Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Domain controllers wont replicate

714 views
Skip to first unread message

cchelavi

unread,
Jun 17, 2010, 10:10:17 AM6/17/10
to

Hello,

i'm new on this forum that i like a lot. I have one major problem
regarding DC replication. I started to work in new company two weeks
ago, and when i have analyzed situation, i have found that domain
controller wich is primary Dc is not replicating with other DC. Problem
is that computers are connecting sometimes on DC1 (wich is primary), and
sometimes on DC2. DC2 is replicating normally from DC1 and it has most
of the objects from DC1 because every change on domain was made on DC1.
My question is, whwn i demote DC1 what will happen because DC1 is
primary and master DC, and what are the steps to demote this primary DC.
After i demote DC1, will the replications settings dissapear form DC2,
or do i have to delete NTDS settings manually.

Thnx a lot.

Best reg's


--
cchelavi
------------------------------------------------------------------------
cchelavi's Profile: http://forums.techarena.in/members/233667.htm
View this thread: http://forums.techarena.in/active-directory/1346978.htm

http://forums.techarena.in

Meinolf Weber [MVP-DS]

unread,
Jun 18, 2010, 1:39:39 AM6/18/10
to
Hello cchelavi,

Please post the event viewer errors you have about replciation so we can
see if there is a way to enable replication again. Also add the output files
from:
repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt (if more then
one DC exists)
dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt
dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045)

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Hello,
>
> i'm new on this forum that i like a lot. I have one major problem
> regarding DC replication. I started to work in new company two weeks
> ago, and when i have analyzed situation, i have found that domain
> controller wich is primary Dc is not replicating with other DC.
> Problem is that computers are connecting sometimes on DC1 (wich is
> primary), and sometimes on DC2. DC2 is replicating normally from DC1
> and it has most of the objects from DC1 because every change on domain
> was made on DC1. My question is, whwn i demote DC1 what will happen
> because DC1 is primary and master DC, and what are the steps to demote
> this primary DC. After i demote DC1, will the replications settings
> dissapear form DC2, or do i have to delete NTDS settings manually.
>
> Thnx a lot.
>
> Best reg's
>

> http://forums.techarena.in
>


cchelavi

unread,
Jun 18, 2010, 5:08:56 AM6/18/10
to

Hello Meinolf,

these are my logs from DC1 (this is master DC on domain):

Directory service log:

It has been too long since this machine last replicated with the named
source machine. The time between replications with this source has
exceeded the tombstone lifetime. Replication has been stopped with this
source.
The reason that replication is not allowed to continue is that the two
machine's views of deleted objects may now be different. The source
machine may still have copies of objects that have been deleted (and
garbage collected) on this machine. If they were allowed to replicate,
the source machine might return objects which have already been deleted.

Time of last successful replication:
2010-01-30 10:15:37
Invocation ID of source:
03a5f6c8-f6b8-03a5-0100-000000000000
Name of source:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
Tombstone lifetime (days):
60

The replication operation has failed.

User Action:

Determine which of the two machines was disconnected from the forest and
is now out of date. You have three options:

1. Demote or reinstall the machine(s) that were disconnected.
2. Use the "repadmin /removelingeringobjects" tool to remove
inconsistent deleted objects and then resume replication.
3. Resume replication. Inconsistent deleted objects may be introduced.
You can continue replication by using the following registry key. Once
the systems replicate once, it is recommended that you remove the key to
reinstate the protection.
Registry Key:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Allow Replication
With Divergent and Corrupt Partner

--------------------------------------------------------------

NTDS (416) NTDSA: Online defragmentation of database
'C:\WINDOWS\NTDS\ntds.dit' terminated prematurely after encountering
unexpected error -327. The next time online defragmentation is started
on this database, it will resume from the point of interruption.

-------------------------------------------------------------------------

NTDS (416) NTDSA: A bad page link (error -327) has been detected in a
B-Tree (ObjectId: 8, PgnoRoot: 35) of database C:\WINDOWS\NTDS\ntds.dit
(1023 => 1139, 0).

-------------------------------------------------------------------------

he Knowledge Consistency Checker (KCC) has detected that successive
attempts to replicate with the following domain controller has
consistently failed.

Attempts:
42270
Domain controller:
CN=NTDS
Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

Period of time (minutes):
291

The Connection object for this domain controller will be ignored, and a
new temporary connection will be established to ensure that replication
continues. Once replication with this domain controller resumes, the
temporary connection will be removed.

