none
Domain Controller failed advertising test

    Question

  • hi,

    I have two domain controllers, windows 2003, with the same problem. When i run dcdiag, i get the follow error:

    Command Line: "dcdiag.exe /V /C /D /E /s:SERVER01"

    Domain Controller Diagnosis

    Performing initial setup:
       * Connecting to directory service on server SERVER01.
       SERVER01.currentTime = 20111012153239.0Z
       SERVER01.highestCommittedUSN = 4221750
       SERVER01.isSynchronized = 1
       SERVER01.isGlobalCatalogReady = 1
       * Collecting site info.
       * Identifying all servers.
       SERVER01.currentTime = 20111012153239.0Z
       SERVER01.highestCommittedUSN = 4221750
       SERVER01.isSynchronized = 1
       SERVER01.isGlobalCatalogReady = 1
       * Identifying all NC cross-refs.
       * Found 2 DC(s). Testing 2 of them.
       Done gathering initial info.


    ===============================================Printing out pDsInfo

    GLOBAL:
     ulNumServers=2
     pszRootDomain=company.pt
     pszNC=
     pszRootDomainFQDN=DC=company,DC=pt
     pszConfigNc=CN=Configuration,DC=company,DC=pt
     pszPartitionsDn=CN=Partitions,CN=Configuration,DC=company,DC=pt
     iSiteOptions=3
     dwTombstoneLifeTimeDays=60

     dwForestBehaviorVersion=0

     HomeServer=1, SERVER01

     SERVER: pServer[0].pszName=SERVER02
      pServer[0].pszGuidDNSName=101cf785-7461-4761-ac57-1c23a45b9901._msdcs.company.pt
      pServer[0].pszDNSName=SERVER02.company.pt
      pServer[0].pszDn=CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
      pServer[0].pszComputerAccountDn=CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt
      pServer[0].uuidObjectGuid=101cf785-7461-4761-ac57-1c23a45b9901
      pServer[0].uuidInvocationId=59486f02-1123-4770-a5fd-dd27f20a62a7
      pServer[0].iSite=0 (LOCATION)
      pServer[0].iOptions=1
      pServer[0].ftLocalAcquireTime=00000000 00000000

      pServer[0].ftRemoteConnectTime=00000000 00000000

      pServer[0].ppszMasterNCs:
       ppszMasterNCs[0]=DC=ForestDnsZones,DC=company,DC=pt
       ppszMasterNCs[1]=DC=DomainDnsZones,DC=company,DC=pt
       ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=company,DC=pt
       ppszMasterNCs[3]=CN=Configuration,DC=company,DC=pt
       ppszMasterNCs[4]=DC=company,DC=pt

     SERVER: pServer[1].pszName=SERVER01
      pServer[1].pszGuidDNSName=67b74001-f973-4684-8146-78144d61132b._msdcs.company.pt
      pServer[1].pszDNSName=SERVER01.company.pt
      pServer[1].pszDn=CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
      pServer[1].pszComputerAccountDn=CN=SERVER01,OU=Domain Controllers,DC=company,DC=pt
      pServer[1].uuidObjectGuid=67b74001-f973-4684-8146-78144d61132b
      pServer[1].uuidInvocationId=3fcb8cb9-794f-4dab-99fc-7601426c4cd8
      pServer[1].iSite=0 (LOCATION)
      pServer[1].iOptions=1
      pServer[1].ftLocalAcquireTime=2d3e09e0 01cc88f4

      pServer[1].ftRemoteConnectTime=2caf8580 01cc88f4

      pServer[1].ppszMasterNCs:
       ppszMasterNCs[0]=DC=ForestDnsZones,DC=company,DC=pt
       ppszMasterNCs[1]=DC=DomainDnsZones,DC=company,DC=pt
       ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=company,DC=pt
       ppszMasterNCs[3]=CN=Configuration,DC=company,DC=pt
       ppszMasterNCs[4]=DC=company,DC=pt

     SITES:  pSites[0].pszName=LOCATION
      pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
      pSites[0].pszISTG=CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
      pSites[0].iSiteOption=3

      pSites[0].cServers=2

     NC:     pNCs[0].pszName=ForestDnsZones
      pNCs[0].pszDn=DC=ForestDnsZones,DC=company,DC=pt

       pNCs[0].aCrInfo[0].dwFlags=0x00000201
       pNCs[0].aCrInfo[0].pszDn=CN=0f38d71a-63f7-4ccf-9ff5-11129b29f78d,CN=Partitions,CN=Configuration,DC=company,DC=pt
       pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.company.pt
       pNCs[0].aCrInfo[0].iSourceServer=1
       pNCs[0].aCrInfo[0].pszSourceServer=(null)
       pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
       pNCs[0].aCrInfo[0].bEnabled=TRUE
       pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[0].aCrInfo[0].pszNetBiosName=(null)
       pNCs[0].aCrInfo[0].cReplicas=-1
       pNCs[0].aCrInfo[0].aszReplicas=


