locked
Active Directory and DNS errors RRS feed

  • Question

  • hi,

      we have problem to access via network name to our primary active directory controller.  When I use syntax \\app2dc1\ I got error logon Failure: The target account name is incorrect.

    We have three AD controllers:

    app2dc1: 10.6.11.2 - FSMO holder
    dc2-vm: 10.6.11.7
    dc-4: 10.6.11.17

    Acttualy I have any idea to troobleshooting steps. Please help :)

    dcdiag /q on app2dc1

             There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group

             Policy problems.
             ......................... APP2DC1 failed test DFSREvent

             An error event occurred.  EventID: 0xC0002719

                Time Generated: 05/27/2013   11:51:49

                Event String: DCOM was unable to communicate with the computer 217.197.78.1 using any of the configured protocols.

             An error event occurred.  EventID: 0xC0002719

                Time Generated: 05/27/2013   12:27:45

                Event String: DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:01

                Event String:

                Driver Brother MFC-8880DN Printer required for printer Brother MFC-8880DN Printer is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:03

                Event String:

                Driver Brother MFC-8880DN Printer required for printer !!DC2-VM!IT - Brother 8880DN is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:04

                Event String:

                Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:07

                Event String:

                Driver OKI C5850 required for printer !!DC2-VM!OPENSPACE - KOLOR - OKI C5850 is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:08

                Event String:

                Driver PDFCreator required for printer PDFCreator is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0x00000457

                Time Generated: 05/27/2013   12:36:10

                Event String:

                Driver HP LaserJet M1530 MFP Series PCL 6 required for printer HP LaserJet M1530 MFP Series PCL 6 is unknown. Contact the administrator to install the driver before you log in again.

             An error event occurred.  EventID: 0xC0002719

                Time Generated: 05/27/2013   12:39:14

                Event String: DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.

             ......................... APP2DC1 failed test SystemLog

    Monday, May 27, 2013 11:02 AM

Answers

  • I found solution. I had to reset reset kdc password
    • Proposed as answer by Brian Re - MSFT Tuesday, June 11, 2013 8:13 AM
    • Marked as answer by Jeremy_Wu Tuesday, June 11, 2013 8:15 AM
    Wednesday, May 29, 2013 6:46 AM

All replies

  • Hello,

    What are you running on DC? Are your DCs in time sync with each other? Any snapshot revert on one of the DCs ?

    Can you run and post output of dcdiag /v /e > output.txt

    Thanks.

    Calin

    Monday, May 27, 2013 12:36 PM
  • This is output

    Directory Server Diagnosis


    Performing initial setup:

       Trying to find home server...

       * Verifying that the local machine APP2DC1, is a Directory Server.
       Home Server = APP2DC1

       * Connecting to directory service on server APP2DC1.

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=artim,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=artim,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=DC2-VM,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       Getting information for the server CN=NTDS Settings,CN=DC4,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       * Identifying all NC cross-refs.

       * Found 3 DC(s). Testing 3 of them.

       Done gathering initial info.


    Doing initial required tests

       
       Testing server: Centrala-Opole\APP2DC1

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... APP2DC1 passed test Connectivity

       
       Testing server: Centrala-Opole\DC2-VM

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... DC2-VM passed test Connectivity

       
       Testing server: Centrala-Opole\DC4

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             * Active Directory RPC Services Check
             ......................... DC4 passed test Connectivity



    Doing primary tests

       
       Testing server: Centrala-Opole\APP2DC1

          Starting test: Advertising

             The DC APP2DC1 is advertising itself as a DC and having a DS.
             The DC APP2DC1 is advertising as an LDAP server
             The DC APP2DC1 is advertising as having a writeable directory
             The DC APP2DC1 is advertising as a Key Distribution Center
             The DC APP2DC1 is advertising as a time server
             The DS APP2DC1 is advertising as a GC.
             ......................... APP2DC1 passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             Skip the test because the server is running DFSR.

             ......................... APP2DC1 passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             A warning event occurred.  EventID: 0x80001396

                Time Generated: 05/27/2013   08:22:40

                Event String:

                The DFS Replication service is stopping communication with partner DC4 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1723 (The RPC server is too busy to complete this operation.)

                Connection ID: A36621B4-900F-4483-BAEB-80BB74D016D1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:22:54

                Event String:

                The DFS Replication service encountered an error communicating with partner DC4 for replication group Domain System Volume.

