none
A Global Catalog Cannot be Found on Single Server A/D

    Question

  • I have a Server 2008 R2 single box set up (yes I know I should have multiples but have on set up one so far) which has the A/D role installed and it has all 5 FSMO's in it. It shows as being set for a Global Catalog - in A/D Sites and Services as well as having GlobalCatalogisReady = True when looking via CMD->LDP. Also NLTest show GC as being installed and correct. I suspect some corruption somewhere and I have to manually change the DNS entries to point to this server. I added this to a 2003 domain, moved all FSMO roles and then removed the old DC - DSPromo failed and I had to use metadata cleanup. Now everything looks Ok in the new server except anytime I do anything with an AD account that refers to Member of I get the can't find GC error. Since the server show it is a GC and it is the same box I am not sure why it can't find itself. DNS looks correct - all mdsn records point to this server as to all _gc records.

    If there a way to force the system to use itself as a GC or to at least troubleshoot where the failure is??
    Saturday, February 06, 2010 7:36 PM

Answers

  • Hello,

    Server2008-R2 is using 192.168.0.1 as the DNS server and the Dfault gateway ip address. Domain internal only use the domain DNS server. If that is configured for internet access on the NIC remove the default gateway as DNS server and configure the FORWARDERS tab in the DNS management console on the DNS server properties to your ISPs DNS server or the default gateway.

    After the change run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service.

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Wilson Jia Tuesday, February 23, 2010 7:09 AM
    Sunday, February 21, 2010 9:13 PM

All replies

  • Hello,

         are you sure you have removed all the old stale refrenceces using NTDSUTIL ??

    Can you please try to locate global catalogue server from the NSLOOKUP ?

    nslookup gc._msdcs.(YourForestDomain)

    and also plese post the uneditied copy of DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log

    ipconfig /all and the events in the eventviewer.



    Thanks


    http://technetfaqs.wordpress.com
    Sunday, February 07, 2010 6:51 AM
  • Hello,

         are you sure you have removed all the old stale refrenceces using NTDSUTIL ??

    Can you please try to locate global catalogue server from the NSLOOKUP ?

    nslookup gc._msdcs.(YourForestDomain)

    and also plese post the uneditied copy of DCDIAG /V /C /D /E /s:yourdcname > c:\dcdiag.log

    ipconfig /all and the events in the eventviewer.



    Thanks


    http://technetfaqs.wordpress.com
    Sunday, February 07, 2010 6:52 AM
  • Tried a couple of times to post the results but the post fails after timing out - I suspect due to size. Here is the everything but the DCDIAG results - I'll post that segmented separately.

    To your questions - I believe I got everything out correctly with NTDSUTIL - I included some output from queries I did today. I used the Metadata cleanup procedure from Technet so I think it was correct. The nslookup correctly returns the GC as on the server ip. The domain is isi-swens, server is Server2008-R2 and it is at IP 192.168.0.20. I do see a couple of errors in the DCDIAG output including can't find KDC but later in the output it shows this server as a KDC. FRS shows and issue in DCDIAG that it is reviewing the System Volume and can't mount SYSVOL until that is complete. The DFS is throwing an error in the event log that DFS Naming Service could not initiate a cross forest trust. Not sure if that is a cause or result. Netlogon also shows an error which is included below.

    KDC issue: Cut From DCDIAG

    Doing primary tests
       Testing server: Default-First-Site-Name\SERVER2008-R2
          Starting test: Advertising
             Fatal Error:DsGetDcName (SERVER2008-R2) call failed, error 1355
             The Locator could not find the server.
             ......................... SERVER2008-R2 failed test Advertising
          Starting test: CheckSecurityError
             * Dr Auth:  Beginning security errors check!
             No KDC found for domain ISI-SWENS in site Default-First-Site-Name  (1355, NULL) [SERVER2008-R2] Unable to contact a KDC for the destination domain in it's own site.  This means either there are no available KDC's for this domain in the site, *including* the destination DC itself, or we're having network or packet fragmentation issues connecting to it.
             We'll check packet fragmentation connection to the destination DC, make recommendations, and continue.
             Checking UDP fragmentation issues to SERVER2008-R2.
              The KDC on SERVER2008-R2 isn't responsive, please verify that it's running and advertising.
             No KDC found for domain ISI-SWENS in site (ALL SITES) (1355, NULL)
             [SERVER2008-R2] Unable to contact a KDC for the destination domain.
             If no KDC for the destination domain is available, replication will be blocked!