Additional Data
Error value:
1256 The remote system is not available. For information about network
troubleshooting, see Windows Help.

------------------------------------------------------------------------

NTDS (416) NTDSA: Index INDEX_00020078 of table datatable is corrupted
(0).

--------------------------------------------------------------------------

File Replication Service:

The File Replication Service has detected that the replica set "DOMAIN
SYSTEM VOLUME (SYSVOL SHARE)" is in JRNL_WRAP_ERROR.

Replica set name is : "DOMAIN SYSTEM VOLUME (SYSVOL SHARE)"
Replica root path is : "c:\windows\sysvol\domain"
Replica root volume is : "\\.\C:"
A Replica set hits JRNL_WRAP_ERROR when the record that it is trying to
read from the NTFS USN journal is not found. This can occur because of
one of the following reasons.

--------------------------------------------------------------------------

The File Replication Service is having trouble enabling replication from
dc2 to dc1 for c:\windows\sysvol\domain using the DNS name
dc2.domain.local. FRS will keep retrying.
Following are some of the reasons you would see this warning.

-------------------------------------------------------------------------
repadmin running command /showrepl against server localhost

Default-First-Site-Name\dc1
DC Options: IS_GC
Site Options: (none)
DC object GUID: 65a2e0e8-da24-4618-a52c-1a646a7ab0ce
DC invocationID: 65a2e0e8-da24-4618-a52c-1a646a7ab0ce

==== INBOUND NEIGHBORS ======================================

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

DC=domain,DC=local
Default-First-Site-Name\dc2 via RPC
DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3
Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
WRITEABLE
Last attempt @ 2010-06-18 09:44:05 was successful.

CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\dc2 via RPC
DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3
Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
WRITEABLE
Last attempt @ 2010-06-18 08:46:15 failed, result 1722 (0x6ba):
Can't retrieve message string 1722 (0x6ba), error 1815.
4 consecutive failure(s).
Last success @ 2010-06-18 02:58:47.

CN=Schema,CN=Configuration,DC=domain,DC=local
Default-First-Site-Name\dc2 via RPC
DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3
Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE
Last attempt @ 2010-06-14 23:56:08 was successful.

==== KCC CONNECTION OBJECTS
============================================
Connection --
Connection name : a18293f3-3a17-4eb7-b3bc-da02278c359d
Server DNS name : dc1.domain.local
Server DN name : CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site
-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Source: Default-First-Site-Name\dc2
******* 42313 CONSECUTIVE FAILURES since 2010-01-30 10:15:37
Last error: 8614 (0x21a6):
Can't retrieve message string 8614 (0x21a6), error 1815.
TransportType: intrasite RPC
options: isGenerated
ReplicatesNC: DC=DomainDnsZones,DC=domain,DC=local
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=ForestDnsZones,DC=domain,DC=local
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: CN=Configuration,DC=domain,DC=local
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: DC=domain,DC=local
Reason: StaleServersTopology
Replica link has been added.
ReplicatesNC: CN=Schema,CN=Configuration,DC=domain,DC=local
Reason: StaleServersTopology
Replica link has been added.
enabledConnection: whenChanged: 20100618035832.0Z
whenCreated: 20070306143916.0Z
Schedule:
day: 0123456789ab0123456789ab
Sun: 111111111111111111111111
Mon: 111111111111111111111111
Tue: 111111111111111111111111
Wed: 111111111111111111111111
Thu: 111111111111111111111111
Fri: 111111111111111111111111
Sat: 111111111111111111111111
1 connections found.

Partition Replication Schedule Loading:

00 01 02 03 04 05 06 07 08
09
10 11

0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3
0 1 2 3
0 1 2 3 0 1 2 3
Sun:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Sun:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Mon:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Mon:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Tue:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Tue:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Wed:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Wed:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Thu:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Thu:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Fri:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Fri:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Sat:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
Sat:
0500000005000000050000000500000005000000050000000500000005000000050
00000050000000500000005000000
--------------------------------------------------------------------------
Command Line: "dcdiag.exe /v /c /d /e"

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine dc1, is a DC.
* Connecting to directory service on server dc1.
dc1.currentTime = 20100618080229.0Z
dc1.highestCommittedUSN = 2446223
dc1.isSynchronized = 1
dc1.isGlobalCatalogReady = 1
* Collecting site info.
* Identifying all servers.
dc1.currentTime = 20100618080229.0Z
dc1.highestCommittedUSN = 2446223
dc1.isSynchronized = 1
dc1.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.