                 

                Partner DNS address: DC4.artim.local

                 

                Optional data if available:

                Partner WINS Address: DC4

                Partner IP Address: 10.6.11.17

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: A36621B4-900F-4483-BAEB-80BB74D016D1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             A warning event occurred.  EventID: 0x80001396

                Time Generated: 05/27/2013   08:23:23

                Event String:

                The DFS Replication service is stopping communication with partner DC2-VM for replication group Domain System Volume due to an error. The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1723 (The RPC server is too busy to complete this operation.)

                Connection ID: B6FCC061-B25A-48AA-AF3E-CF5890FECEA7

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:23:37

                Event String:

                The DFS Replication service encountered an error communicating with partner DC2-VM for replication group Domain System Volume.

                 

                Partner DNS address: DC2-VM.artim.local

                 

                Optional data if available:

                Partner WINS Address: DC2-VM

                Partner IP Address: 10.6.11.7

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: B6FCC061-B25A-48AA-AF3E-CF5890FECEA7

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:24:26

                Event String:

                The DFS Replication service encountered an error communicating with partner DC4 for replication group Domain System Volume.

                 

                Partner DNS address: DC4.artim.local

                 

                Optional data if available:

                Partner WINS Address: DC4

                Partner IP Address: 10.6.11.17

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: A36621B4-900F-4483-BAEB-80BB74D016D1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC00004B2

                Time Generated: 05/27/2013   08:31:26

                Event String:

                The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

                 

                Additional Information:

                Error: 160 (One or more arguments are not correct.)

             An error event occurred.  EventID: 0xC00004B2

                Time Generated: 05/27/2013   09:19:27

                Event String:

                The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

                 

                Additional Information:

                Error: 160 (One or more arguments are not correct.)

             An error event occurred.  EventID: 0xC00004B2

                Time Generated: 05/27/2013   11:26:32

                Event String:

                The DFS Replication service failed to contact domain controller  to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

                 

                Additional Information:

                Error: 160 (One or more arguments are not correct.)

             A warning event occurred.  EventID: 0x8000083D

                Time Generated: 05/27/2013   11:32:15

                Event String:

                The DFS Replication detected the System State Restore Id has changed on volume C:. Replication has been stopped for all system replicated folders on this volume.

                 

                Additional Information:

                Volume: 2A0ABA51-9FB9-11DF-9CAE-806E6F6E6963

                System State Restore Id: A0581BB1-4C08-42A9-9B92-303CF3180291

             A warning event occurred.  EventID: 0x8000100E

                Time Generated: 05/27/2013   11:32:17

                Event String:

                The DFS Replication service has started processing a database recovery for the replicated folder at local path C:\Windows\SYSVOL\domain. Replication has been paused until the recovery completes.

                 

                Additional Information:

                Replicated Folder Name: SYSVOL Share

                Replicated Folder ID: D7BB6AE4-AD3B-4026-AA6A-0D09B4374FCF

                Replication Group Name: Domain System Volume

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

                Member ID: 331D4315-9B88-4688-A8CB-0CCB2168FCBC

             A warning event occurred.  EventID: 0x80001006

                Time Generated: 05/27/2013   11:32:27

                Event String:

                The DFS Replication service initialized the replicated folder at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in this state until it has received replicated data, directly or indirectly, from the designated primary member.

                 

                Additional Information:

                Replicated Folder Name: SYSVOL Share

                Replicated Folder ID: D7BB6AE4-AD3B-4026-AA6A-0D09B4374FCF

                Replication Group Name: Domain System Volume

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

                Member ID: 331D4315-9B88-4688-A8CB-0CCB2168FCBC

             ......................... APP2DC1 failed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... APP2DC1 passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... APP2DC1 passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             ......................... APP2DC1 passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC APP2DC1 on DC APP2DC1.
             * SPN found :LDAP/APP2DC1.artim.local/artim.local
             * SPN found :LDAP/APP2DC1.artim.local
             * SPN found :LDAP/APP2DC1
             * SPN found :LDAP/APP2DC1.artim.local/ARTIM
             * SPN found :LDAP/12687398-711d-42f0-ba9c-fe65b7848997._msdcs.artim.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/12687398-711d-42f0-ba9c-fe65b7848997/artim.local
             * SPN found :HOST/APP2DC1.artim.local/artim.local
             * SPN found :HOST/APP2DC1.artim.local
             * SPN found :HOST/APP2DC1
             * SPN found :HOST/APP2DC1.artim.local/ARTIM
             * SPN found :GC/APP2DC1.artim.local/artim.local
             ......................... APP2DC1 passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC APP2DC1.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=artim,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=artim,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=artim,DC=local
                (Domain,Version 3)
             ......................... APP2DC1 passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\APP2DC1\netlogon
             Verified share \\APP2DC1\sysvol
             ......................... APP2DC1 passed test NetLogons