    FRS Issue from DCDIAG
          Starting test: FrsEvent

             * The File Replication Service Event log test
             There are warning or error events within the last 24 hours after the  SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group Policy problems.
             A warning event occurred.  EventID: 0x800034FE
                Time Generated: 02/06/2010   10:44:27
                Event String:
                File Replication Service is scanning the data in the system volume. Computer SERVER2008-R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.
                To check for the SYSVOL share, at the command prompt, type:
                  net share

                When File Replication Service completes the scanning process, the SYSVOL share will appear.
                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

    Netlogon Error from DCDIAG:
          Starting test: NetLogons

             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\SERVER2008-R2\netlogon)
             [SERVER2008-R2] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
             ......................... SERVER2008-R2 failed test NetLogons

    The AD event log error is:

    Active Directory Domain Services was unable to establish a connection with the global catalog.
    Additional Data
    Error value:
    1355 The specified domain either does not exist or could not be contacted.
    Internal ID:
    3200e25
    User Action:
    Make sure a global catalog is available in the forest, and is reachable from this domain controller. You may use the nltest utility to diagnose this problem.

    Other info is as follows:
    C:\Users\Administrator.ISI-SWENS>nslookup gc._msdcs.isi-swens
    Server:  localhost
    Address:  127.0.0.1

    Name:    gc._msdcs.isi-swens
    Address:  192.168.0.20


    select operation target: list domains
    Found 1 domain(s)
    0 - DC=ISI-SWENS

    select operation target: list naming contexts
    Found 5 Naming Context(s)
    0 - CN=Configuration,DC=ISI-SWENS
    1 - CN=Schema,CN=Configuration,DC=ISI-SWENS
    2 - DC=ISI-SWENS
    3 - DC=DomainDnsZones,DC=ISI-SWENS
    4 - DC=ForestDnsZones,DC=ISI-SWENS

    select operation target: list roles for connected server
    Server "server2008-r2" knows about 5 roles
    Schema - CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name
    ,CN=Sites,CN=Configuration,DC=ISI-SWENS
    Naming Master - CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Si
    te-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
    PDC - CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN
    =Sites,CN=Configuration,DC=ISI-SWENS
    RID - CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN
    =Sites,CN=Configuration,DC=ISI-SWENS
    Infrastructure - CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-S
    ite-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
    select operation target:

    C:\Users\Administrator.ISI-SWENS>ipconfig /all
    Windows IP Configuration
       Host Name . . . . . . . . . . . . : Server2008-R2
       Primary Dns Suffix  . . . . . . . : ISI-SWENS
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ISI-SWENS

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
       Physical Address. . . . . . . . . : 00-1E-8C-68-D0-EE
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.0.20(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.1
       DNS Servers . . . . . . . . . . . : 127.0.0.1
                                           192.168.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{5705DA6A-4990-4C07-A653-0CFD7C260B50}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 11:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e74:c2f:24bc:3f57:ffeb(Prefe
    rred)
       Link-local IPv6 Address . . . . . : fe80::c2f:24bc:3f57:ffeb%13(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled


    C:\Users\Administrator.ISI-SWENS>net share
    Share name   Resource                        Remark

    -------------------------------------------------------------------------------
    C$           C:\                             Default share
    IPC$                                         Remote IPC
    F$           F:\                             Default share
    ADMIN$       C:\Windows                      Remote Admin
    Data1        F:\
    The command completed successfully.
    Sunday, February 07, 2010 4:54 PM
  • Here is the 1st half of the DCDIAG output through the NetLogon Error

    Command Line: "dcdiag.exe
    /V /C /D /E /s:server2008-r2"

    Directory Server Diagnosis


    Performing initial setup:

       * Connecting to directory service on server server2008-r2.

       server2008-r2.currentTime = 20100207130507.0Z

       server2008-r2.highestCommittedUSN = 28799

       server2008-r2.isSynchronized = 1

       server2008-r2.isGlobalCatalogReady = 1

       * Identified AD Forest.
       Collecting AD specific global data
       * Collecting site info.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ISI-SWENS,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
       The previous call succeeded
       Iterating through the sites
       Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
       Getting ISTG and options for the site
       * Identifying all servers.

       Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=ISI-SWENS,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
       The previous call succeeded....
       The previous call succeeded
       Iterating through the list of servers
       Getting information for the server CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
       objectGuid obtained
       InvocationID obtained
       dnsHostname obtained
       site info obtained
       All the info for the server collected
       SERVER2008-R2.currentTime = 20100207130507.0Z

       SERVER2008-R2.highestCommittedUSN = 28799

       SERVER2008-R2.isSynchronized = 1

       SERVER2008-R2.isGlobalCatalogReady = 1

       * Identifying all NC cross-refs.

       * Found 1 DC(s). Testing 1 of them.

       Done gathering initial info.