     NC:     pNCs[1].pszName=DomainDnsZones
      pNCs[1].pszDn=DC=DomainDnsZones,DC=company,DC=pt

       pNCs[1].aCrInfo[0].dwFlags=0x00000201
       pNCs[1].aCrInfo[0].pszDn=CN=89a0cf83-d15b-4697-a6e9-5eb8a0c7a4b5,CN=Partitions,CN=Configuration,DC=company,DC=pt
       pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.company.pt
       pNCs[1].aCrInfo[0].iSourceServer=1
       pNCs[1].aCrInfo[0].pszSourceServer=(null)
       pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
       pNCs[1].aCrInfo[0].bEnabled=TRUE
       pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[1].aCrInfo[0].pszNetBiosName=(null)
       pNCs[1].aCrInfo[0].cReplicas=-1
       pNCs[1].aCrInfo[0].aszReplicas=


     NC:     pNCs[2].pszName=Schema
      pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=company,DC=pt

       pNCs[2].aCrInfo[0].dwFlags=0x00000201
       pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=company,DC=pt
       pNCs[2].aCrInfo[0].pszDnsRoot=company.pt
       pNCs[2].aCrInfo[0].iSourceServer=1
       pNCs[2].aCrInfo[0].pszSourceServer=(null)
       pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
       pNCs[2].aCrInfo[0].bEnabled=TRUE
       pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[2].aCrInfo[0].pszNetBiosName=(null)
       pNCs[2].aCrInfo[0].cReplicas=-1
       pNCs[2].aCrInfo[0].aszReplicas=


     NC:     pNCs[3].pszName=Configuration
      pNCs[3].pszDn=CN=Configuration,DC=company,DC=pt

       pNCs[3].aCrInfo[0].dwFlags=0x00000201
       pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=company,DC=pt
       pNCs[3].aCrInfo[0].pszDnsRoot=company.pt
       pNCs[3].aCrInfo[0].iSourceServer=1
       pNCs[3].aCrInfo[0].pszSourceServer=(null)
       pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
       pNCs[3].aCrInfo[0].bEnabled=TRUE
       pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[3].aCrInfo[0].pszNetBiosName=(null)
       pNCs[3].aCrInfo[0].cReplicas=-1
       pNCs[3].aCrInfo[0].aszReplicas=


     NC:     pNCs[4].pszName=company
      pNCs[4].pszDn=DC=company,DC=pt

       pNCs[4].aCrInfo[0].dwFlags=0x00000201
       pNCs[4].aCrInfo[0].pszDn=CN=company,CN=Partitions,CN=Configuration,DC=company,DC=pt
       pNCs[4].aCrInfo[0].pszDnsRoot=company.pt
       pNCs[4].aCrInfo[0].iSourceServer=1
       pNCs[4].aCrInfo[0].pszSourceServer=(null)
       pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
       pNCs[4].aCrInfo[0].bEnabled=TRUE
       pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000    pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
       pNCs[4].aCrInfo[0].pszNetBiosName=(null)
       pNCs[4].aCrInfo[0].cReplicas=-1
       pNCs[4].aCrInfo[0].aszReplicas=


     5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, company,
     2 TARGETS: SERVER02, SERVER01,

    =============================================Done Printing pDsInfo

    Doing initial required tests
      
       Testing server: LOCATION\SERVER02
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             SERVER02.currentTime = 20111012153240.0Z
             SERVER02.highestCommittedUSN = 7016475
             SERVER02.isSynchronized = 1
             SERVER02.isGlobalCatalogReady = 1
             Failure Analysis: SERVER02 ... OK.
             * Active Directory RPC Services Check
             ......................... SERVER02 passed test Connectivity
      
       Testing server: LOCATION\SERVER01
          Starting test: Connectivity
             * Active Directory LDAP Services Check
             Failure Analysis: SERVER01 ... OK.
             * Active Directory RPC Services Check
             ......................... SERVER01 passed test Connectivity