          Starting test: ObjectsReplicated

             APP2DC1 is in domain DC=artim,DC=local
             Checking for CN=APP2DC1,OU=Domain Controllers,DC=artim,DC=local in domain DC=artim,DC=local on 3 servers
                Authoritative attribute lastLogonTimestamp on APP2DC1 (writeable)
                   usnLocalChange = 11821188
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821188
                   timeLastOriginatingChange = 2013-05-27 11:30:43
                   VersionLastOriginatingChange = 96
                Out-of-date attribute lastLogonTimestamp on DC4 (writeable)
                   usnLocalChange = 3546336
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11874814
                   timeLastOriginatingChange = 2013-05-24 07:00:02
                   VersionLastOriginatingChange = 96
                Out-of-date attribute lastLogonTimestamp on DC2-VM (writeable)
                   usnLocalChange = 15041645
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11874814
                   timeLastOriginatingChange = 2013-05-24 07:00:02
                   VersionLastOriginatingChange = 96
                Authoritative attribute pwdLastSet on APP2DC1 (writeable)
                   usnLocalChange = 11821147
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821147
                   timeLastOriginatingChange = 2013-05-27 11:24:59
                   VersionLastOriginatingChange = 41
                Out-of-date attribute pwdLastSet on DC4 (writeable)
                   usnLocalChange = 3549411
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11877255
                   timeLastOriginatingChange = 2013-05-24 13:42:27
                   VersionLastOriginatingChange = 41
                Out-of-date attribute pwdLastSet on DC2-VM (writeable)
                   usnLocalChange = 15044290
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11877255
                   timeLastOriginatingChange = 2013-05-24 13:42:27
                   VersionLastOriginatingChange = 41
             Checking for CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local in domain CN=Configuration,DC=artim,DC=local on 3 servers
                Authoritative attribute invocationId on APP2DC1 (writeable)
                   usnLocalChange = 11821138
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821138
                   timeLastOriginatingChange = 2013-05-27 11:24:21
                   VersionLastOriginatingChange = 3
                Out-of-date attribute invocationId on DC2-VM (writeable)
                   usnLocalChange = 6256500
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 4661302
                   timeLastOriginatingChange = 2011-12-02 11:05:22
                   VersionLastOriginatingChange = 2
                Out-of-date attribute invocationId on DC4 (writeable)
                   usnLocalChange = 7584
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 4661302
                   timeLastOriginatingChange = 2011-12-02 11:05:22
                   VersionLastOriginatingChange = 2
                Authoritative attribute retiredReplDSASignatures on APP2DC1 (writeable)
                   usnLocalChange = 11821138
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821138
                   timeLastOriginatingChange = 2013-05-27 11:24:21
                   VersionLastOriginatingChange = 2
                Out-of-date attribute retiredReplDSASignatures on DC4 (writeable)
                   usnLocalChange = 7584
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 4661302
                   timeLastOriginatingChange = 2011-12-02 11:05:22
                   VersionLastOriginatingChange = 1
                Out-of-date attribute retiredReplDSASignatures on DC2-VM (writeable)
                   usnLocalChange = 6256500
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 4661302
                   timeLastOriginatingChange = 2011-12-02 11:05:22
                   VersionLastOriginatingChange = 1
             ......................... APP2DC1 failed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             * Replication Latency Check
                DC=ForestDnsZones,DC=artim,DC=local
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=DomainDnsZones,DC=artim,DC=local
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Schema,CN=Configuration,DC=artim,DC=local
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                CN=Configuration,DC=artim,DC=local
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
                DC=artim,DC=local
                   Latency information for 4 entries in the vector were ignored.
                      4 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
             ......................... APP2DC1 passed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 6600 to 1073741823
             * APP2DC1.artim.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 6100 to 6599
             * rIDPreviousAllocationPool is 6100 to 6599
             * rIDNextRID: 6100
             ......................... APP2DC1 passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... APP2DC1 passed test Services

