC/sbs.homrich-berg.local/homrich-berg.local
Checking for CN=SBS,OU=Domain
Controllers,DC=homrich-berg,DC=local in domain
DC=homrich-berg,DC=local on 2 servers
Object is up-to-date on all servers.
[SBS] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SBS passed test CheckSecurityError

Testing server: Default-First-Site-Name\BDC
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
Site
CN=NTDS Site
Settings,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
was skipped because it never had an ISTG running in it.
......................... BDC passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=homrich-berg,DC=local. * Performing upstream (of target)
analysis. * Performing downstream (of target) analysis.
......................... BDC passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... BDC passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC BDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... BDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\BDC\netlogon
Verified share \\BDC\sysvol
......................... BDC passed test NetLogons
Starting test: Advertising
The DC BDC is advertising itself as a DC and having a DS.
The DC BDC is advertising as an LDAP server
The DC BDC is advertising as having a writeable directory
The DC BDC is advertising as a Key Distribution Center
The DC BDC is advertising as a time server
The DS BDC is advertising as a GC.
......................... BDC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... BDC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2606 to 3105
* rIDPreviousAllocationPool is 2606 to 3105
* rIDNextRID: 2698
......................... BDC passed test RidManager
Starting test: MachineAccount
Checking machine account for DC BDC on DC BDC.
* SPN found :LDAP/BDC.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/BDC.homrich-berg.local
* SPN found :LDAP/BDC
* SPN found :LDAP/BDC.homrich-berg.local/HB
* SPN found

LDAP/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5/homrich-berg.local

* SPN found :HOST/BDC.homrich-berg.local/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local
* SPN found :HOST/BDC
* SPN found :HOST/BDC.homrich-berg.local/HB
* SPN found :GC/BDC.homrich-berg.local/homrich-berg.local
......................... BDC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... BDC passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... BDC passed test
OutboundSecureChannels Starting test: ObjectsReplicated
BDC is in domain DC=homrich-berg,DC=local
Checking for CN=BDC,OU=Domain
Controllers,DC=homrich-berg,DC=local in domain
DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Object is up-to-date on all servers.
......................... BDC passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... BDC passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... BDC passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... BDC passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... BDC passed test systemlog
Starting test: VerifyReplicas
......................... BDC passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=BDC,OU=Domain Controllers,DC=homrich-berg,DC=local and
backlink on

CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct. The system object reference
(frsComputerReferenceBL) CN=BDC,CN=Domain System Volume (SYSVOL
share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local and backlink on
CN=BDC,OU=Domain Controllers,DC=homrich-berg,DC=local are
correct. The system object reference (serverReferenceBL)
CN=BDC,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=BDC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... BDC passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various
important DN
references. Note, that these problems can be reported
because of latency in replication. So follow up to resolve
the following problems, only if the same problem is reported
on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article: Q312862

[3] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article Q312862

......................... BDC failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC BDC for domain homrich-berg.local in site
Default-First-Site-Name
Checking machine account for DC BDC on DC BDC.
* SPN found :LDAP/BDC.homrich-berg.local/homrich-berg.local
* SPN found :LDAP/BDC.homrich-berg.local
* SPN found :LDAP/BDC
* SPN found :LDAP/BDC.homrich-berg.local/HB
* SPN found

LDAP/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/766fe7e3-d65c-44d3-9a9c-83f4c7ee4fc5/homrich-berg.local

* SPN found :HOST/BDC.homrich-berg.local/homrich-berg.local
* SPN found :HOST/BDC.homrich-berg.local
* SPN found :HOST/BDC
* SPN found :HOST/BDC.homrich-berg.local/HB
* SPN found :GC/BDC.homrich-berg.local/homrich-berg.local
[BDC] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... BDC passed test CheckSecurityError