    Doing primary tests
      
       Testing server: LOCATION\SERVER02
          Starting test: Replications
             * Replications Check
             DC=ForestDnsZones,DC=company,DC=pt has 4 cursors.
             DC=DomainDnsZones,DC=company,DC=pt has 4 cursors.
             CN=Schema,CN=Configuration,DC=company,DC=pt has 12 cursors.
             CN=Configuration,DC=company,DC=pt has 12 cursors.
             DC=company,DC=pt has 12 cursors.
             * Replication Latency Check
                DC=ForestDnsZones,DC=company,DC=pt
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=DomainDnsZones,DC=company,DC=pt
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=company,DC=pt
                   Latency information for 10 entries in the vector were ignored.
                      10 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=company,DC=pt
                   Latency information for 10 entries in the vector were ignored.
                      10 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=company,DC=pt
                   Latency information for 10 entries in the vector were ignored.
                      10 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             * Replication Site Latency Check
             Site Settings = CN=NTDS Site Settings,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             [0x904de,v=118886,t=2011-10-12 15:59:40,g=3fcb8cb9-794f-4dab-99fc-7601426c4cd8,orig=4221546,local=7016339]
             Elapsed time (sec) = 1979
             ......................... SERVER02 passed test Replications
          Starting test: Topology
             * Configuration Topology Integrity Check
             [Topology Integrity Check,SERVER02] Intra-site topology generation is disabled in this site.
             * Analyzing the connection topology for DC=ForestDnsZones,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=DomainDnsZones,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Configuration,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... SERVER02 passed test Topology
          Starting test: CutoffServers
             * Configuration Topology Aliveness Check
             * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Configuration,DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=company,DC=pt.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... SERVER02 passed test CutoffServers
          Starting test: NCSecDesc
             * Security Permissions check for all NC's on DC SERVER02.
             * Security Permissions Check for
               DC=ForestDnsZones,DC=company,DC=pt
                (NDNC,Version 2)
             * Security Permissions Check for
               DC=DomainDnsZones,DC=company,DC=pt
                (NDNC,Version 2)
             * Security Permissions Check for
               CN=Schema,CN=Configuration,DC=company,DC=pt
                (Schema,Version 2)
             * Security Permissions Check for
               CN=Configuration,DC=company,DC=pt
                (Configuration,Version 2)
             * Security Permissions Check for
               DC=company,DC=pt
                (Domain,Version 2)
             ......................... SERVER02 passed test NCSecDesc
          Starting test: NetLogons
             * Network Logons Privileges Check
             Verified share \\SERVER02\netlogon
             Verified share \\SERVER02\sysvol
             ......................... SERVER02 passed test NetLogons
          Starting test: Advertising
             The DC SERVER02 is advertising itself as a DC and having a DS.
             The DC SERVER02 is advertising as an LDAP server
             The DC SERVER02 is advertising as having a writeable directory
             The DC SERVER02 is advertising as a Key Distribution Center
             Warning: SERVER02 is not advertising as a time server.
             The DS SERVER02 is advertising as a GC.
             ......................... SERVER02 failed test Advertising
          Starting test: KnowsOfRoleHolders
             Role Schema Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             Role Domain Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             Role PDC Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             Role Rid Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             ......................... SERVER02 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ridManagerReference = CN=RID Manager$,CN=System,DC=company,DC=pt
             * Available RID Pool for the Domain is 9632 to 1073741823
             fSMORoleOwner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
             * SERVER01.company.pt is the RID Master
             * DsBind with RID Master was successful
             rIDSetReferences = CN=RID Set,CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt
             * rIDAllocationPool is 9132 to 9631
             * rIDPreviousAllocationPool is 5632 to 6131
             * rIDNextRID: 5934
             ......................... SERVER02 passed test RidManager
          Starting test: MachineAccount
             Checking machine account for DC SERVER02 on DC SERVER02.
             * SPN found :LDAP/SERVER02.company.pt/company.pt
             * SPN found :LDAP/SERVER02.company.pt
             * SPN found :LDAP/SERVER02
             * SPN found :LDAP/SERVER02.company.pt/company
             * SPN found :LDAP/101cf785-7461-4761-ac57-1c23a45b9901._msdcs.company.pt
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/101cf785-7461-4761-ac57-1c23a45b9901/company.pt
             * SPN found :HOST/SERVER02.company.pt/company.pt
             * SPN found :HOST/SERVER02.company.pt
             * SPN found :HOST/SERVER02
             * SPN found :HOST/SERVER02.company.pt/company
             * SPN found :GC/SERVER02.company.pt/company.pt
             ......................... SERVER02 passed test MachineAccount
          Starting test: Services
             * Checking Service: Dnscache
             * Checking Service: NtFrs
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: RpcSs
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... SERVER02 passed test Services
          Starting test: OutboundSecureChannels
             * The Outbound Secure Channels test
             ** Did not run Outbound Secure Channels test
             because /testdomain: was not entered
             ......................... SERVER02 passed test OutboundSecureChannels
          Starting test: ObjectsReplicated
             SERVER02 is in domain DC=company,DC=pt
             Checking for CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt in domain DC=company,DC=pt on 2 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt in domain CN=Configuration,DC=company,DC=pt on 2 servers
                Object is up-to-date on all servers.
             ......................... SERVER02 passed test ObjectsReplicated
          Starting test: frssysvol
             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... SERVER02 passed test frssysvol
          Starting test: frsevent
             * The File Replication Service Event log test
             ......................... SERVER02 passed test frsevent
          Starting test: kccevent
             * The KCC Event log test
             Found no KCC errors in Directory Service Event log in the last 15 minutes.
             ......................... SERVER02 passed test kccevent
          Starting test: systemlog
             * The System Event log test
             Found no errors in System Event log in the last 60 minutes.
             ......................... SERVER02 passed test systemlog
          Starting test: VerifyReplicas
             ......................... SERVER02 passed test VerifyReplicas
          Starting test: VerifyReferences
             The system object reference (serverReference)

             CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt and backlink on

             CN=SERVER02,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=SERVER02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=pt

             and backlink on CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt are

             correct.
             The system object reference (serverReferenceBL)

             CN=SERVER02,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=pt

             and backlink on

             CN=NTDS Settings,CN=SERVER02,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt

             are correct.
             ......................... SERVER02 passed test VerifyReferences
          Starting test: VerifyEnterpriseReferences
             ......................... SERVER02 passed test VerifyEnterpriseReferences
          Starting test: CheckSecurityError
             * Dr Auth:  Beginning security errors check!
             Found KDC SERVER01 for domain company.pt in site LOCATION
             Checking machine account for DC SERVER02 on DC SERVER01.
             * SPN found :LDAP/SERVER02.company.pt/company.pt
             * SPN found :LDAP/SERVER02.company.pt
             * SPN found :LDAP/SERVER02
             * SPN found :LDAP/SERVER02.company.pt/company
             * SPN found :LDAP/101cf785-7461-4761-ac57-1c23a45b9901._msdcs.company.pt
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/101cf785-7461-4761-ac57-1c23a45b9901/company.pt
             * SPN found :HOST/SERVER02.company.pt/company.pt
             * SPN found :HOST/SERVER02.company.pt
             * SPN found :HOST/SERVER02
             * SPN found :HOST/SERVER02.company.pt/company
             * SPN found :GC/SERVER02.company.pt/company.pt
             Checking for CN=SERVER02,OU=Domain Controllers,DC=company,DC=pt in domain DC=company,DC=pt on 2 servers
                Object is up-to-date on all servers.
             [SERVER02] No security related replication errors were found on this DC!  To target the connection to a specific source DC use /ReplSource:<DC>.
             ......................... SERVER02 passed test CheckSecurityError
      

     


    IT
    Wednesday, October 12, 2011 3:47 PM

Answers

  • I discovered the problem. When i run the command gpupdate and gpresult on domain controller i notice that both domain policy and domain controller policy were being applied on the PDC. On Group policy managment i uncheck enforced option to default domain policy. All problems regarding advertising test disapeared.

    Thanks for your support!


    IT
    http://adf.ly/6kWan
    • Marked as answer by JCMatos Thursday, October 13, 2011 10:27 AM
    • Edited by JCMatos Sunday, April 08, 2012 12:17 PM
    Thursday, October 13, 2011 10:27 AM