          Starting test: SystemLog

             * The System Event log test
             Found no errors in "System" Event log in the last 60 minutes.
             ......................... APP2DC1 passed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=APP2DC1,OU=Domain Controllers,DC=artim,DC=local and backlink on

             CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (serverReferenceBL)

             CN=APP2DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on

             CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (msDFSR-ComputerReferenceBL)

             CN=APP2DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on CN=APP2DC1,OU=Domain Controllers,DC=artim,DC=local are

             correct.
             ......................... APP2DC1 passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

    Monday, May 27, 2013 12:43 PM
  • 2 part

    Testing server: Centrala-Opole\DC2-VM

          Starting test: Advertising

             The DC DC2-VM is advertising itself as a DC and having a DS.
             The DC DC2-VM is advertising as an LDAP server
             The DC DC2-VM is advertising as having a writeable directory
             The DC DC2-VM is advertising as a Key Distribution Center
             The DC DC2-VM is advertising as a time server
             The DS DC2-VM is advertising as a GC.
             ......................... DC2-VM passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             Skip the test because the server is running DFSR.

             ......................... DC2-VM passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/26/2013   21:35:15

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 192.168.70.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1825 (A security package specific error occurred.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   05:38:21

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 192.168.70.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1825 (A security package specific error occurred.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             A warning event occurred.  EventID: 0x80001396

                Time Generated: 05/27/2013   08:22:35

                Event String:

                The DFS Replication service is stopping communication with partner DC4 for replication group Domain System Volume due to an error. The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1723 (The RPC server is too busy to complete this operation.)

                Connection ID: 0FC5B9F5-16AD-4C71-AFA9-667D159606AA

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:22:49

                Event String:

                The DFS Replication service encountered an error communicating with partner DC4 for replication group Domain System Volume.

                 

                Partner DNS address: DC4.artim.local

                 

                Optional data if available:

                Partner WINS Address: DC4

                Partner IP Address: 10.6.11.17

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: 0FC5B9F5-16AD-4C71-AFA9-667D159606AA

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:24:27

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 10.6.11.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1825 (A security package specific error occurred.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:32:03

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 192.168.80.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   08:49:08

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 192.168.80.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1753 (There are no more endpoints available from the endpoint mapper.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   09:52:08

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 192.168.80.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1825 (A security package specific error occurred.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             An error event occurred.  EventID: 0xC000138A

                Time Generated: 05/27/2013   13:52:44

                Event String:

                The DFS Replication service encountered an error communicating with partner APP2DC1 for replication group Domain System Volume.

                 

                Partner DNS address: APP2DC1.artim.local

                 

                Optional data if available:

                Partner WINS Address: APP2DC1

                Partner IP Address: 10.6.11.2

                 

                The service will retry the connection periodically.

                 

                Additional Information:

                Error: 1825 (A security package specific error occurred.)

                Connection ID: 5ACF03BC-52B8-4578-9737-2E8695D73EC1

                Replication Group ID: 1727B9EB-F9C7-4BC6-B5BE-712A01EF6780

             ......................... DC2-VM failed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... DC2-VM passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... DC2-VM passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             ......................... DC2-VM passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC DC2-VM on DC DC2-VM.
             * SPN found :LDAP/DC2-VM.artim.local/artim.local
             * SPN found :LDAP/DC2-VM.artim.local
             * SPN found :LDAP/DC2-VM
             * SPN found :LDAP/DC2-VM.artim.local/ARTIM
             * SPN found :LDAP/45ed3e68-5470-46f5-9b70-6230b4482cc5._msdcs.artim.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/45ed3e68-5470-46f5-9b70-6230b4482cc5/artim.local
             * SPN found :HOST/DC2-VM.artim.local/artim.local
             * SPN found :HOST/DC2-VM.artim.local
             * SPN found :HOST/DC2-VM
             * SPN found :HOST/DC2-VM.artim.local/ARTIM
             * SPN found :GC/DC2-VM.artim.local/artim.local
             ......................... DC2-VM passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC DC2-VM.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=artim,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=artim,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=artim,DC=local
                (Domain,Version 3)
             ......................... DC2-VM passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\DC2-VM\netlogon
             Verified share \\DC2-VM\sysvol
             ......................... DC2-VM passed test NetLogons

          Starting test: ObjectsReplicated

             DC2-VM is in domain DC=artim,DC=local
             Checking for CN=DC2-VM,OU=Domain Controllers,DC=artim,DC=local in domain DC=artim,DC=local on 3 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=DC2-VM,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local in domain CN=Configuration,DC=artim,DC=local on 3 servers
                Object is up-to-date on all servers.
             ......................... DC2-VM passed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             [Replications Check,DC2-VM] A recent replication attempt failed:

                From APP2DC1 to DC2-VM

                Naming Context: DC=ForestDnsZones,DC=artim,DC=local

                The replication generated an error (1256):

                The remote system is not available. For information about network troubleshooting, see Windows Help.