Testing server: Alpharetta\ALPHA
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
DC=homrich-berg,DC=local
Latency information for 1 entries in the vector were
ignored. 1 were retired Invocations. 0 were
either: read-only replicas and are not verifiably latent, or dc's
no longer replicating
this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... ALPHA passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=homrich-berg,DC=local. * Performing upstream (of target)
analysis. * Performing downstream (of target) analysis.
......................... ALPHA passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=homrich-berg,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... ALPHA passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC ALPHA.
* Security Permissions Check for
DC=ForestDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=homrich-berg,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=homrich-berg,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=homrich-berg,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=homrich-berg,DC=local
(Domain,Version 2)
......................... ALPHA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\ALPHA\netlogon
Verified share \\ALPHA\sysvol
......................... ALPHA passed test NetLogons
Starting test: Advertising
The DC ALPHA is advertising itself as a DC and having a DS.
The DC ALPHA is advertising as an LDAP server
The DC ALPHA is advertising as having a writeable directory
The DC ALPHA is advertising as a Key Distribution Center
The DC ALPHA is advertising as a time server
The DS ALPHA is advertising as a GC.
......................... ALPHA passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SBS,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
......................... ALPHA passed test
KnowsOfRoleHolders Starting test: RidManager
* Available RID Pool for the Domain is 4606 to 1073741823
* sbs.homrich-berg.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4106 to 4605
* rIDPreviousAllocationPool is 4106 to 4605
* rIDNextRID: 4107
......................... ALPHA passed test RidManager
Starting test: MachineAccount
Checking machine account for DC ALPHA on DC ALPHA.
* SPN found
:LDAP/alpha.homrich-berg.local/homrich-berg.local * SPN found :LDAP/alpha.homrich-berg.local
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.homrich-berg.local/HB
* SPN found

LDAP/bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/bc3a5606-08db-44ab-916b-e4775c58a550/homrich-berg.local

* SPN found
:HOST/alpha.homrich-berg.local/homrich-berg.local * SPN found :HOST/alpha.homrich-berg.local
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.homrich-berg.local/HB
* SPN found :GC/alpha.homrich-berg.local/homrich-berg.local
......................... ALPHA passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ALPHA passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... ALPHA passed test
OutboundSecureChannels Starting test: ObjectsReplicated
ALPHA is in domain DC=homrich-berg,DC=local
Checking for CN=ALPHA,OU=Domain
Controllers,DC=homrich-berg,DC=local in domain
DC=homrich-berg,DC=local on 3 servers
Authoritative attribute nTSecurityDescriptor on ALPHA
(writeable)
usnLocalChange = 16386
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16386
timeLastOriginatingChange = 2008-04-08 16:35:54
VersionLastOriginatingChange = 2
Out-of-date attribute nTSecurityDescriptor on BDC
(writeable) usnLocalChange = 1872820
LastOriginatingDsa = BDC
usnOriginatingChange = 1872820
timeLastOriginatingChange = 2008-04-08 16:24:18
VersionLastOriginatingChange = 1
Out-of-date attribute nTSecurityDescriptor on SBS
(writeable) usnLocalChange = 8449225
LastOriginatingDsa = BDC
usnOriginatingChange = 1872820
timeLastOriginatingChange = 2008-04-08 16:24:18
VersionLastOriginatingChange = 1
Authoritative attribute servicePrincipalName on ALPHA
(writeable)
usnLocalChange = 16489
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16489
timeLastOriginatingChange = 2008-04-08 17:20:53
VersionLastOriginatingChange = 8
Out-of-date attribute servicePrincipalName on BDC
(writeable) usnLocalChange = 1872842
LastOriginatingDsa = BDC
usnOriginatingChange = 1872842
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 2
Out-of-date attribute servicePrincipalName on SBS
(writeable) usnLocalChange = 8449246
LastOriginatingDsa = BDC
usnOriginatingChange = 1872842
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 2
Checking for CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
in domain CN=Configuration,DC=homrich-berg,DC=local on 3 servers
Authoritative attribute msDS-hasMasterNCs on ALPHA
(writeable) usnLocalChange = 16534
LastOriginatingDsa = ALPHA
usnOriginatingChange = 16534
timeLastOriginatingChange = 2008-04-08 17:23:19
VersionLastOriginatingChange = 11
Out-of-date attribute msDS-hasMasterNCs on BDC
(writeable) usnLocalChange = 1872841
LastOriginatingDsa = BDC
usnOriginatingChange = 1872841
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 1
Out-of-date attribute msDS-hasMasterNCs on SBS
(writeable) usnLocalChange = 8449250
LastOriginatingDsa = BDC
usnOriginatingChange = 1872841
timeLastOriginatingChange = 2008-04-08 16:25:46
VersionLastOriginatingChange = 1
......................... ALPHA failed test
ObjectsReplicated Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ALPHA passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the
SYSVOL has been shared. Failing SYSVOL replication problems
may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/11/2008 11:02:29
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 04/11/2008 17:17:32
(Event String could not be retrieved)
......................... ALPHA failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... ALPHA passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 04/12/2008 10:35:36
(Event String could not be retrieved)
......................... ALPHA failed test systemlog
Starting test: VerifyReplicas
......................... ALPHA passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local and
backlink
on

CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct. The system object reference
(frsComputerReferenceBL) CN=ALPHA,CN=Domain System Volume
(SYSVOL share),CN=File Replication
Service,CN=System,DC=homrich-berg,DC=local and backlink on
CN=ALPHA,OU=Domain Controllers,DC=homrich-berg,DC=local are correct. The system object reference (serverReferenceBL)
CN=ALPHA,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
and backlink on
CN=NTDS
Settings,CN=ALPHA,CN=Servers,CN=Alpharetta,CN=Sites,CN=Configuration,DC=homrich-berg,DC=local
are correct.
......................... ALPHA passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
The following problems were found while verifying various
important DN
references. Note, that these problems can be reported
because of latency in replication. So follow up to resolve
the following problems, only if the same problem is reported
on all DCs for a given
domain or if the problem persists after replication has had
reasonable time to replicate changes.
[1] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: frsComputerReference
Value Object Description: "DC Account Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article: Q312862

[2] Problem: Missing Expected Value
Base Object:
CN=CDRP,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=homrich-berg,DC=local
Base Object Description: "SYSVOL FRS Member Object"
Value Object Attribute Name: serverReference
Value Object Description: "DSA Object"
Recommended Action: Check if this server is deleted, and
if so clean up this DCs SYSVOL FRS Member Object. Also
see Knowledge Base Article Q312862

......................... ALPHA failed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC ALPHA for domain homrich-berg.local in site
Alpharetta Checking machine account for DC ALPHA on DC
ALPHA. * SPN found
:LDAP/alpha.homrich-berg.local/homrich-berg.local * SPN found :LDAP/alpha.homrich-berg.local
* SPN found :LDAP/ALPHA
* SPN found :LDAP/alpha.homrich-berg.local/HB
* SPN found

LDAP/bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local

* SPN found

E3514235-4B06-11D1-AB04-00C04FC2DCD2/bc3a5606-08db-44ab-916b-e4775c58a550/homrich-berg.local

* SPN found
:HOST/alpha.homrich-berg.local/homrich-berg.local * SPN found :HOST/alpha.homrich-berg.local
* SPN found :HOST/ALPHA
* SPN found :HOST/alpha.homrich-berg.local/HB
* SPN found :GC/alpha.homrich-berg.local/homrich-berg.local
[ALPHA] No security related replication errors were found on
this DC! To target the connection to a specific source DC use
/ReplSource:<DC>. ......................... ALPHA passed
test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test
CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test
CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : homrich-berg
Starting test: CrossRefValidation
......................... homrich-berg passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... homrich-berg passed test
CheckSDRefDom
Running enterprise tests on : homrich-berg.local
Starting test: Intersite
Doing intersite inbound replication test on site Alpharetta:
Locating & Contacting Intersite Topology Generator (ISTG)
... The ISTG for site Alpharetta is: ALPHA.
Checking for down bridgeheads ...
Bridghead Default-First-Site-Name\SBS is up and
replicating fine.
Bridghead Alpharetta\ALPHA is up and replicating fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating
into site Alpharetta.
Doing intersite inbound replication test on site
Default-First-Site-Name:
Locating & Contacting Intersite Topology Generator (ISTG)
... The ISTG for site Default-First-Site-Name is: SBS.
Checking for down bridgeheads ...
*Warning: Remote bridgehead Alpharetta\ALPHA is not
eligible as
a bridgehead due to too many failures. Replication
may be disrupted into the local site
Default-First-Site-Name. Bridghead
Default-First-Site-Name\SBS is up and replicating
fine. Doing in depth site analysis ...
Remote site Alpharetta is replicating to the local
site Default-First-Site-Name the writeable NC
ForestDnsZones correctly.
Remote site Alpharetta is replicating to the local
site Default-First-Site-Name the writeable NC
DomainDnsZones correctly.
Remote site Alpharetta is replicating to the local
site Default-First-Site-Name the writeable NC Schema
correctly. Remote site Alpharetta is replicating to
the local site Default-First-Site-Name the writeable
NC Configuration correctly.
Remote site Alpharetta is replicating to the local
site Default-First-Site-Name the writeable NC
homrich-berg correctly.
......................... homrich-berg.local passed test
Intersite Starting test: FsmoCheck
GC Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
PDC Name: \\sbs.homrich-berg.local
Locator Flags: 0xe000017d
Time Server Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
KDC Name: \\alpha.homrich-berg.local
Locator Flags: 0xe00001fc
......................... homrich-berg.local passed test
FsmoCheck Starting test: DNS
Test results for domain controllers:

