Errors listed in DC Diag
-
Tuesday, February 12, 2013 4:42 PM
I am running DCDiag on the domain controller (windows server 2012) "dcdiag /c /q" and getting some errors. At one time there were 2 DC's but I removed the secondary using remove features. Apparently it has left some information around. I have used various editing tools to clean up DNS, AD etc. but apparently have not gotten all traces removed. DFS Replication log has the following error.
The DFS Replication service stopped replication on the folder with the following local path: C:\Windows\SYSVOL\domain. This server has been disconnected from other partners for 269 days, which is longer than the time allowed by the MaxOfflineTimeInDays parameter (60). DFS Replication considers the data in this folder to be stale, and this server will not replicate the folder until this error is corrected. To resume replication of this folder, use the DFS Management snap-in to remove this server from the replication group, and then add it back to the group. This causes the server to perform an initial synchronization task, which replaces the stale data with fresh data from other members of the replication group.
Additional Information: Error: 9061 (The replicated folder has been offline for too long.) Replicated Folder Name: SYSVOL Share Replicated Folder ID: FACC371C-F638-46C7-97B1-1534C3AF3F86 Replication Group Name: Domain System Volume Replication Group ID: 4EF77CB2-0DF2-40ED-A485-F4032006F486 Member ID: 3576F064-A42B-4574-BE77-79C192C7ADBF
DCDiag output is as follows, note IP V6 is not enabled on the machine.
[MYCATDC1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... MYCATDC1 failed test DFSREvent** Did not run Outbound Secure Channels test because /testdomain: was
not entered
An error event occurred. EventID: 0xC0000001
Time Generated: 02/12/2013 11:13:58
Event String:
Initiator failed to connect to the target. Target IP address and TCP Port number are given in dump data.
An error event occurred. EventID: 0x0000272C
Time Generated: 02/12/2013 11:18:37
Event String:
DCOM was unable to communicate with the computer 192.192.192.13 using any of the configured protocols; requested by PID da8 (C:\Windows\system32\dcdiag.exe).
......................... MYCATDC1 failed test SystemLog
ERROR: NO DNS servers for IPV6 stack was found
Test results for domain controllers:
DC: myCatDC1.mycatalyst.comDomain: mycatalyst.com
TEST: Forwarders/Root hints (Forw)
Error: Both root hints and forwarders are not configured orbroken. Please make sure at least one of them works.
TEST: Delegations (Del)
Error: DNS server: win-d5dp8hl172t.mycatalyst.com.IP:<Unavailable> [Missing glue A record]
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mycatalyst.commyCatDC1 PASS PASS FAIL FAIL PASS WARN n/a
......................... mycatalyst.com failed test DNS
Lee
All Replies
-
Tuesday, February 12, 2013 7:00 PMModerator
Is this is a single DC in your forest, there is nothing to replicate too, so you can ignore this error. If you only have a single DC and it goes down your users will no longer be able to create any new connections to resources and all that are 10 hours or older will lose any current connections they have. I would suggest you always have at least two DC's in each domain.
--
Paul Bergson
MVP - Directory Services
MCITP: Enterprise Administrator
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com Twitter @pbbergs
http://blogs.dirteam.com/blogs/paulbergson
Please no e-mails, any questions should be posted in the NewsGroup. This posting is provided "AS IS" with no warranties, and confers no rights. -
Thursday, February 14, 2013 6:25 AMModerator
As you said it seems that the second DC is not removed completely as your main DC is still trying to replicate with it. You could simply ingore it as currently it do not need to replicate.
Here is an article you could have a try to remove the demoted DC:
How to remove data in Active Directory after an unsuccessful domain controller demotion
http://support.microsoft.com/kb/216498
TechNet Subscriber Support in forum |If you have any feedback on our support, please contact tnmff@microsoft.com.
- Marked As Answer by Shaon ShanMicrosoft Contingent Staff, Moderator Tuesday, February 26, 2013 1:41 AM
- Unmarked As Answer by Lee Taylor Tuesday, February 26, 2013 4:06 PM
-
Thursday, February 14, 2013 8:19 AM
Also see the for metedata cleanup
Regards
Biswajit Biswas
My Blogs|MCC
|TNWiki
Ninja Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
- Edited by i.biswajith Thursday, February 14, 2013 8:19 AM
- Marked As Answer by Shaon ShanMicrosoft Contingent Staff, Moderator Tuesday, February 26, 2013 1:41 AM
- Unmarked As Answer by Lee Taylor Tuesday, February 26, 2013 4:06 PM
-
Tuesday, February 26, 2013 4:10 PM
After working with MS Support on this issue... The problem was IPv6. I was not using IPv6 and had it disabled on all my NIC's. Apparently this does not keep the machine from using IPv6 and apparently this is the primary transport, therefore my machine was not talking to the domain controller. The answer was to enabled IPv6 on my NIC which communicated to the DC or enter a registry setting that disabled the use of IPv6. I chose to simply enable IPv6 on the domain connected NIC's and that fixed the issue.
Lee
- Marked As Answer by Lee Taylor Tuesday, February 26, 2013 4:11 PM
.png)