===============================================Printing out pDsInfo

GLOBAL:
ulNumServers=2
pszRootDomain=domain.local
pszNC=
pszRootDomainFQDN=DC=domain,DC=local
pszConfigNc=CN=Configuration,DC=domain,DC=local
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=domain,DC=local
iSiteOptions=0
dwTombstoneLifeTimeDays=60

dwForestBehaviorVersion=0

HomeServer=0, dc1

SERVER: pServer[0].pszName=dc1
pServer[0].pszGuidDNSName=65a2e0e8-da24-4618-a52c-1a646a7ab0ce._msdcs.domain.local
pServer[0].pszDNSName=dc1.domain.local
pServer[0].pszDn=CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
pServer[0].pszComputerAccountDn=CN=dc1,OU=Domain
Controllers,DC=domain,DC=local
pServer[0].uuidObjectGuid=65a2e0e8-da24-4618-a52c-1a646a7ab0ce
pServer[0].uuidInvocationId=65a2e0e8-da24-4618-a52c-1a646a7ab0ce
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=992fac70 01cb0ebc

pServer[0].ftRemoteConnectTime=98c6d880 01cb0ebc

pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=domain,DC=local
ppszMasterNCs[1]=DC=DomainDnsZones,DC=domain,DC=local
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=domain,DC=local
ppszMasterNCs[3]=CN=Configuration,DC=domain,DC=local
ppszMasterNCs[4]=DC=domain,DC=local

SERVER: pServer[1].pszName=dc2
pServer[1].pszGuidDNSName=aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
pServer[1].pszDNSName=dc2.domain.local
pServer[1].pszDn=CN=NTDS
Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
pServer[1].pszComputerAccountDn=CN=dc2,OU=Domain
Controllers,DC=domain,DC=local
pServer[1].uuidObjectGuid=aec798bd-45c6-4a00-a81a-3c6ee2ce92a3
pServer[1].uuidInvocationId=cbc77db9-be40-4033-8f73-8c6eac39a906
pServer[1].iSite=0 (Default-First-Site-Name)
pServer[1].iOptions=1
pServer[1].ftLocalAcquireTime=00000000 00000000

pServer[1].ftRemoteConnectTime=00000000 00000000

pServer[1].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=domain,DC=local
ppszMasterNCs[1]=DC=DomainDnsZones,DC=domain,DC=local
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=domain,DC=local
ppszMasterNCs[3]=CN=Configuration,DC=domain,DC=local
ppszMasterNCs[4]=DC=domain,DC=local

SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
pSites[0].pszISTG=CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
pSites[0].iSiteOption=0

pSites[0].cServers=2

NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=domain,DC=local

pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=98519c38-b4a8-452f-ad94-2450a0fb971a,CN=Partitions,CN=Configuration,DC=domain,DC=local
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.domain.local
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=


NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=domain,DC=local

pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=beb35210-06f3-42b6-bf75-c9b10831a4ef,CN=Partitions,CN=Configuration,DC=domain,DC=local
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.domain.local
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=


NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=domain,DC=local

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=domain,DC=local
pNCs[2].aCrInfo[0].pszDnsRoot=domain.local
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=


NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=domain,DC=local

pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=domain,DC=local
pNCs[3].aCrInfo[0].pszDnsRoot=domain.local
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=


NC: pNCs[4].pszName=domain
pNCs[4].pszDn=DC=domain,DC=local

pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=domain,CN=Partitions,CN=Configuration,DC=domain,DC=local
pNCs[4].aCrInfo[0].pszDnsRoot=domain.local
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=


5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration,
domain,
2 TARGETS: dc1, dc2,

=============================================Done Printing pDsInfo

Doing initial required tests

Testing server: Default-First-Site-Name\dc1
Starting test: Connectivity
* Active Directory LDAP Services Check
Failure Analysis: dc1 ... OK.
* Active Directory RPC Services Check
........................ dc1 passed test Connectivity