DC: sbs.homrich-berg.local
Domain: homrich-berg.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Error: No WMI connectivity
[Error details: 0x800706ba (Type: HRESULT -
Facility: Win32, Description: The RPC server is unavailable.) -
Connection to WMI server failed]


DC: BDC.homrich-berg.local
Domain: homrich-berg.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Error: No WMI connectivity
[Error details: 0x800706ba (Type: HRESULT -
Facility: Win32, Description: The RPC server is unavailable.) -
Connection to WMI server failed]


DC: alpha.homrich-berg.local
Domain: homrich-berg.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000007] Broadcom NetXtreme 57xx Gigabit
Controller:
MAC address is 00:11:43:B3:74:5D
IP address is static
IP address: 192.168.1.2
DNS servers:
192.168.1.2 (<name unavailable>) [Valid]
192.168.16.2 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found The Active Directory zone on this DC/DNS
server was found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.1.1 (<name unavailable>) [Invalid]
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4
[Invalid] Name: b.root-servers.net. IP:
192.228.79.201 [Invalid] Name:
c.root-servers.net. IP: 192.33.4.12 [Invalid]
Name: d.root-servers.net. IP: 128.8.10.90
[Invalid] Name: e.root-servers.net. IP:
192.203.230.10 [Invalid] Name:
f.root-servers.net. IP: 192.5.5.241 [Invalid]
Name: g.root-servers.net. IP: 192.112.36.4
[Invalid] Name: h.root-servers.net. IP:
128.63.2.53 [Invalid] Name: i.root-servers.net.
IP: 192.36.148.17 [Invalid] Name:
j.root-servers.net. IP: 192.58.128.30 [Invalid]
Name: k.root-servers.net. IP: 193.0.14.129 [Invalid] Name:
l.root-servers.net. IP: 198.32.64.12 [Invalid] Name:
m.root-servers.net. IP: 202.12.27.33 [Invalid] TEST:
Delegations (Del) No delegations were found in
this zone on this DNS server
TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone
homrich-berg.local. Test record _dcdiag_test_record
added successfully in zone homrich-berg.local.
Test record _dcdiag_test_record deleted
successfully in zone homrich-berg.local.

TEST: Records registration (RReg)
Network Adapter [00000007] Broadcom NetXtreme 57xx
Gigabit Controller:
Matching A record found at DNS server
192.168.1.2: alpha.homrich-berg.local

Matching CNAME record found at DNS server
192.168.1.2:
bc3a5606-08db-44ab-916b-e4775c58a550._msdcs.homrich-berg.local
Matching DC SRV record found at DNS server
192.168.1.2:
_ldap._tcp.dc._msdcs.homrich-berg.local
Matching GC SRV record found at DNS server
192.168.1.2:
_ldap._tcp.gc._msdcs.homrich-berg.local

Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4
[Error details: 9002 (Type: Win32 - Description: DNS
server failure.)]

DNS server: 192.168.1.1 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.1.1
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS
server failure.)]