                

                The failure occurred at 2013-05-27 13:54:08.

                The last success occurred at 2013-05-25 12:52:57.

                66 failures have occurred since the last success.

             [Replications Check,DC2-VM] A recent replication attempt failed:

                From APP2DC1 to DC2-VM

                Naming Context: DC=DomainDnsZones,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 14:29:04.

                The last success occurred at 2013-05-25 12:52:57.

                101 failures have occurred since the last success.

             [Replications Check,DC2-VM] A recent replication attempt failed:

                From APP2DC1 to DC2-VM

                Naming Context: CN=Schema,CN=Configuration,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:08.

                The last success occurred at 2013-05-25 12:52:57.

                51 failures have occurred since the last success.

             [Replications Check,DC2-VM] A recent replication attempt failed:

                From APP2DC1 to DC2-VM

                Naming Context: CN=Configuration,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:08.

                The last success occurred at 2013-05-25 12:52:57.

                54 failures have occurred since the last success.

             REPLICATION LATENCY WARNING

             ERROR: Expected notification link is missing.

             Source APP2DC1

             Replication of new changes along this path will be delayed.

             This problem should self-correct on the next periodic sync.

             [Replications Check,DC2-VM] A recent replication attempt failed:

                From APP2DC1 to DC2-VM

                Naming Context: DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:08.

                The last success occurred at 2013-05-25 13:42:50.

                688 failures have occurred since the last success.

             REPLICATION LATENCY WARNING

             ERROR: Expected notification link is missing.

             Source APP2DC1

             Replication of new changes along this path will be delayed.

             This problem should self-correct on the next periodic sync.

             ......................... DC2-VM failed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 6100 to 1073741823
             * APP2DC1.artim.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 2100 to 2599
             * rIDPreviousAllocationPool is 2100 to 2599
             * rIDNextRID: 2130
             ......................... DC2-VM passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... DC2-VM passed test Services

          Starting test: SystemLog

             * The System Event log test
             An error event occurred.  EventID: 0xC00A0038

                Time Generated: 05/27/2013   14:20:49

                Event String:

                The Terminal Server security layer detected an error in the protocol stream and has disconnected the client. Client IP: 10.6.11.95.

             A warning event occurred.  EventID: 0x8000001C

                Time Generated: 05/27/2013   14:21:24

                Event String:

                When generating a cross realm referal from domain SKLEP.ARTIM.COM.PL the KDC was not able to find the suitable key to verify the ticket. The ticket key version in the request was 4 and the available key version was 2. This most common reason for this error is a delay in replicating the keys. In order to remove this problem try forcing replication or wait for the replication of keys to occur.

             An error event occurred.  EventID: 0x40000004

                Time Generated: 05/27/2013   14:28:58

                Event String:

                The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server app2dc1$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/12687398-711d-42f0-ba9c-fe65b7848997/artim.local@artim.local. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (ARTIM.LOCAL) is different from the client domain (ARTIM.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

             An error event occurred.  EventID: 0x40000004

                Time Generated: 05/27/2013   14:32:47

                Event String:

                The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server app2dc1$. The target name used was ARTIM\APP2DC1$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (ARTIM.LOCAL) is different from the client domain (ARTIM.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.

             ......................... DC2-VM failed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=DC2-VM,OU=Domain Controllers,DC=artim,DC=local and backlink on

             CN=DC2-VM,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (serverReferenceBL)

             CN=DC2-VM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on

             CN=NTDS Settings,CN=DC2-VM,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (msDFSR-ComputerReferenceBL)

             CN=DC2-VM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on CN=DC2-VM,OU=Domain Controllers,DC=artim,DC=local are

             correct.
             ......................... DC2-VM passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

       
     

    Monday, May 27, 2013 12:46 PM
  • 3 part

    Testing server: Centrala-Opole\DC4

          Starting test: Advertising

             The DC DC4 is advertising itself as a DC and having a DS.
             The DC DC4 is advertising as an LDAP server
             The DC DC4 is advertising as having a writeable directory
             The DC DC4 is advertising as a Key Distribution Center
             The DC DC4 is advertising as a time server
             The DS DC4 is advertising as a GC.
             ......................... DC4 passed test Advertising

          Test omitted by user request: CheckSecurityError

          Test omitted by user request: CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             Skip the test because the server is running DFSR.