All replies

  •    Testing server: LOCATION\SERVER01
    Starting test: Replications
    * Replications Check
    DC=ForestDnsZones,DC=company,DC=pt has 4 cursors.
    DC=DomainDnsZones,DC=company,DC=pt has 4 cursors.
    CN=Schema,CN=Configuration,DC=company,DC=pt has 12 cursors.
    CN=Configuration,DC=company,DC=pt has 12 cursors.
    DC=company,DC=pt has 12 cursors.
    * Replication Latency Check
    DC=ForestDnsZones,DC=company,DC=pt
    Latency information for 2 entries in the vector were ignored.
    2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
    DC=DomainDnsZones,DC=company,DC=pt
    Latency information for 2 entries in the vector were ignored.
    2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
    CN=Schema,CN=Configuration,DC=company,DC=pt
    Latency information for 10 entries in the vector were ignored.
    10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=company,DC=pt
    Latency information for 10 entries in the vector were ignored.
    10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
    DC=company,DC=pt
    Latency information for 10 entries in the vector were ignored.
    10 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
    * Replication Site Latency Check
    Site Settings = CN=NTDS Site Settings,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    [0x904de,v=118886,t=2011-10-12 15:59:40,g=3fcb8cb9-794f-4dab-99fc-7601426c4cd8,orig=4221546,local=4221546]
    Elapsed time (sec) = 1981
    ......................... SERVER01 passed test Replications
    Starting test: Topology
    * Configuration Topology Integrity Check
    [Topology Integrity Check,SERVER01] Intra-site topology generation is disabled in this site.
    * Analyzing the connection topology for DC=ForestDnsZones,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for DC=DomainDnsZones,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for CN=Configuration,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    ......................... SERVER01 passed test Topology
    Starting test: CutoffServers
    * Configuration Topology Aliveness Check
    * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for CN=Configuration,DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for DC=company,DC=pt.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    ......................... SERVER01 passed test CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC SERVER01.
    * Security Permissions Check for
    DC=ForestDnsZones,DC=company,DC=pt
    (NDNC,Version 2)
    * Security Permissions Check for
    DC=DomainDnsZones,DC=company,DC=pt
    (NDNC,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=company,DC=pt
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=company,DC=pt
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=company,DC=pt
    (Domain,Version 2)
    ......................... SERVER01 passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\SERVER01\netlogon
    Verified share \\SERVER01\sysvol
    ......................... SERVER01 passed test NetLogons
    Starting test: Advertising
    The DC SERVER01 is advertising itself as a DC and having a DS.
    The DC SERVER01 is advertising as an LDAP server
    The DC SERVER01 is advertising as having a writeable directory
    The DC SERVER01 is advertising as a Key Distribution Center
    Warning: SERVER01 is not advertising as a time server.
    The DS SERVER01 is advertising as a GC.
    ......................... SERVER01 failed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    Role Domain Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    Role PDC Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    Role Rid Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    ......................... SERVER01 passed test KnowsOfRoleHolders
    Starting test: RidManager
    ridManagerReference = CN=RID Manager$,CN=System,DC=company,DC=pt
    * Available RID Pool for the Domain is 9632 to 1073741823
    fSMORoleOwner = CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt
    * SERVER01.company.pt is the RID Master
    * DsBind with RID Master was successful
    rIDSetReferences = CN=RID Set,CN=SERVER01,OU=Domain Controllers,DC=company,DC=pt
    * rIDAllocationPool is 8632 to 9131
    * rIDPreviousAllocationPool is 8632 to 9131
    * rIDNextRID: 8686
    ......................... SERVER01 passed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC SERVER01 on DC SERVER01.
    * SPN found :LDAP/SERVER01.company.pt/company.pt
    * SPN found :LDAP/SERVER01.company.pt
    * SPN found :LDAP/SERVER01
    * SPN found :LDAP/SERVER01.company.pt/company
    * SPN found :LDAP/67b74001-f973-4684-8146-78144d61132b._msdcs.company.pt
    * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/67b74001-f973-4684-8146-78144d61132b/company.pt
    * SPN found :HOST/SERVER01.company.pt/company.pt
    * SPN found :HOST/SERVER01.company.pt
    * SPN found :HOST/SERVER01
    * SPN found :HOST/SERVER01.company.pt/company
    * SPN found :GC/SERVER01.company.pt/company.pt
    ......................... SERVER01 passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... SERVER01 passed test Services
    Starting test: OutboundSecureChannels
    * The Outbound Secure Channels test
    ** Did not run Outbound Secure Channels test
    because /testdomain: was not entered
    ......................... SERVER01 passed test OutboundSecureChannels
    Starting test: ObjectsReplicated
    SERVER01 is in domain DC=company,DC=pt
    Checking for CN=SERVER01,OU=Domain Controllers,DC=company,DC=pt in domain DC=company,DC=pt on 2 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt in domain CN=Configuration,DC=company,DC=pt on 2 servers
    Object is up-to-date on all servers.
    ......................... SERVER01 passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... SERVER01 passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... SERVER01 passed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15 minutes.
    ......................... SERVER01 passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 10/12/2011 16:17:54
    Event String: DCOM was unable to communicate with the computer

    212.113.164.5 using any of the configured

    protocols.
    An Error Event occured. EventID: 0xC0002719
    Time Generated: 10/12/2011 16:17:54
    Event String: DCOM was unable to communicate with the computer

    212.113.164.6 using any of the configured

    protocols.
    ......................... SERVER01 failed test systemlog
    Starting test: VerifyReplicas
    ......................... SERVER01 passed test VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=SERVER01,OU=Domain Controllers,DC=company,DC=pt and backlink on

    CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=SERVER01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=pt

    and backlink on CN=SERVER01,OU=Domain Controllers,DC=company,DC=pt are

    correct.
    The system object reference (serverReferenceBL)

    CN=SERVER01,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=company,DC=pt

    and backlink on

    CN=NTDS Settings,CN=SERVER01,CN=Servers,CN=LOCATION,CN=Sites,CN=Configuration,DC=company,DC=pt

    are correct.
    ......................... SERVER01 passed test VerifyReferences
    Starting test: VerifyEnterpriseReferences
    ......................... SERVER01 passed test VerifyEnterpriseReferences
    Starting test: CheckSecurityError
    * Dr Auth: Beginning security errors check!
    Found KDC SERVER01 for domain company.pt in site LOCATION
    Checking machine account for DC SERVER01 on DC SERVER01.
    * SPN found :LDAP/SERVER01.company.pt/company.pt
    * SPN found :LDAP/SERVER01.company.pt
    * SPN found :LDAP/SERVER01
    * SPN found :LDAP/SERVER01.company.pt/company
    * SPN found :LDAP/67b74001-f973-4684-8146-78144d61132b._msdcs.company.pt
    * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/67b74001-f973-4684-8146-78144d61132b/company.pt
    * SPN found :HOST/SERVER01.company.pt/company.pt
    * SPN found :HOST/SERVER01.company.pt
    * SPN found :HOST/SERVER01
    * SPN found :HOST/SERVER01.company.pt/company
    * SPN found :GC/SERVER01.company.pt/company.pt
    [SERVER01] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
    ......................... SERVER01 passed test CheckSecurityError

    DNS Tests are running and not hung. Please wait a few minutes...