    ===============================================Printing out pDsInfo

    GLOBAL:
        ulNumServers=1
        pszRootDomain=ISI-SWENS
        pszNC=
        pszRootDomainFQDN=DC=ISI-SWENS
        pszConfigNc=CN=Configuration,DC=ISI-SWENS
        pszPartitionsDn=CN=Partitions,CN=Configuration,DC=ISI-SWENS
        fAdam=0
        iSiteOptions=0
        dwTombstoneLifeTimeDays=60

        dwForestBehaviorVersion=2

        HomeServer=0, SERVER2008-R2

        SERVER: pServer[0].pszName=SERVER2008-R2
            pServer[0].pszGuidDNSName (binding str)=3325c7d6-e22c-4880-9c2e-0575d0dfa66d._msdcs.ISI-SWENS
            pServer[0].pszDNSName=Server2008-R2.ISI-SWENS
            pServer[0].pszLdapPort=(null)
            pServer[0].pszSslPort=(null)
            pServer[0].pszDn=CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
            pServer[0].pszComputerAccountDn=CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS
            pServer[0].uuidObjectGuid=3325c7d6-e22c-4880-9c2e-0575d0dfa66d
            pServer[0].uuidInvocationId=e95720d4-f72a-4e55-bdcf-fde69e577d9d
            pServer[0].iSite=0 (Default-First-Site-Name)
            pServer[0].iOptions=1
            pServer[0].ftLocalAcquireTime=2be74290 01caa7f6

            pServer[0].ftRemoteConnectTime=2bac8380 01caa7f6

            pServer[0].ppszMaster/FullReplicaNCs:
                ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=ISI-SWENS
                ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=ISI-SWENS
                ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=ISI-SWENS
                ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=ISI-SWENS
                ppszMaster/FullReplicaNCs[4]=DC=ISI-SWENS

        SITES:  pSites[0].pszName=Default-First-Site-Name
            pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
            pSites[0].pszISTG=CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
            pSites[0].iSiteOption=0

            pSites[0].cServers=1

        NC:     pNCs[0].pszName=ForestDnsZones
            pNCs[0].pszDn=DC=ForestDnsZones,DC=ISI-SWENS

                pNCs[0].aCrInfo[0].dwFlags=0x00000201
                pNCs[0].aCrInfo[0].pszDn=CN=833c65bc-a51c-4489-bc9f-21b89e1aa396,CN=Partitions,CN=Configuration,DC=ISI-SWENS
                pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.ISI-SWENS
                pNCs[0].aCrInfo[0].iSourceServer=0
                pNCs[0].aCrInfo[0].pszSourceServer=(null)
                pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
                pNCs[0].aCrInfo[0].bEnabled=TRUE
                pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000             pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
                pNCs[0].aCrInfo[0].pszNetBiosName=(null)
                pNCs[0].aCrInfo[0].cReplicas=-1
                pNCs[0].aCrInfo[0].aszReplicas=


        NC:     pNCs[1].pszName=DomainDnsZones
            pNCs[1].pszDn=DC=DomainDnsZones,DC=ISI-SWENS

                pNCs[1].aCrInfo[0].dwFlags=0x00000201
                pNCs[1].aCrInfo[0].pszDn=CN=07bdc520-50a8-4c95-a35b-dd6eac57cfbd,CN=Partitions,CN=Configuration,DC=ISI-SWENS
                pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.ISI-SWENS
                pNCs[1].aCrInfo[0].iSourceServer=0
                pNCs[1].aCrInfo[0].pszSourceServer=(null)
                pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
                pNCs[1].aCrInfo[0].bEnabled=TRUE
                pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000             pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
                pNCs[1].aCrInfo[0].pszNetBiosName=(null)
                pNCs[1].aCrInfo[0].cReplicas=-1
                pNCs[1].aCrInfo[0].aszReplicas=


        NC:     pNCs[2].pszName=Schema
            pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=ISI-SWENS

                pNCs[2].aCrInfo[0].dwFlags=0x00000201
                pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=ISI-SWENS
                pNCs[2].aCrInfo[0].pszDnsRoot=ISI-SWENS
                pNCs[2].aCrInfo[0].iSourceServer=0
                pNCs[2].aCrInfo[0].pszSourceServer=(null)
                pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
                pNCs[2].aCrInfo[0].bEnabled=TRUE
                pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000             pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
                pNCs[2].aCrInfo[0].pszNetBiosName=(null)
                pNCs[2].aCrInfo[0].cReplicas=-1
                pNCs[2].aCrInfo[0].aszReplicas=


        NC:     pNCs[3].pszName=Configuration
            pNCs[3].pszDn=CN=Configuration,DC=ISI-SWENS

                pNCs[3].aCrInfo[0].dwFlags=0x00000201
                pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=ISI-SWENS
                pNCs[3].aCrInfo[0].pszDnsRoot=ISI-SWENS
                pNCs[3].aCrInfo[0].iSourceServer=0
                pNCs[3].aCrInfo[0].pszSourceServer=(null)
                pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
                pNCs[3].aCrInfo[0].bEnabled=TRUE
                pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000             pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
                pNCs[3].aCrInfo[0].pszNetBiosName=(null)
                pNCs[3].aCrInfo[0].cReplicas=-1
                pNCs[3].aCrInfo[0].aszReplicas=