             ......................... DC4 passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             The event log DFS Replication on server DC4.artim.local could not be

             queried, error 0x6ba "The RPC server is unavailable."

             ......................... DC4 failed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             File Replication Service's SYSVOL is ready
             ......................... DC4 passed test SysVolCheck

          Starting test: KccEvent

             * The KCC Event log test
             The event log Directory Service on server DC4.artim.local could not be

             queried, error 0x6ba "The RPC server is unavailable."

             ......................... DC4 failed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Domain Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role PDC Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Rid Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=APP2DC1,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local
             ......................... DC4 passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC DC4 on DC DC4.
             * SPN found :LDAP/DC4.artim.local/artim.local
             * SPN found :LDAP/DC4.artim.local
             * SPN found :LDAP/DC4
             * SPN found :LDAP/DC4.artim.local/ARTIM
             * SPN found :LDAP/2d5f30ff-0a95-4a15-be1d-db00c44042ff._msdcs.artim.local
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/2d5f30ff-0a95-4a15-be1d-db00c44042ff/artim.local
             * SPN found :HOST/DC4.artim.local/artim.local
             * SPN found :HOST/DC4.artim.local
             * SPN found :HOST/DC4
             * SPN found :HOST/DC4.artim.local/ARTIM
             * SPN found :GC/DC4.artim.local/artim.local
             ......................... DC4 passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC DC4.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=artim,DC=local
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=artim,DC=local
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=artim,DC=local
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=artim,DC=local
                (Domain,Version 3)
             ......................... DC4 passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Verified share \\DC4\netlogon
             Verified share \\DC4\sysvol
             ......................... DC4 passed test NetLogons

          Starting test: ObjectsReplicated

             DC4 is in domain DC=artim,DC=local
             Checking for CN=DC4,OU=Domain Controllers,DC=artim,DC=local in domain DC=artim,DC=local on 3 servers
                Authoritative attribute lastLogonTimestamp on APP2DC1 (writeable)
                   usnLocalChange = 11821211
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821211
                   timeLastOriginatingChange = 2013-05-27 11:31:18
                   VersionLastOriginatingChange = 40
                Out-of-date attribute lastLogonTimestamp on DC4 (writeable)
                   usnLocalChange = 3491526
                   LastOriginatingDsa = DC4
                   usnOriginatingChange = 3491526
                   timeLastOriginatingChange = 2013-05-18 16:00:02
                   VersionLastOriginatingChange = 40
                Out-of-date attribute lastLogonTimestamp on DC2-VM (writeable)
                   usnLocalChange = 14988758
                   LastOriginatingDsa = DC4
                   usnOriginatingChange = 3491526
                   timeLastOriginatingChange = 2013-05-18 16:00:02
                   VersionLastOriginatingChange = 40
                Authoritative attribute pwdLastSet on APP2DC1 (writeable)
                   usnLocalChange = 11821241
                   LastOriginatingDsa = APP2DC1
                   usnOriginatingChange = 11821241
                   timeLastOriginatingChange = 2013-05-27 11:39:21
                   VersionLastOriginatingChange = 14
                Out-of-date attribute pwdLastSet on DC2-VM (writeable)
                   usnLocalChange = 15022545
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11856129
                   timeLastOriginatingChange = 2013-05-22 12:54:35
                   VersionLastOriginatingChange = 14
                Out-of-date attribute pwdLastSet on DC4 (writeable)
                   usnLocalChange = 3525850
                   LastOriginatingDsa = 521094c5-9b2a-4248-80d2-c1b9deaa3788
                   usnOriginatingChange = 11856129
                   timeLastOriginatingChange = 2013-05-22 12:54:35
                   VersionLastOriginatingChange = 14
             Checking for CN=NTDS Settings,CN=DC4,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local in domain CN=Configuration,DC=artim,DC=local on 3 servers
                Object is up-to-date on all servers.
             ......................... DC4 failed test ObjectsReplicated

          Test omitted by user request: OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             [Replications Check,DC4] A recent replication attempt failed:

                From APP2DC1 to DC4

                Naming Context: DC=ForestDnsZones,DC=artim,DC=local

                The replication generated an error (1256):

                The remote system is not available. For information about network troubleshooting, see Windows Help.