Testing server: Default-First-Site-Name\dc2
Starting test: Connectivity
* Active Directory LDAP Services Check
dc2.currentTime = 20100618080229.0Z
dc2.highestCommittedUSN = 2720423
dc2.isSynchronized = 1
dc2.isGlobalCatalogReady = 1
Failure Analysis: dc2 ... OK.
* Active Directory RPC Services Check
........................ dc2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\dc1
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=domain,DC=local has 2 cursors.
DC=DomainDnsZones,DC=domain,DC=local has 2 cursors.
CN=Schema,CN=Configuration,DC=domain,DC=local has 2 cursors.
CN=Configuration,DC=domain,DC=local has 2 cursors.
DC=domain,DC=local has 2 cursors.
[Replications Check,dc1] A recent replication attempt failed:
From dc2 to dc1
Naming Context: DC=domain,DC=local
The replication generated an error (8614):
Win32 Error 8614
The failure occurred at 2010-06-18 10:01:42.
The last success occurred at 2010-01-30 10:15:37.
42344 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
dc1: Current time is 2010-06-18 10:02:29.
DC=domain,DC=local
Last replication recieved from dc2 at 2010-01-30
10:15:37.
WARNING: This latency is over the Tombstone Lifetime of
60 days!
* Replication Site Latency Check
Site Settings = CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
[0x904de,v=38780,t=2010-06-18
10:00:52,g=65a2e0e8-da24-4618-a52c-1a646a7ab0ce,orig=2446212,local=2446212]
Elapsed time (sec) = 97
........................ dc1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ dc1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ dc1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC dc1.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=domain,DC=local
(Domain,Version 2)
........................ dc1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\dc1\netlogon
Verified share \\dc1\sysvol
........................ dc1 passed test NetLogons
Starting test: Advertising
The DC dc1 is advertising itself as a DC and having a DS.
The DC dc1 is advertising as an LDAP server
The DC dc1 is advertising as having a writeable directory
The DC dc1 is advertising as a Key Distribution Center
The DC dc1 is advertising as a time server
The DS dc1 is advertising as a GC.
........................ dc1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
........................ dc1 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID
Manager$,CN=System,DC=domain,DC=local
* Available RID Pool for the Domain is 2606 to 1073741823
fSMORoleOwner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
* dc1.domain.local is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=dc1,OU=Domain
Controllers,DC=domain,DC=local
* rIDAllocationPool is 2106 to 2605
* rIDPreviousAllocationPool is 1106 to 1605
* rIDNextRID: 1402
........................ dc1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC dc1 on DC dc1.
* SPN found :LDAP/dc1.domain.local/domain.local
* SPN found :LDAP/dc1.domain.local
* SPN found :LDAP/dc1
* SPN found :LDAP/dc1.domain.local/domain
* SPN found
:LDAP/65a2e0e8-da24-4618-a52c-1a646a7ab0ce._msdcs.domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/65a2e0e8-da24-4618-a52c-1a646a7ab0ce/domain.local
* SPN found :HOST/dc1.domain.local/domain.local
* SPN found :HOST/dc1.domain.local
* SPN found :HOST/dc1
* SPN found :HOST/dc1.domain.local/domain
* SPN found :GC/dc1.domain.local/domain.local
........................ dc1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ dc1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ dc1 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
dc1 is in domain DC=domain,DC=local
Checking for CN=dc1,OU=Domain Controllers,DC=domain,DC=local in
domain DC=domain,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
in domain CN=Configuration,DC=domain,DC=local on 2 servers
Object is up-to-date on all servers.
........................ dc1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ dc1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Error Event occured. EventID: 0xC0003500
Time Generated: 06/18/2010 08:46:04
(Event String could not be retrieved)
........................ dc1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/18/2010 09:48:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/18/2010 09:50:03
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:00:50
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:00:50
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:00:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:00:51
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:00:51
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:00:51
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC00007FA
Time Generated: 06/18/2010 10:01:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:02:29
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:02:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:02:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:02:29
(Event String could not be retrieved)
An Error Event occured. EventID: 0x000001D3
Time Generated: 06/18/2010 10:02:30
Event String: NTDS (416) NTDSA: Index INDEX_00090001 of
table

datatable is corrupted (0).
An Warning Event occured. EventID: 0x80000495
Time Generated: 06/18/2010 10:02:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC000043C
Time Generated: 06/18/2010 10:02:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC025083C
Time Generated: 06/18/2010 10:02:30
(Event String could not be retrieved)
........................ dc1 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000165B
Time Generated: 06/18/2010 09:24:17
Event String: The session setup from computer 'WS40' failed

because the security database does not contain a

trust account 'WS40$' referenced by the specified

computer.

