none
DCDiag issues and NO sysvol and netlogon share after recent dcpromo

    Question

  • Hi there,

    I've having an absolute hard time since promoting a server in to domain controller. First i had some dns issues and now it's issues with replication and the 2 domain controllers talking to each other. Netlogon and sysvol are not being shared on DC02 (newly promoted server) infact there are zero shares.
    Below is the DCdiag info from both domain controllers and as you can see, i'm getting a whole lot of issues. not sure where to start. I'm unable to open AD at all.

    DC01 – Primary dcdiag
    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = WHHS01
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\WHHS01
          Starting test: Connectivity
             ......................... WHHS01 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\WHHS01
          Starting test: Advertising
             ......................... WHHS01 passed test Advertising
          Starting test: FrsEvent
             ......................... WHHS01 passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may caus
             Group Policy problems.
             ......................... WHHS01 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... WHHS01 passed test SysVolCheck
          Starting test: KccEvent
             ......................... WHHS01 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... WHHS01 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... WHHS01 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... WHHS01 passed test NCSecDesc
          Starting test: NetLogons
             [WHHS01] User credentials does not have permission to perform this
             operation.
             The account used for this test must have network logon privileges
             for this machine's domain.
             ......................... WHHS01 failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... WHHS01 passed test ObjectsReplicated
          Starting test: Replications
             [Replications Check,WHHS01] DsReplicaGetInfo(PENDING_OPS, NULL)
             failed, error 0x2105 "Replication access was denied."
             ......................... WHHS01 failed test Replications
          Starting test: RidManager
             ......................... WHHS01 passed test RidManager
          Starting test: Services
                Could not open NTDS Service on WHHS01, error 0x5
                "Access is denied."
             ......................... WHHS01 failed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x000003FC
                Time Generated: 06/06/2018   12:45:18
                Event String:
                Scope, 192.168.9.0, is 81 percent full with only 13 IP addresses r
    aining.
             A warning event occurred.  EventID: 0x00000560
                Time Generated: 06/06/2018   12:45:18
                Event String:
                IP address range of scope 192.168.9.0 is 81 percent full with only
    3 IP addresses available.
             ......................... WHHS01 failed test SystemLog
          Starting test: VerifyReferences
             ......................... WHHS01 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidatio

       Running partition tests on : mydomain
          Starting test: CheckSDRefDom
             ......................... mydomain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... mydomain passed test CrossRefValidatio

       Running enterprise tests on : mydomain.com.au
          Starting test: LocatorCheck
             ......................... mydomain.com.au passed test
             LocatorCheck
          Starting test: Intersite
             ......................... mydomain.com.au passed test Intersite

    DC02 – Secondary and recently promoted as DC
    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = WSHAWSDC
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\WSHAWSDC
          Starting test: Connectivity
             ......................... WSHAWSDC passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\WSHAWSDC
          Starting test: Advertising
             Fatal Error:DsGetDcName (WSHAWSDC) call failed, error 1355
             The Locator could not find the server.
             ......................... WSHAWSDC failed test Advertising
          Starting test: FrsEvent
             ......................... WSHAWSDC passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... WSHAWSDC failed test DFSREvent
          Starting test: SysVolCheck
             ......................... WSHAWSDC passed test SysVolCheck
          Starting test: KccEvent
             ......................... WSHAWSDC passed test KccEvent
          Starting test: KnowsOfRoleHolders
             Ldap search capability attribute search failed on server WHHS01,
             return value = 81
             Warning: WHHS01 is the Schema Owner, but is not responding to LDAP
             Bind.
             Warning: WHHS01 is the Domain Owner, but is not responding to LDAP
             Bind.
             Warning: WHHS01 is the PDC Owner, but is not responding to LDAP Bind.
             Warning: WHHS01 is the Rid Owner, but is not responding to LDAP Bind.
             Warning: WHHS01 is the Infrastructure Update Owner, but is not
             responding to LDAP Bind.
             ......................... WSHAWSDC failed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... WSHAWSDC passed test MachineAccount
          Starting test: NCSecDesc
             ......................... WSHAWSDC passed test NCSecDesc
          Starting test: NetLogons
             Unable to connect to the NETLOGON share! (\\WSHAWSDC\netlogon)
             [WSHAWSDC] An net use or LsaPolicy operation failed with error 67,
             The network name cannot be found..
             ......................... WSHAWSDC failed test NetLogons
          Starting test: ObjectsReplicated
             ......................... WSHAWSDC passed test ObjectsReplicated
          Starting test: Replications
             ......................... WSHAWSDC passed test Replications
          Starting test: RidManager
             ......................... WSHAWSDC passed test RidManager
          Starting test: Services
             ......................... WSHAWSDC passed test Services
          Starting test: SystemLog
             An error event occurred.  EventID: 0xC00038D6
                Time Generated: 06/06/2018   12:09:16
                Event String:
                The DFS Namespace service could not initialize cross forest trust in
    formation on this domain controller, but it will periodically retry the operatio
    n. The return code is in the record data.
             ......................... WSHAWSDC failed test SystemLog
          Starting test: VerifyReferences
             ......................... WSHAWSDC passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : mydomain
          Starting test: CheckSDRefDom
             ......................... mydomain passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... mydomain passed test CrossRefValidation

       Running enterprise tests on : mydomain.com.au
          Starting test: LocatorCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
             1355
             A Good Time Server could not be located.
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
             A KDC could not be located - All the KDCs are down.
             ......................... mydomain.com.au failed test
             LocatorCheck
          Starting test: Intersite
             ......................... mydomain.com.au passed test Intersite
    Wednesday, June 06, 2018 3:28 AM

All replies


  •       Starting test: KnowsOfRoleHolders
             Ldap search capability attribute search failed on server WHHS01,
             return value = 81
             Warning: WHHS01 is the Schema Owner, but is not responding to LDAP
             Bind.
             Warning: WHHS01 is the Domain Owner, but is not responding to LDAP
             Bind.
             Warning: WHHS01 is the PDC Owner, but is not responding to LDAP Bind.
             Warning: WHHS01 is the Rid Owner, but is not responding to LDAP Bind.
             Warning: WHHS01 is the Infrastructure Update Owner, but is not
             responding to LDAP Bind.
             ......................... WSHAWSDC failed test KnowsOfRoleHolders


       Running enterprise tests on : mydomain.com.au
          Starting test: LocatorCheck
             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
             A Global Catalog Server could not be located - All GC's are down.
             Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
             A Primary Domain Controller could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
             A Time Server could not be located.
             The server holding the PDC role is down.
             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
             1355
             A Good Time Server could not be located.
             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
             A KDC could not be located - All the KDCs are down.
             ......................... mydomain.com.au failed test
             LocatorCheck
          Starting test: Intersite
             ......................... mydomain.com.au passed test Intersite

    Hi,

    I would suggest you verify the connection between DCs, make sure the required ports are opened.

    For your reference:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, June 07, 2018 8:33 AM
  • Hi,

     

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.

     

    Best Regards,

    William


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 11, 2018 12:54 PM
  • Hi William

    Unfortuntely not and still an issue - all ports are checked and opened

    Thursday, June 14, 2018 3:17 AM