                

                The failure occurred at 2013-05-27 13:54:18.

                The last success occurred at 2013-05-27 10:11:26.

                9 failures have occurred since the last success.

             [Replications Check,DC4] A recent replication attempt failed:

                From APP2DC1 to DC4

                Naming Context: DC=DomainDnsZones,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 14:29:08.

                The last success occurred at 2013-05-27 10:11:29.

                37 failures have occurred since the last success.

             [Replications Check,DC4] A recent replication attempt failed:

                From APP2DC1 to DC4

                Naming Context: CN=Schema,CN=Configuration,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:18.

                The last success occurred at 2013-05-27 09:54:18.

                5 failures have occurred since the last success.

             [Replications Check,DC4] A recent replication attempt failed:

                From APP2DC1 to DC4

                Naming Context: CN=Configuration,DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:18.

                The last success occurred at 2013-05-27 09:54:18.

                9 failures have occurred since the last success.

             [Replications Check,DC4] A recent replication attempt failed:

                From APP2DC1 to DC4

                Naming Context: DC=artim,DC=local

                The replication generated an error (-2146893022):

                The target principal name is incorrect.

                The failure occurred at 2013-05-27 13:54:18.

                The last success occurred at 2013-05-25 13:42:22.

                725 failures have occurred since the last success.

             REPLICATION LATENCY WARNING

             ERROR: Expected notification link is missing.

             Source APP2DC1

             Replication of new changes along this path will be delayed.

             This problem should self-correct on the next periodic sync.

             ......................... DC4 failed test Replications

          Starting test: RidManager

             * Available RID Pool for the Domain is 6100 to 1073741823
             * APP2DC1.artim.local is the RID Master
             * DsBind with RID Master was successful
             * rIDAllocationPool is 3600 to 4099
             * rIDPreviousAllocationPool is 3600 to 4099
             * rIDNextRID: 3617
             ......................... DC4 passed test RidManager

          Starting test: Services

             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... DC4 passed test Services

          Starting test: SystemLog

             * The System Event log test
             The event log System on server DC4.artim.local could not be queried,

             error 0x6ba "The RPC server is unavailable."

             ......................... DC4 failed test SystemLog

          Test omitted by user request: Topology

          Test omitted by user request: VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=DC4,OU=Domain Controllers,DC=artim,DC=local and backlink on

             CN=DC4,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (serverReferenceBL)

             CN=DC4,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on

             CN=NTDS Settings,CN=DC4,CN=Servers,CN=Centrala-Opole,CN=Sites,CN=Configuration,DC=artim,DC=local

             are correct.
             The system object reference (msDFSR-ComputerReferenceBL)

             CN=DC4,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=artim,DC=local

             and backlink on CN=DC4,OU=Domain Controllers,DC=artim,DC=local are

             correct.
             ......................... DC4 passed test VerifyReferences

          Test omitted by user request: VerifyReplicas

       
             Test omitted by user request: DNS

             Test omitted by user request: DNS

       
             Test omitted by user request: DNS

             
                Test omitted by user request: DNS

                Test omitted by user request: DNS

          Test omitted by user request: DNS

       
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

       
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

       
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

       
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

       
       Running partition tests on : artim

          Starting test: CheckSDRefDom

             ......................... artim passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... artim passed test CrossRefValidation

       
       Running enterprise tests on : artim.local

          Test omitted by user request: DNS

          Test omitted by user request: DNS

          Starting test: LocatorCheck

             GC Name: \\APP2DC1.artim.local

             Locator Flags: 0xe00033fd
             PDC Name: \\APP2DC1.artim.local
             Locator Flags: 0xe00033fd
             Time Server Name: \\APP2DC1.artim.local
             Locator Flags: 0xe00033fd
             Preferred Time Server Name: \\APP2DC1.artim.local
             Locator Flags: 0xe00033fd
             KDC Name: \\APP2DC1.artim.local
             Locator Flags: 0xe00033fd
             ......................... artim.local passed test LocatorCheck

          Starting test: Intersite

             Skipping site Centrala-Opole, this site is outside the scope provided

             by the command line arguments provided.
             ......................... artim.local passed test Intersite

    Monday, May 27, 2013 12:47 PM
  • Is this DC app2DC1 a multi-home system ? Can you post Ipconfig /all.