        NC:     pNCs[4].pszName=ISI-SWENS
            pNCs[4].pszDn=DC=ISI-SWENS

                pNCs[4].aCrInfo[0].dwFlags=0x00000201
                pNCs[4].aCrInfo[0].pszDn=CN=ISI-SWENS,CN=Partitions,CN=Configuration,DC=ISI-SWENS
                pNCs[4].aCrInfo[0].pszDnsRoot=ISI-SWENS
                pNCs[4].aCrInfo[0].iSourceServer=0
                pNCs[4].aCrInfo[0].pszSourceServer=(null)
                pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
                pNCs[4].aCrInfo[0].bEnabled=TRUE
                pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000             pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
                pNCs[4].aCrInfo[0].pszNetBiosName=(null)
                pNCs[4].aCrInfo[0].cReplicas=-1
                pNCs[4].aCrInfo[0].aszReplicas=


        5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, ISI-SWENS,
        1 TARGETS: SERVER2008-R2,

    =============================================Done Printing pDsInfo

    Doing initial required tests

      
       Testing server: Default-First-Site-Name\SERVER2008-R2

          Starting test: Connectivity

             * Active Directory LDAP Services Check
             Determining IP4 connectivity
             Failure Analysis: SERVER2008-R2 ... OK.
             * Active Directory RPC Services Check
             ......................... SERVER2008-R2 passed test Connectivity



    Doing primary tests

      
       Testing server: Default-First-Site-Name\SERVER2008-R2

          Starting test: Advertising

             Fatal Error:DsGetDcName (SERVER2008-R2) call failed, error 1355

             The Locator could not find the server.

             ......................... SERVER2008-R2 failed test Advertising

          Starting test: CheckSecurityError

             * Dr Auth:  Beginning security errors check!
             No KDC found for domain ISI-SWENS in site Default-First-Site-Name

             (1355, NULL)

             [SERVER2008-R2] Unable to contact a KDC for the destination domain in

             it's own site.  This means either there are no available KDC's for

             this domain in the site, *including* the destination DC itself, or

             we're having network or packet fragmentation issues connecting to it.

             We'll check packet fragmentation connection to the destination DC,

             make recommendations, and continue.

             Checking UDP fragmentation issues to SERVER2008-R2.
              The KDC on SERVER2008-R2 isn't responsive, please verify that it's

             running and advertising.

             No KDC found for domain ISI-SWENS in site (ALL SITES) (1355, NULL)

             [SERVER2008-R2] Unable to contact a KDC for the destination domain.

             If no KDC for the destination domain is available, replication will be

             blocked!

             If there is some KDC for that domain available, check network

             connectivity issues or see possible packet fragmentation issues above.

             Checking machine account for DC SERVER2008-R2 on DC SERVER2008-R2.
             * SPN found :LDAP/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :LDAP/Server2008-R2.ISI-SWENS
             * SPN found :LDAP/SERVER2008-R2
             * SPN found :LDAP/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :LDAP/3325c7d6-e22c-4880-9c2e-0575d0dfa66d._msdcs.ISI-SWENS
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/3325c7d6-e22c-4880-9c2e-0575d0dfa66d/ISI-SWENS
             * SPN found :HOST/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :HOST/Server2008-R2.ISI-SWENS
             * SPN found :HOST/SERVER2008-R2
             * SPN found :HOST/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :GC/Server2008-R2.ISI-SWENS/ISI-SWENS
             [SERVER2008-R2] No security related replication errors were found on

             this DC!  To target the connection to a specific source DC use

             /ReplSource:<DC>.

             ......................... SERVER2008-R2 passed test CheckSecurityError

          Starting test: CutoffServers

             * Configuration Topology Aliveness Check
             * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for CN=Configuration,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the alive system replication topology for DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... SERVER2008-R2 passed test CutoffServers

          Starting test: FrsEvent

             * The File Replication Service Event log test
             There are warning or error events within the last 24 hours after the

             SYSVOL has been shared.  Failing SYSVOL replication problems may cause

             Group Policy problems.
             A warning event occurred.  EventID: 0x800034FE

                Time Generated: 02/06/2010   10:44:27

                Event String:

                File Replication Service is scanning the data in the system volume. Computer SERVER2008-R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the scanning process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

             A warning event occurred.  EventID: 0x800034FE

                Time Generated: 02/06/2010   12:49:09

                Event String:

                File Replication Service is scanning the data in the system volume. Computer SERVER2008-R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the scanning process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

             A warning event occurred.  EventID: 0x800034FE

                Time Generated: 02/06/2010   13:27:03

                Event String:

                File Replication Service is scanning the data in the system volume. Computer SERVER2008-R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the scanning process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

             A warning event occurred.  EventID: 0x800034FE

                Time Generated: 02/06/2010   14:34:06

                Event String:

                File Replication Service is scanning the data in the system volume. Computer SERVER2008-R2 cannot become a domain controller until this process is complete. The system volume will then be shared as SYSVOL.