USER ACTION

If this is the first occurrence of this event for

the specified computer and account, this may be a

transient issue that doesn't require any action

at this time. Otherwise, the following steps may

be taken to resolve this problem:

If 'WS40$' is a legitimate machine account for

the computer 'WS40', then 'WS40' should be

rejoined to the domain.

If 'WS40$' is a legitimate interdomain trust

account, then the trust should be recreated.

Otherwise, assuming that 'WS40$' is not a

legitimate account, the following action should

be taken on 'WS40':

If 'WS40' is a Domain Controller, then the trust

associated with 'WS40$' should be deleted.

If 'WS40' is not a Domain Controller, it should

be disjoined from the domain.
An Error Event occured. EventID: 0x000016AD
Time Generated: 06/18/2010 09:26:45
Event String: The session setup from the computer WS40
failed

to authenticate. The following error occurred:

%%5
An Error Event occured. EventID: 0xC0002719
Time Generated: 06/18/2010 09:47:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 06/18/2010 09:47:43
(Event String could not be retrieved)
........................ dc1 failed test systemlog
Starting test: VerifyReplicas
........................ dc1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=dc1,OU=Domain Controllers,DC=domain,DC=local and backlink

on


CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=dc1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=domain,DC=local

and backlink on

CN=dc1,OU=Domain Controllers,DC=domain,DC=local are correct.

The system object reference (serverReferenceBL)

CN=dc1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=domain,DC=local

and backlink on

CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
........................ dc1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ dc1 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC dc1 for domain domain.local in site
Default-First-Site-Name
Checking machine account for DC dc1 on DC dc1.
* SPN found :LDAP/dc1.domain.local/domain.local
* SPN found :LDAP/dc1.domain.local
* SPN found :LDAP/dc1
* SPN found :LDAP/dc1.domain.local/domain
* SPN found
:LDAP/65a2e0e8-da24-4618-a52c-1a646a7ab0ce._msdcs.domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/65a2e0e8-da24-4618-a52c-1a646a7ab0ce/domain.local
* SPN found :HOST/dc1.domain.local/domain.local
* SPN found :HOST/dc1.domain.local
* SPN found :HOST/dc1
* SPN found :HOST/dc1.domain.local/domain
* SPN found :GC/dc1.domain.local/domain.local
[dc1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ dc1 passed test CheckSecurityError

Testing server: Default-First-Site-Name\dc2
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=domain,DC=local has 2 cursors.
DC=DomainDnsZones,DC=domain,DC=local has 2 cursors.
CN=Schema,CN=Configuration,DC=domain,DC=local has 2 cursors.
CN=Configuration,DC=domain,DC=local has 2 cursors.
DC=domain,DC=local has 2 cursors.
* Replication Latency Check
* Replication Site Latency Check
Site Settings = CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
[0x904de,v=38780,t=2010-06-18
10:00:52,g=65a2e0e8-da24-4618-a52c-1a646a7ab0ce,orig=2446212,local=2720409]
Elapsed time (sec) = 98
........................ dc2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ dc2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=domain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
........................ dc2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC dc2.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=domain,DC=local
(Domain,Version 2)
........................ dc2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\dc2\netlogon
Verified share \\dc2\sysvol
........................ dc2 passed test NetLogons
Starting test: Advertising
The DC dc2 is advertising itself as a DC and having a DS.
The DC dc2 is advertising as an LDAP server
The DC dc2 is advertising as having a writeable directory
The DC dc2 is advertising as a Key Distribution Center
The DC dc2 is advertising as a time server
The DS dc2 is advertising as a GC.
........................ dc2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
........................ dc2 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID
Manager$,CN=System,DC=domain,DC=local
* Available RID Pool for the Domain is 2606 to 1073741823
fSMORoleOwner = CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
* dc1.domain.local is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=dc2,OU=Domain
Controllers,DC=domain,DC=local
* rIDAllocationPool is 1606 to 2105
* rIDPreviousAllocationPool is 1606 to 2105
* rIDNextRID: 1645
........................ dc2 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC dc2 on DC dc2.
* SPN found :LDAP/dc2.domain.local/domain.local
* SPN found :LDAP/dc2.domain.local
* SPN found :LDAP/dc2
* SPN found :LDAP/dc2.domain.local/domain
* SPN found
:LDAP/aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/aec798bd-45c6-4a00-a81a-3c6ee2ce92a3/domain.local
* SPN found :HOST/dc2.domain.local/domain.local
* SPN found :HOST/dc2.domain.local
* SPN found :HOST/dc2
* SPN found :HOST/dc2.domain.local/domain
* SPN found :GC/dc2.domain.local/domain.local
........................ dc2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
........................ dc2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
........................ dc2 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
dc2 is in domain DC=domain,DC=local
Checking for CN=dc2,OU=Domain Controllers,DC=domain,DC=local in
domain DC=domain,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local
in domain CN=Configuration,DC=domain,DC=local on 2 servers
Object is up-to-date on all servers.
........................ dc2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
........................ dc2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours
after the