    Thanks.

    Calin

    Monday, May 27, 2013 1:10 PM

  • Windows IP Configuration

       Host Name . . . . . . . . . . . . : APP2DC1
       Primary Dns Suffix  . . . . . . . : artim.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : artim.local

    Ethernet adapter LAN1:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client) #2
       Physical Address. . . . . . . . . : 00-1A-64-76-01-02
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.80.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter LAN0:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Broadcom BCM5709S NetXtreme II GigE (NDIS VBD Client)
       Physical Address. . . . . . . . . : 00-1A-64-76-00-02
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 10.6.11.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IPv4 Address. . . . . . . . . . . : 192.168.70.2(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 10.6.11.1
       DNS Servers . . . . . . . . . . . : 127.0.0.1
                                           10.6.11.7
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Managment:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : IBM USB Remote NDIS Network Device
       Physical Address. . . . . . . . . : E6-1F-13-19-28-47
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 169.254.95.120(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : 27 maja 2013 11:24:24
       Lease Expires . . . . . . . . . . : 27 maja 2013 15:24:25
       Default Gateway . . . . . . . . . :
       DHCP Server . . . . . . . . . . . : 169.254.95.118
       DNS Servers . . . . . . . . . . . : 127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{1D386D8E-AF03-4206-B6C9-A3F833494C42}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{EEE83395-B337-4432-B4A6-2BBB4F958CBA}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{F0A8A6C7-8D46-44B5-A0CE-2A43694A0CE5}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
    Monday, May 27, 2013 1:16 PM
  • Hello,

    Sorry for delay in asnwering. If you do not need the NIC interface with 192.xx please disable it.

    Also are you able to browse using fqdn instead of hostname as \\APP2DC1.artim.local, you should get NETLOGON and SYSVOL shares along with others that you might have there?

    Thanks.

    Calin

    Tuesday, May 28, 2013 6:03 AM
  • There is also problem I can't access to shares on \\app2dc1. From some computers and servers I can from some I can't

    I got error logon Failure: The target account name is incorrect.

    Tuesday, May 28, 2013 6:10 AM
  • Hello,

    There are some replication problems on your enterprise AD, but i do not think that causes this random share access issue.

    Can you resolve the DC name from the machine that you can't access the shares? Can you access share by using the IP like \\10.6.11.2 ?

    Thanks.

    Calin

    Tuesday, May 28, 2013 6:19 AM
  • Yes via adrress IP I can access to share, I can't access only for server name.

    Tuesday, May 28, 2013 6:44 AM
  • Hello,

    Please make sure you have the correct A record in DNS zone for APP2DC1 and delete any duplicate.

    Can you resolve APP2DC1 to correct IP address from machines where you cannot acces shares using hostname?

    Thanks.

    Calin

    Tuesday, May 28, 2013 6:49 AM
  • In DNS are static A records for all network interface. I can ping via server name.
    Tuesday, May 28, 2013 7:10 AM
  • I also found errors on app2dc1:

    NET LOGON: 5721

    The session setup to the Windows NT or Windows 2000 Domain Controller \\DC2-VM.artim.local for the domain ARTIM failed because the Domain Controller did not have an account APP2DC1$ needed to set up the session by this computer APP2DC1.  

    ADDITIONAL DATA
    If this computer is a member of or a Domain Controller in the specified domain, the aforementioned account is a computer account for this computer in the specified domain. Otherwise, the account is an interdomain trust account with the specified domain.

    Tuesday, May 28, 2013 7:24 AM
  • Hi Grzegorz,


    Thank you for your question.


    I am trying to involve someone familiar with this topic to further look at this issue. There might be some time delay. Appreciate your patience.


    Thank you for your understanding and support.


    Jeremy Wu
    TechNet Community Support

    Tuesday, May 28, 2013 7:31 AM
  • I found solution. I had to reset reset kdc password
    • Proposed as answer by Brian Re - MSFT Tuesday, June 11, 2013 8:13 AM
    • Marked as answer by Jeremy_Wu Tuesday, June 11, 2013 8:15 AM
    Wednesday, May 29, 2013 6:46 AM
  • Hi, it seems a problem with secure channel on DC side. You are correct that, we are able to reset kdc pwd by using netdom resetpwd command. Thanks, Brian

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Wednesday, May 29, 2013 8:35 AM