                

                To check for the SYSVOL share, at the command prompt, type:

                net share

                

                When File Replication Service completes the scanning process, the SYSVOL share will appear.

                

                The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume.

             ......................... SERVER2008-R2 passed test FrsEvent

          Starting test: DFSREvent

             The DFS Replication Event Log.
             Skip the test because the server is running FRS.

             ......................... SERVER2008-R2 passed test DFSREvent

          Starting test: SysVolCheck

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... SERVER2008-R2 passed test SysVolCheck

          Starting test: FrsSysVol

             * The File Replication Service SYSVOL ready test
             The registry lookup failed to determine the state of the SYSVOL.  The

             error returned  was 0x0 "The operation completed successfully.".

             Check the FRS event log to see if the SYSVOL has successfully been

             shared.
             ......................... SERVER2008-R2 passed test FrsSysVol

          Starting test: KccEvent

             * The KCC Event log test
             Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
             ......................... SERVER2008-R2 passed test KccEvent

          Starting test: KnowsOfRoleHolders

             Role Schema Owner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             Role Domain Owner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             Role PDC Owner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             Role Rid Owner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             ......................... SERVER2008-R2 passed test KnowsOfRoleHolders

          Starting test: MachineAccount

             Checking machine account for DC SERVER2008-R2 on DC SERVER2008-R2.
             * SPN found :LDAP/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :LDAP/Server2008-R2.ISI-SWENS
             * SPN found :LDAP/SERVER2008-R2
             * SPN found :LDAP/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :LDAP/3325c7d6-e22c-4880-9c2e-0575d0dfa66d._msdcs.ISI-SWENS
             * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/3325c7d6-e22c-4880-9c2e-0575d0dfa66d/ISI-SWENS
             * SPN found :HOST/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :HOST/Server2008-R2.ISI-SWENS
             * SPN found :HOST/SERVER2008-R2
             * SPN found :HOST/Server2008-R2.ISI-SWENS/ISI-SWENS
             * SPN found :GC/Server2008-R2.ISI-SWENS/ISI-SWENS
             ......................... SERVER2008-R2 passed test MachineAccount

          Starting test: NCSecDesc

             * Security Permissions check for all NC's on DC SERVER2008-R2.
             * Security Permissions Check for

               DC=ForestDnsZones,DC=ISI-SWENS
                (NDNC,Version 3)
             * Security Permissions Check for

               DC=DomainDnsZones,DC=ISI-SWENS
                (NDNC,Version 3)
             * Security Permissions Check for

               CN=Schema,CN=Configuration,DC=ISI-SWENS
                (Schema,Version 3)
             * Security Permissions Check for

               CN=Configuration,DC=ISI-SWENS
                (Configuration,Version 3)
             * Security Permissions Check for

               DC=ISI-SWENS
                (Domain,Version 3)
             ......................... SERVER2008-R2 passed test NCSecDesc

          Starting test: NetLogons

             * Network Logons Privileges Check
             Unable to connect to the NETLOGON share! (\\SERVER2008-R2\netlogon)

             [SERVER2008-R2] An net use or LsaPolicy operation failed with error

             67, The network name cannot be found..

             ......................... SERVER2008-R2 failed test NetLogons
    Sunday, February 07, 2010 4:58 PM
  • 2nd third of DCDIAG

          Starting test: ObjectsReplicated
             SERVER2008-R2 is in domain DC=ISI-SWENS
             Checking for CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS in domain DC=ISI-SWENS on 1 servers
                Object is up-to-date on all servers.
             Checking for CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS in domain CN=Configuration,DC=ISI-SWENS on 1 servers
                Object is up-to-date on all servers.
             ......................... SERVER2008-R2 passed test ObjectsReplicated
          Starting test: OutboundSecureChannels
             * The Outbound Secure Channels test
             ** Did not run Outbound Secure Channels test because /testdomain: was not entered