SYSVOL has been shared. Failing SYSVOL replication problems
may cause

Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 06/18/2010 08:53:47
(Event String could not be retrieved)
........................ dc2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
........................ dc2 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
........................ dc2 passed test systemlog
Starting test: VerifyReplicas
........................ dc2 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)

CN=dc2,OU=Domain Controllers,DC=domain,DC=local and backlink

on


CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=dc2,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=domain,DC=local

and backlink on

CN=dc2,OU=Domain Controllers,DC=domain,DC=local are correct.

The system object reference (serverReferenceBL)

CN=dc2,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=domain,DC=local

and backlink on

CN=NTDS
Settings,CN=dc2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

are correct.
........................ dc2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
........................ dc2 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC dc1 for domain domain.local in site
Default-First-Site-Name
Checking machine account for DC dc2 on DC dc1.
* SPN found :LDAP/dc2.domain.local/domain.local
* SPN found :LDAP/dc2.domain.local
* SPN found :LDAP/dc2
* SPN found :LDAP/dc2.domain.local/domain
* SPN found
:LDAP/aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/aec798bd-45c6-4a00-a81a-3c6ee2ce92a3/domain.local
* SPN found :HOST/dc2.domain.local/domain.local
* SPN found :HOST/dc2.domain.local
* SPN found :HOST/dc2
* SPN found :HOST/dc2.domain.local/domain
* SPN found :GC/dc2.domain.local/domain.local
Checking for CN=dc2,OU=Domain Controllers,DC=domain,DC=local in
domain DC=domain,DC=local on 2 servers
Object is up-to-date on all servers.
[dc2] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
........................ dc2 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
........................ ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ ForestDnsZones passed test
CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
........................ DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ DomainDnsZones passed test
CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
........................ Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
........................ Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ Configuration passed test
CheckSDRefDom

Running partition tests on : domain
Starting test: CrossRefValidation
........................ domain passed test
CrossRefValidation
Starting test: CheckSDRefDom
........................ domain passed test CheckSDRefDom

Running enterprise tests on : domain.local
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope

provided by the command line arguments provided.
........................ domain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc1.domain.local
Locator Flags: 0xe00003fd
PDC Name: \\dc1.domain.local
Locator Flags: 0xe00003fd
Time Server Name: \\dc1.domain.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\dc1.domain.local
Locator Flags: 0xe00003fd
KDC Name: \\dc1.domain.local
Locator Flags: 0xe00003fd
........................ domain.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: dc1.domain.local
Domain: domain.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000002] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:14:5E:83:29:6F
IP address is static
IP address: x.x.x.x
DNS servers:
127.0.0.1 (dc1.domain.local.) [Valid]
x.x.x.x (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
x.x.x.x (<name unavailable>) [Valid]
x.x.x.x (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: domain.local.
Delegated domain name: _msdcs.domain.local.
DNS server: dc1.domain.local. IP:x.x.x.x [Valid]


TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone domain.local.
Test record _dcdiag_test_record added successfully in
zone domain.local.
Test record _dcdiag_test_record deleted successfully
in zone domain.local.