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for
the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]

DNS server: 192.168.1.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record
for the forest root domain is registered

DNS server: 192.168.16.2 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record
for the forest root domain is registered

Summary of DNS test results:

Auth Basc Forw Del Dyn
RReg Ext

________________________________________________________________
Domain: homrich-berg.local sbs PASS FAIL
n/a n/a n/a n/a n/a
BDC PASS FAIL n/a n/a n/a
n/a n/a
alpha PASS PASS FAIL PASS PASS
PASS n/a

......................... homrich-berg.local failed test DNS



"kj [SBS MVP]" <KevinJ.SBS@xxxxxxxxxxxxxxxxxx> wrote in message
news:uYgZ5YFnIHA.484@xxxxxxxxxxxxxxxxxxxxxxx

shepcon wrote:

I'm running SBS 2003 Premium w/SP1 (not R2). I have created a
remote branch office DC running Windows 2003 Standard. The sites
are linked with a hardware VPN alliance at the remote site back to
my SBS with ISA. The remote site is using 192.168.1.* and the SBS
is running the standard 192.168.16.*. When I promoted the remote
server using DC promo, everything went fine and I rebooted. I
have setup DNS on the remote office and created a new site,
subnets, intersite messaging and reverse DNS at the main site in
SBS. I can ping successfully in both directions.

The problem I'm having now is that it doesn't appear that
replication is occuring on the changes that I'm making to AD Users
and Computers in the branch office. DCPROMO did create the
<automatically generated> links between my three DCs (SBS and
another W2003 server in my main office and my remote W2003
server). However, the branch office DC replicates with the
additional DC in my main office and not my SBS, which was set
this way by DCPROMO. The standard DC shares were created by
DCPROMO like SYSVOL and NETLOGON. I'm currently getting NTDS KCC 1272 entries in my Event
Viewer that
state "The following directory partition is no longer replicated
from the source domain controller..."

Any help at resolving these replication issues would be greatly
appreciated. I did use Marina Roos' documents on the branch office
server setups, which was quite helpful.

Thanks.

Ken

start with a dcdiag /c /e /v

post the complete output and we'll go from there.

urgency may also be an issue, how long has it not been replicating?

--
/kj

--
/kj

--
/kj

.

---

• References:
  • SBS 2003 and Replication Errors with Remote DC
    • From: shepcon
  • Re: SBS 2003 and Replication Errors with Remote DC
    • From: kj [SBS MVP]
  • Re: SBS 2003 and Replication Errors with Remote DC
    • From: Ken Sheppard
  • Re: SBS 2003 and Replication Errors with Remote DC
    • From: kj [SBS MVP]
  • Re: SBS 2003 and Replication Errors with Remote DC
    • From: Ken Sheppard
  • Re: SBS 2003 and Replication Errors with Remote DC
    • From: kj [SBS MVP]

• Prev by Date: ISABPA question
• Next by Date: Re: ISA 2004 setup fails on brand new SBS 2003 Premium installatio
• Previous by thread: Re: SBS 2003 and Replication Errors with Remote DC
• Next by thread: SQL on SBS 2003
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: how do i move primary DC from one machine to another ... Test omitted by user request: DNS ... Connecting to directory service on server WIN2003DC. ... Replication Site Latency Check ... (microsoft.public.windows.server.general) Re: error 8254 DNS Lookup failure ... FYI, I repointed the DNS to one server, deleted the contents of _MSDCS ... > in the same site, Replication has been fine up until yesterday, the ... > Starting test: CrossRefValidation ... (microsoft.public.win2000.dns) Re: WINS and DNS issue ... When I said the that DNS server is configured to to replicate to all other ... Ive had a look at the options under replication, ... It says to set this if you want a 2000 server to load the zone. ... (microsoft.public.win2000.dns) Re: WINS and DNS issue ... > When I said the that DNS server is configured to to replicate to all other ... > properties for our forward lookup zone - We dont actually have another ... replication if you have only one DNS server. ... (microsoft.public.win2000.dns) Re: SBS 2003 and Replication Errors with Remote DC ... I just promoted the remote DC last week, so I still have time to solve the replication issues. ... Domain Controller Diagnosis ... Connecting to directory service on server alpha. ... Performing upstream analysis. ... (microsoft.public.windows.server.sbs)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2008-04