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : company
    Starting test: CrossRefValidation
    ......................... company passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... company passed test CheckSDRefDom

    Running enterprise tests on : company.pt
    Starting test: Intersite
    Skipping site LOCATION, this site is outside the scope provided by

    the command line arguments provided.
    ......................... company.pt passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\SERVER01.company.pt
    Locator Flags: 0xe00001bd
    PDC Name: \\SERVER01.company.pt
    Locator Flags: 0xe00001bd
    Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.
    Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
    A Good Time Server could not be located.
    KDC Name: \\SERVER01.company.pt
    Locator Flags: 0xe00001bd
    ......................... company.pt failed test FsmoCheck
    Starting test: DNS
    Test results for domain controllers:

    DC: SERVER02.company.pt
    Domain: company.pt


    TEST: Authentication (Auth)
    Authentication test: Successfully completed

    TEST: Basic (Basc)
    Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
    NETLOGON service is running
    kdc service is running
    DNSCACHE service is running
    DNS service is running
    DC is a DNS server
    Network adapters information:
    Adapter [00000010] BASP Virtual Adapter:
    MAC address is 00:1B:FC:6B:E6:E6
    IP address is static
    IP address: 192.168.0.30
    DNS servers:
    192.168.0.30 (<name unavailable>) [Valid]
    192.168.0.2 (<name unavailable>) [Valid]
    The A record for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found (primary)
    Root zone on this DC/DNS server was not found

    TEST: Forwarders/Root hints (Forw)
    Recursion is enabled
    Forwarders Information:
    212.113.164.5 (<name unavailable>) [Valid]
    212.113.164.6 (<name unavailable>) [Valid]

    TEST: Delegations (Del)
    No delegations were found in this zone on this DNS server

    TEST: Dynamic update (Dyn)
    Dynamic update is enabled on the zone company.pt.
    Test record _dcdiag_test_record added successfully in zone company.pt.
    Test record _dcdiag_test_record deleted successfully in zone company.pt.

    TEST: Records registration (RReg)
    Network Adapter [00000010] BASP Virtual Adapter:
    Matching A record found at DNS server 192.168.0.30:
    SERVER02.company.pt

    Matching CNAME record found at DNS server 192.168.0.30:
    101cf785-7461-4761-ac57-1c23a45b9901._msdcs.company.pt

    Matching DC SRV record found at DNS server 192.168.0.30:
    _ldap._tcp.dc._msdcs.company.pt

    Matching GC SRV record found at DNS server 192.168.0.30:
    _ldap._tcp.gc._msdcs.company.pt

    Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.
    Total WMI connection time:0 min. 42 sec. Total Netuse connection time:0 min. 0 sec.


    DC: SERVER01.company.pt
    Domain: company.pt


    TEST: Authentication (Auth)
    Authentication test: Successfully completed

    TEST: Basic (Basc)
    Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
    NETLOGON service is running
    kdc service is running
    DNSCACHE service is running
    DNS service is running
    DC is a DNS server
    Network adapters information:
    Adapter [00000007] VMware Accelerated AMD PCNet Adapter:
    MAC address is 00:0C:29:CA:91:9B
    IP address is static
    IP address: 192.168.0.2
    DNS servers:
    192.168.0.2 (<name unavailable>) [Valid]
    192.168.0.30 (<name unavailable>) [Valid]
    The A record for this DC was found
    The SOA record for the Active Directory zone was found
    The Active Directory zone on this DC/DNS server was found (primary)
    Root zone on this DC/DNS server was not found

    TEST: Forwarders/Root hints (Forw)
    Recursion is enabled
    Forwarders Information:
    212.113.164.5 (<name unavailable>) [Valid]
    212.113.164.6 (<name unavailable>) [Valid]

    TEST: Delegations (Del)
    No delegations were found in this zone on this DNS server

    TEST: Dynamic update (Dyn)
    Dynamic update is enabled on the zone company.pt.
    Test record _dcdiag_test_record added successfully in zone company.pt.
    Test record _dcdiag_test_record deleted successfully in zone company.pt.