TEST: Records registration (RReg)
Network Adapter [00000002] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server x.x.x.x:
dc1.domain.local

Matching CNAME record found at DNS server x.x.x.x:

65a2e0e8-da24-4618-a52c-1a646a7ab0ce._msdcs.domain.local

Matching DC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.dc._msdcs.domain.local

Matching GC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.gc._msdcs.domain.local

Matching PDC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.pdc._msdcs.domain.local

Matching A record found at DNS server x.x.x.x:
dc1.domain.local

Matching CNAME record found at DNS server x.x.x.x:

65a2e0e8-da24-4618-a52c-1a646a7ab0ce._msdcs.domain.local

Matching DC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.dc._msdcs.domain.local

Matching GC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.gc._msdcs.domain.local

Matching PDC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.pdc._msdcs.domain.local

Total query time:0 min. 0 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 42 sec. Total Netuse
connection time:0 min. 0 sec.


DC: dc2.domain.local
Domain: domain.local


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000002] Broadcom NetXtreme Gigabit
Ethernet:
MAC address is 00:14:5E:B4:65:52
IP address is static
IP address: x.x.x.x
DNS servers:
x.x.x.x (dc1.domain.local.) [Valid]
127.0.0.1 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
x.x.x.x (<name unavailable>) [Valid]
x.x.x.x (<name unavailable>) [Valid]

TEST: Delegations (Del)
Delegation information for the zone: domain.local.
Delegated domain name: _msdcs.domain.local.
DNS server: dc1.domain.local. IP:x.x.x.x [Valid]


TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone domain.local.
Test record _dcdiag_test_record added successfully in
zone domain.local.
Test record _dcdiag_test_record deleted successfully
in zone domain.local.

TEST: Records registration (RReg)
Network Adapter [00000002] Broadcom NetXtreme Gigabit
Ethernet:
Matching A record found at DNS server x.x.x.x:
dc2.domain.local

Matching CNAME record found at DNS server x.x.x.x:

aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

Matching DC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.dc._msdcs.domain.local

Matching GC SRV record found at DNS server
x.x.x.x:
_ldap._tcp.gc._msdcs.domain.local

Total query time:0 min. 0 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 43 sec. Total Netuse
connection time:0 min. 0 sec.

Summary of test results for DNS servers used by the above
domain controllers:

DNS server: x.x.x.x (dc1.domain.local.)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered
Delegation to the domain _msdcs.domain.local. is
operational
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: x.x.x.x (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 1 sec.

DNS server: x.x.x.x (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 41 sec.

DNS server: x.x.x.x (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 41 sec.

Summary of DNS test results:

Auth Basc Forw Del Dyn
RReg Ext

________________________________________________________________
Domain: domain.local
dc1 PASS PASS PASS PASS PASS PASS
n/a
dc2 PASS PASS PASS PASS PASS PASS
n/a

Total Time taken to test all the DCs:1 min. 25 sec.
........................ domain.local passed test DNS

--------------------------------------------------------------------------

repadmin running command /showrepl against server localhost

Default-First-Site-Name\dc1

DC Options: IS_GC

Site Options: (none)

DC object GUID: 65a2e0e8-da24-4618-a52c-1a646a7ab0ce

DC invocationID: 65a2e0e8-da24-4618-a52c-1a646a7ab0ce

==== INBOUND NEIGHBORS ======================================

==== OUTBOUND NEIGHBORS FOR CHANGE NOTIFICATIONS ============

DC=domain,DC=local

Default-First-Site-Name\dc2 via RPC

DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3

Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE

Last attempt @ 2010-06-18 09:44:05 was successful.

CN=Configuration,DC=domain,DC=local

Default-First-Site-Name\dc2 via RPC

DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3

Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE

Last attempt @ 2010-06-18 10:01:07 was successful.

CN=Schema,CN=Configuration,DC=domain,DC=local

Default-First-Site-Name\dc2 via RPC

DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3

Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE

Last attempt @ 2010-06-14 23:56:08 was successful.

DC=DomainDnsZones,DC=domain,DC=local

Default-First-Site-Name\dc2 via RPC

DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3

Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE

Last attempt @ 2010-06-18 10:03:28 was successful.

DC=ForestDnsZones,DC=domain,DC=local

Default-First-Site-Name\dc2 via RPC

DC object GUID: aec798bd-45c6-4a00-a81a-3c6ee2ce92a3

Address:
aec798bd-45c6-4a00-a81a-3c6ee2ce92a3._msdcs.domain.local

WRITEABLE

Last attempt @ (never) was successful.