             ......................... SERVER2008-R2 passed test

             OutboundSecureChannels

          Starting test: Replications

             * Replications Check
             DC=ForestDnsZones,DC=ISI-SWENS has 3 cursors.
             DC=DomainDnsZones,DC=ISI-SWENS has 3 cursors.
             CN=Schema,CN=Configuration,DC=ISI-SWENS has 3 cursors.
             CN=Configuration,DC=ISI-SWENS has 3 cursors.
             DC=ISI-SWENS has 3 cursors.
             * Replication Latency Check
                DC=ForestDnsZones,DC=ISI-SWENS
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=DomainDnsZones,DC=ISI-SWENS
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Schema,CN=Configuration,DC=ISI-SWENS
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                CN=Configuration,DC=ISI-SWENS
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
                DC=ISI-SWENS
                   Latency information for 2 entries in the vector were ignored.
                      2 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC). 
             ......................... SERVER2008-R2 passed test Replications
          Starting test: RidManager
             ridManagerReference = CN=RID Manager$,CN=System,DC=ISI-SWENS
             * Available RID Pool for the Domain is 2600 to 1073741823
             fSMORoleOwner = CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS
             * Server2008-R2.ISI-SWENS is the RID Master
             * DsBind with RID Master was successful
             rIDSetReferences = CN=RID Set,CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS
             * rIDAllocationPool is 2100 to 2599
             * rIDPreviousAllocationPool is 2100 to 2599
             * rIDNextRID: 2100
             ......................... SERVER2008-R2 passed test RidManager
          Starting test: Services
             * Checking Service: EventSystem
             * Checking Service: RpcSs
             * Checking Service: NTDS
             * Checking Service: DnsCache
             * Checking Service: DFSR
             * Checking Service: IsmServ
             * Checking Service: kdc
             * Checking Service: SamSs
             * Checking Service: LanmanServer
             * Checking Service: LanmanWorkstation
             * Checking Service: w32time
             * Checking Service: NETLOGON
             ......................... SERVER2008-R2 passed test Services
          Starting test: SystemLog
             * The System Event log test
             An error event occurred.  EventID: 0x00000422
                Time Generated: 02/07/2010   07:06:37
                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\ISI-SWENS\sysvol\ISI-SWENS\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
                a) Name Resolution/Network Connectivity to the current domain controller.
                b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
                c) The Distributed File System (DFS) client has been disabled.
             An error event occurred.  EventID: 0xC00038D6
                Time Generated: 02/07/2010   07:07:46
                Event String:
                The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data.

             An error event occurred.  EventID: 0x00000422

                Time Generated: 02/07/2010   07:11:37

                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\ISI-SWENS\sysvol\ISI-SWENS\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

                a) Name Resolution/Network Connectivity to the current domain controller.

                b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

                c) The Distributed File System (DFS) client has been disabled.

             An error event occurred.  EventID: 0x00000422

                Time Generated: 02/07/2010   07:16:38

                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\ISI-SWENS\sysvol\ISI-SWENS\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

                a) Name Resolution/Network Connectivity to the current domain controller.

                b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

                c) The Distributed File System (DFS) client has been disabled.

             An error event occurred.  EventID: 0x00000422

                Time Generated: 02/07/2010   07:21:38

                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\ISI-SWENS\sysvol\ISI-SWENS\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

                a) Name Resolution/Network Connectivity to the current domain controller.

                b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

                c) The Distributed File System (DFS) client has been disabled.

             An error event occurred.  EventID: 0x00000422

                Time Generated: 02/07/2010   07:26:39

                Event String:

                The processing of Group Policy failed. Windows attempted to read the file \\ISI-SWENS\sysvol\ISI-SWENS\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:

                a) Name Resolution/Network Connectivity to the current domain controller.

                b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).

                c) The Distributed File System (DFS) client has been disabled.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:31:55

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:37:10

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:42:26

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:47:42

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:52:57

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   07:58:13

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             An error event occurred.  EventID: 0x00000406

                Time Generated: 02/07/2010   08:03:28

                Event String:

                The processing of Group Policy failed. Windows attempted to retrieve new Group Policy settings for this user or computer. Look in the details tab for error code and description. Windows will automatically retry this operation at the next refresh cycle. Computers joined to the domain must have proper name resolution and network connectivity to a domain controller for discovery of new Group Policy objects and settings. An event will be logged when Group Policy is successful.

             ......................... SERVER2008-R2 failed test SystemLog

          Starting test: Topology

             * Configuration Topology Integrity Check
             * Analyzing the connection topology for DC=ForestDnsZones,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=DomainDnsZones,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for CN=Configuration,DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             * Analyzing the connection topology for DC=ISI-SWENS.
             * Performing upstream (of target) analysis.
             * Performing downstream (of target) analysis.
             ......................... SERVER2008-R2 passed test Topology

          Starting test: VerifyEnterpriseReferences

             The following problems were found while verifying various important DN

             references.  Note, that  these problems can be reported because of

             latency in replication.  So follow up to resolve the following

             problems, only if the same problem is reported on all DCs for a given

             domain or if  the problem persists after replication has had

             reasonable time to replicate changes.
                [1] Problem: Missing Expected Value

                 Base Object: CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS

                 Base Object Description: "DC Account Object"

                 Value Object Attribute Name: msDFSR-ComputerReferenceBL

                 Value Object Description: "SYSVOL FRS Member Object"