    TEST: Records registration (RReg)
    Network Adapter [00000007] VMware Accelerated AMD PCNet Adapter:
    Matching A record found at DNS server 192.168.0.2:
    SERVER01.company.pt

    Matching CNAME record found at DNS server 192.168.0.2:
    67b74001-f973-4684-8146-78144d61132b._msdcs.company.pt

    Matching DC SRV record found at DNS server 192.168.0.2:
    _ldap._tcp.dc._msdcs.company.pt

    Matching GC SRV record found at DNS server 192.168.0.2:
    _ldap._tcp.gc._msdcs.company.pt

    Matching PDC SRV record found at DNS server 192.168.0.2:
    _ldap._tcp.pdc._msdcs.company.pt

    Matching A record found at DNS server 192.168.0.30:
    SERVER01.company.pt

    Matching CNAME record found at DNS server 192.168.0.30:
    67b74001-f973-4684-8146-78144d61132b._msdcs.company.pt

    Matching DC SRV record found at DNS server 192.168.0.30:
    _ldap._tcp.dc._msdcs.company.pt

    Matching GC SRV record found at DNS server 192.168.0.30:
    _ldap._tcp.gc._msdcs.company.pt

    Matching PDC SRV record found at DNS server 192.168.0.30:
    _ldap._tcp.pdc._msdcs.company.pt

    Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec.
    Total WMI connection time:0 min. 42 sec. Total Netuse connection time:0 min. 0 sec.

    Summary of test results for DNS servers used by the above domain controllers:

    DNS server: 192.168.0.2 (<name unavailable>)
    All tests passed on this DNS server
    This is a valid DNS server.
    Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
    Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec.

    DNS server: 192.168.0.30 (<name unavailable>)
    All tests passed on this DNS server
    This is a valid DNS server.
    Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
    Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec.

    DNS server: 212.113.164.5 (<name unavailable>)
    All tests passed on this DNS server
    This is a valid DNS server.
    Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.

    DNS server: 212.113.164.6 (<name unavailable>)
    All tests passed on this DNS server
    This is a valid DNS server.
    Total query time:0 min. 0 sec., Total WMI connection time:0 min. 41 sec.

    Summary of DNS test results:

    Auth Basc Forw Del Dyn RReg Ext
    ________________________________________________________________
    Domain: company.pt
    SERVER02 PASS PASS PASS PASS PASS PASS n/a
    SERVER01 PASS PASS PASS PASS PASS PASS n/a

    Total Time taken to test all the DCs:1 min. 25 sec.
    ......................... company.pt passed test DNS


    IT
    Wednesday, October 12, 2011 3:52 PM


  • Domain Controller Diagnosis

    Performing initial setup:
       Done gathering initial info.

    Doing initial required tests
      
       Testing server: Taguspark\SERVER01
          Starting test: Connectivity
             ......................... SERVER01 passed test Connectivity

    Doing primary tests
      
       Testing server: Taguspark\SERVER01
          Starting test: Replications
             ......................... SERVER01 passed test Replications
          Starting test: NCSecDesc
             ......................... SERVER01 passed test NCSecDesc
          Starting test: NetLogons
             ......................... SERVER01 passed test NetLogons
          Starting test: Advertising
             Warning: SERVER01 is not advertising as a time server.
             ......................... SERVER01 failed test Advertising
          Starting test: KnowsOfRoleHolders
             ......................... SERVER01 passed test KnowsOfRoleHolders
          Starting test: RidManager
             ......................... SERVER01 passed test RidManager
          Starting test: MachineAccount
             ......................... SERVER01 passed test MachineAccount
          Starting test: Services
             ......................... SERVER01 passed test Services
          Starting test: ObjectsReplicated
             ......................... SERVER01 passed test ObjectsReplicated
          Starting test: frssysvol
             ......................... SERVER01 passed test frssysvol
          Starting test: frsevent
             ......................... SERVER01 passed test frsevent
          Starting test: kccevent
             ......................... SERVER01 passed test kccevent
          Starting test: systemlog
             An Error Event occured.  EventID: 0xC0002719
                Time Generated: 10/12/2011   16:17:54
                Event String: DCOM was unable to communicate with the computer

             An Error Event occured.  EventID: 0xC0002719
                Time Generated: 10/12/2011   16:17:54
                Event String: DCOM was unable to communicate with the computer

             ......................... SERVER01 failed test systemlog
          Starting test: VerifyReferences
             ......................... SERVER01 passed test VerifyReferences
      
       Running partition tests on : ForestDnsZones
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
      
       Running partition tests on : DomainDnsZones
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
      
       Running partition tests on : Schema
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
      
       Running partition tests on : Configuration
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
      
       Running partition tests on : COMPANY
          Starting test: CrossRefValidation
             ......................... COMPANY passed test CrossRefValidation
          Starting test: CheckSDRefDom
             ......................... COMPANY passed test CheckSDRefDom
      
       Running enterprise tests on : COMPANY.pt
          Starting test: Intersite
             ......................... COMPANY.pt passed test Intersite
          Starting test: FsmoCheck
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
             A Good Time Server could not be located.
             ......................... COMPANY.pt failed test FsmoCheck

     


    IT
    Wednesday, October 12, 2011 4:04 PM
  • I already tried all workarrounds that i could find: restarting time server, unregister/register w32time, dcdiag /fix.

     

    What can i do more?

     

    Thanks in advance.


    IT
    Wednesday, October 12, 2011 4:14 PM
  • I also run the following test:

    nslookup gc.msdcs.DOMAIN.pt


    Server:  SERVER01.DOMAIN.pt
    Address:  192.168.0.2

    Name:    gc._msdcs.DOMAIN.pt
    Addresses:  192.168.0.2
       192.168.0.30

     


    IT
    Wednesday, October 12, 2011 4:41 PM
  • Hi JCMatos,

    >Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
    A Time Server could not be located.
    The server holding the PDC role is down.

    According to the report, it seems like that the PDC role is down, please check which DC hold the PDC role. Does the role work fine?

    Best Regards,

    Yan Li

     

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, October 13, 2011 3:17 AM
    Moderator

  •          Warning: SERVER01 is not advertising as a time server.
             ......................... SERVER01 failed test Advertising
             

    Hi,

    Most of time this error occurs when the Windows Time service does not synchronize time with a time server means PDC role owner is down or server is not properly configured to sync with PDC.

    Indentify FSMO role owner: run "netdom query fsmo" on DC, once you are identified the PDC role owner configure it as authorative time server and configure the domain clients to sync with PDC.

    Check Time server configuration to sync PDC emulator to an External Time Source:
    http://abhijitw.wordpress.com/2011/10/08/time-server-configuration-to-sync-pdc-emulator-to-an-external-time-source/

    Thursday, October 13, 2011 7:52 AM
  • Hi, 

    When i run the command netdom query fsmo i get the following:

     

    Schema owner                SERVER01.DOMAIN.pt

    Domain role owner             SERVER01.DOMAIN.pt

    PDC role                      SERVER01.DOMAIN.pt

    RID pool manager              SERVER01.DOMAIN.pt

    Infrastructure owner        SERVER01.DOMAIN.pt

    The command completed successfully.

     

    In my case i have time service configured by group policy, is that a good ideia? I have one configuration on the default domain policy for domain computers and another configuration for domain controllers policy. Domain controllers sync with external source and domain computers sync with domain controllers. In domain controllers policy its better to have their configuration set to not configured? And then configure by registry? 

    Thanks for your reply.


    IT
    Thursday, October 13, 2011 8:58 AM
  • To me it looks to be all the issues due to time sync issues and yes, if there is a time drift, you will see lot of errors in domain. Make sure Sysvol/netlogon shares are present on the DC and it is accessible. Time service requires port 123 UDP. Checking the connectivity and firewall port being blocked can be the issue.

    Follow the article to correct the time issue first.

    http://awinish.wordpress.com/2011/10/07/time-server-role-in-forestdomain/

     

    Regards


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Thursday, October 13, 2011 9:04 AM
    Moderator
  • Hi,

    Instead of making all the domain controllers to sync with external time resource, make your PDC as authoritative time server.

    The PDC operations master at the root of the forest becomes authoritative for the organization.

    By default, Windows-based computers use the following hierarchy:

    • All client desktop computers nominate the authenticating domain controller as their in-bound time partner.
    • All member servers follow the same process that client desktop computers follow.
    • All domain controllers in a domain nominate the primary domain controller (PDC) operations master as their in-bound time partner.
    • All PDC operations masters follow the hierarchy of domains in the selection of their in-bound time partner.


    How to configure an authoritative time server in Windows Server
    support.microsoft.com/kb/816042


    If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!
    Thursday, October 13, 2011 9:19 AM
  • At this moment i have set all time server settings on domain controller policy to not configured, and then followed your blog instructions. 

    I just have one question, in option AnnounceFlags  what should i configure? And this value is entered in decimal or hexadecimal? 

     

    Thanks


    IT
    Thursday, October 13, 2011 9:30 AM
  • It should be a as a Hexadecimal value.

    http://support.microsoft.com/kb/816042

     

    Regards  


    Awinish Vishwakarma

    MY BLOG:  awinish.wordpress.com


    This posting is provided AS-IS with no warranties/guarantees and confers no rights.
    Thursday, October 13, 2011 9:57 AM
    Moderator
  • I discovered the problem. When i run the command gpupdate and gpresult on domain controller i notice that both domain policy and domain controller policy were being applied on the PDC. On Group policy managment i uncheck enforced option to default domain policy. All problems regarding advertising test disapeared.

    Thanks for your support!


    IT
    http://adf.ly/6kWan
    • Marked as answer by JCMatos Thursday, October 13, 2011 10:27 AM
    • Edited by JCMatos Sunday, April 08, 2012 12:17 PM
    Thursday, October 13, 2011 10:27 AM