                 Recommended Action: See Knowledge Base Article: Q312862

                
                LDAP Error 0x20 (32) - No Such Object.
             ......................... SERVER2008-R2 failed test

             VerifyEnterpriseReferences

          Starting test: VerifyReferences

             The system object reference (serverReference)

             CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS and backlink on

             CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS

             are correct.
             The system object reference (serverReferenceBL)

             CN=SERVER2008-R2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ISI-SWENS

             and backlink on

             CN=NTDS Settings,CN=SERVER2008-R2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ISI-SWENS

             are correct.
             The system object reference (frsComputerReferenceBL)

             CN=SERVER2008-R2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ISI-SWENS

             and backlink on CN=SERVER2008-R2,OU=Domain Controllers,DC=ISI-SWENS

             are correct.
             ......................... SERVER2008-R2 passed test VerifyReferences

    Sunday, February 07, 2010 5:12 PM
  • Last segment of three

          Starting test: VerifyReplicas

             ......................... SERVER2008-R2 passed test VerifyReplicas
      
          Starting test: DNS
          

             DNS Tests are running and not hung. Please wait a few minutes...

             See DNS test in enterprise tests section for results
             ......................... SERVER2008-R2 passed test DNS

      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : ISI-SWENS

          Starting test: CheckSDRefDom

             ......................... ISI-SWENS passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ISI-SWENS passed test CrossRefValidation

      
       Running enterprise tests on : ISI-SWENS

          Starting test: DNS

             Test results for domain controllers:

               
                DC: Server2008-R2.ISI-SWENS

                Domain: ISI-SWENS

               

                     
                   TEST: Authentication (Auth)
                      Authentication test: Successfully completed
                     
                   TEST: Basic (Basc)
                      The OS

                      Microsoft Windows Server 2008 R2 Enterprise  (Service Pack level: 0.0)

                      is supported.

                      NETLOGON service is running

                      kdc service is running

                      DNSCACHE service is running

                      DNS service is running

                      DC is a DNS server

                      Network adapters information:

                      Adapter [00000007] NVIDIA nForce Networking Controller:

                         MAC address is 00:1E:8C:68:D0:EE
                         IP Address is static
                         IP address: 192.168.0.20
                         DNS servers:

                            127.0.0.1 (SERVER2008-R2) [Valid]
                            Warning:
                            192.168.0.1 (<name unavailable>) [Invalid]
                            Warning: adapter

                            [00000007] NVIDIA nForce Networking Controller has

                            invalid DNS server: 192.168.0.1 (<name unavailable>)

                      The A host record(s) for this DC was found
                      The SOA record for the Active Directory zone was found
                      The Active Directory zone on this DC/DNS server was found primary
                      Root zone on this DC/DNS server was not found
                     
                   TEST: Forwarders/Root hints (Forw)
                      Recursion is enabled
                      Forwarders Information:
                         65.32.1.65 (<name unavailable>) [Valid]
                     
                   TEST: Delegations (Del)
                      No delegations were found in this zone on this DNS server
                     
                   TEST: Dynamic update (Dyn)
                      Test record dcdiag-test-record added successfully in zone ISI-SWENS
                      Test record dcdiag-test-record deleted successfully in zone ISI-SWENS
                     
                   TEST: Records registration (RReg)
                      Network Adapter

                      [00000007] NVIDIA nForce Networking Controller:

                         Matching CNAME record found at DNS server 192.168.0.20:
                         3325c7d6-e22c-4880-9c2e-0575d0dfa66d._msdcs.ISI-SWENS

                         Matching A record found at DNS server 192.168.0.20:
                         Server2008-R2.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.fc3692ac-fe47-4537-a453-513a3d10d360.domains._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kerberos._tcp.dc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.dc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kerberos._tcp.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kerberos._udp.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kpasswd._tcp.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.Default-First-Site-Name._sites.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _kerberos._tcp.Default-First-Site-Name._sites.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.gc._msdcs.ISI-SWENS

                         Matching A record found at DNS server 192.168.0.20:
                         gc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _gc._tcp.Default-First-Site-Name._sites.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ISI-SWENS

                         Matching  SRV record found at DNS server 192.168.0.20:
                         _ldap._tcp.pdc._msdcs.ISI-SWENS

                         Warning:
                         Missing CNAME record at DNS server 192.168.0.1:
                         3325c7d6-e22c-4880-9c2e-0575d0dfa66d._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Warning:
                         Missing A record at DNS server 192.168.0.1:
                         Server2008-R2.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.fc3692ac-fe47-4537-a453-513a3d10d360.domains._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kerberos._tcp.dc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.dc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kerberos._tcp.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kerberos._udp.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kpasswd._tcp.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.Default-First-Site-Name._sites.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _kerberos._tcp.Default-First-Site-Name._sites.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.gc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Warning:
                         Missing A record at DNS server 192.168.0.1:
                         gc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _gc._tcp.Default-First-Site-Name._sites.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                         Error:
                         Missing SRV record at DNS server 192.168.0.1:
                         _ldap._tcp.pdc._msdcs.ISI-SWENS
                         [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                        
                   Error: Record registrations cannot be found for all the network

                   adapters

                   Total query time:0 min. 8 sec.. Total RPC connection

                   time:0 min. 0 sec.

                   Total WMI connection time:0 min. 47 sec. Total Netuse connection

                   time:0 min. 0 sec.

            
             Summary of test results for DNS servers used by the above domain

             controllers:

            

                DNS server: 192.168.0.1 (<name unavailable>)

                   1 test failure on this DNS server

                   Name resolution is not functional. _ldap._tcp.ISI-SWENS. failed on the DNS server 192.168.0.1
                   [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)]
                   Total query time:0 min. 2 sec., Total WMI connection

                   time:0 min. 25 sec.

                  
                DNS server: 192.168.0.20 (SERVER2008-R2)

                   All tests passed on this DNS server

                   Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
                   Total query time:0 min. 4 sec., Total WMI connection

                   time:0 min. 0 sec.

                  
                DNS server: 65.32.1.65 (<name unavailable>)

                   All tests passed on this DNS server

                   Total query time:0 min. 0 sec., Total WMI connection

                   time:0 min. 21 sec.

                  
             Summary of DNS test results:

            
                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: ISI-SWENS

                   Server2008-R2                PASS WARN PASS PASS PASS FAIL n/a 
            
             Total Time taken to test all the DCs:0 min. 55 sec.

             ......................... ISI-SWENS failed test DNS

          Starting test: LocatorCheck

             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

             A Global Catalog Server could not be located - All GC's are down.

             PDC Name: \\Server2008-R2.ISI-SWENS
             Locator Flags: 0xe00033fd
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

             A Time Server could not be located.

             The server holding the PDC role is down.

             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

             1355

             A Good Time Server could not be located.

             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

             A KDC could not be located - All the KDCs are down.

             ......................... ISI-SWENS failed test LocatorCheck

          Starting test: FsmoCheck

             Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355

             A Global Catalog Server could not be located - All GC's are down.

             PDC Name: \\Server2008-R2.ISI-SWENS
             Locator Flags: 0xe00033fd
             Warning: DcGetDcName(TIME_SERVER) call failed, error 1355

             A Time Server could not be located.

             The server holding the PDC role is down.

             Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error

             1355

             A Good Time Server could not be located.

             Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355

             A KDC could not be located - All the KDCs are down.

             ......................... ISI-SWENS failed test FsmoCheck

          Starting test: Intersite

             Skipping site Default-First-Site-Name, this site is outside the scope

             provided by the command line arguments provided.
             ......................... ISI-SWENS passed test Intersite


    Sunday, February 07, 2010 5:15 PM
  • Hi ,

    "The DFS is throwing an error in the event log that DFS Naming Service could not initiate a cross forest trust"
    IMHO DFS starts before the ADDS so you experience a synch issue between DFS and the ADDS but after the DFS and ADDS synchronizes you would not see these warning messages.

    So i would say you can ignore these warnings ( but let us know if it is a error )

    ================================================================================

    I see that server is in complete mess the reason because GC is not reachable and most of the services are down.

    Does your gateway acts as DNS ? because i see that you have provided secondary dns server as your DG ipaddress

    I suspect DNS settings issues, try re-registering dc srv records

    paste the output for nltest.exe/dsregdns

     

    Monday, February 08, 2010 4:15 AM
    Moderator
  • I have this server as a DNS for the isi-swens domain. I did set the server to use a gateway as a secondary DNS but the gateway is only a forwarder - it does not have any records hosted itself. I can remove that easily. My thought has been that the GC is the central issue which is causing all other problems but I can't see why it is failing. I had already done the DSREGDNS in NLTest but reran it today to get you the output which shows success.

    C:\Users\Administrator.ISI-SWENS>nltest.exe /dsregdns
    Flags: 0
    Connection Status = 0 0x0 NERR_Success
    The command completed successfully

    I did not see any changes in the DNS - but it would be difficult to be certain. I rebooted the server and no change in the GC status after the nltest /dsregdns.

    thanks
    Monday, February 08, 2010 1:50 PM
  • Hello,

    Server2008-R2 is using 192.168.0.1 as the DNS server and the Dfault gateway ip address. Domain internal only use the domain DNS server. If that is configured for internet access on the NIC remove the default gateway as DNS server and configure the FORWARDERS tab in the DNS management console on the DNS server properties to your ISPs DNS server or the default gateway.

    After the change run ipconfig /flushdns and ipconfig /registerdns and restart the netlogon service.

    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Wilson Jia Tuesday, February 23, 2010 7:09 AM
    Sunday, February 21, 2010 9:13 PM