==== KCC CONNECTION OBJECTS
============================================

Connection --

Connection name : a18293f3-3a17-4eb7-b3bc-da02278c359d

Server DNS name : dc1.domain.local

Server DN name : CN=NTDS
Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=local

Source: Default-First-Site-Name\dc2

******* 42343 CONSECUTIVE FAILURES since 2010-01-30 10:15:37

Last error: 8451 (0x2103):

Can't retrieve message string 8451 (0x2103), error 1815.

TransportType: intrasite RPC

options: isGenerated

ReplicatesNC: DC=DomainDnsZones,DC=domain,DC=local

Reason: StaleServersTopology

Replica link has been added.

ReplicatesNC: DC=ForestDnsZones,DC=domain,DC=local

Reason: StaleServersTopology

Replica link has been added.

ReplicatesNC: CN=Configuration,DC=domain,DC=local

Reason: StaleServersTopology

Replica link has been added.

ReplicatesNC: DC=domain,DC=local

Reason: StaleServersTopology

Replica link has been added.

ReplicatesNC: CN=Schema,CN=Configuration,DC=domain,DC=local

Reason: StaleServersTopology

Replica link has been added.

enabledConnection: whenChanged: 20100618035832.0Z

whenCreated: 20070306143916.0Z

Schedule:

day: 0123456789ab0123456789ab

Sun: 111111111111111111111111

Mon: 111111111111111111111111

Tue: 111111111111111111111111

Wed: 111111111111111111111111

Thu: 111111111111111111111111

Fri: 111111111111111111111111

Sat: 111111111111111111111111

1 connections found.

Partition Replication Schedule Loading:

00 01 02 03 04 05 06 07 08
09 10 11

0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3 0 1 2 3
0 1 2 3 0 1 2 3 0 1 2 3

Sun:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Sun:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Mon:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Mon:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Tue:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Tue:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Wed:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Wed:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Thu:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Thu:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Fri:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Fri:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Sat:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

Sat:
050000000500000005000000050000000500000005000000050000000500000005000000050000000500000005000000

--------------------------------------------------------------------------

Microsoft Windows [Version 5.2.3790]
(C) Copyright 1985-2003 Microsoft Corp.

C:\Documents and Settings\Administrator>dnslint /ad /s x.x.x.x

DNSLint will attempt to verify the
DNS entries used in AD replication

Using 127.0.0.1 for LDAP
Starting with x.x.x.x for DNS

This process may take several minutes to complete...............

by-passing www.internic.net lookup...
using x.x.x.x
......
C:\Documents and Settings\Administrator>dnslint /ad /s x.x.x.x

DNSLint will attempt to verify the
DNS entries used in AD replication

Using 127.0.0.1 for LDAP
Starting with x.x.x.x for DNS

This process may take several minutes to complete...............

by-passing www.internic.net lookup...
using x.x.x.x
......
--------------------------------------------------------------------------

These are results...

Paul Bergson [MVP-DS]

unread,
Jun 18, 2010, 8:25:09 AM6/18/10
to
It sounds like your domain is really out of sync. I am assuming that dc1
holds the fsmo roles. To find out run the following from a command prompt
netdom query fsmo

I don't know anything about your environment but (Hopefully) the fsmo roles
reside on dc1 and so you are going to have to force the demotion of dc2.
dcpromo /forceremoval

Next you are going to have to cleanup your metadata, this will detail the
cleanup of dc2 from your domain
http://support.microsoft.com/kb/216498

Finally I would run a diagnostics to verify that dc1 is healthy defore
continuing on:
DCDIAG /V /C /D /s:yourdcname > c:\dcdiag.log

If all looks clean you should be able to repromote your dc. I would
recommend you installing your o/s before repromoting dc2.


--
Paul Bergson
MVP - Directory Services
MCITP - Enterprise Administrator
MCTS, MCT, MCSE, MCSA, MCP, Security +, BS CSci
2008, Vista, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com Twitter - @pbbergs

Please no e-mails, any questions should be posted in the NewGroups. This
posting is provided "AS IS" with no warranties and confers no rights.
"cchelavi" <cchelav...@DoNotSpam.com> wrote in message
news:cchelav...@DoNotSpam.com...

Meinolf Weber [MVP-DS]

unread,
Jun 18, 2010, 8:48:23 AM6/18/10
to
Hello cchelavi,

I agree with Paul, as DC1 holds the FSMO roles according to the dcdiag output,
remove DC2 from the doamin and run the metadata cleanup. Especially the reinstall
of DC2 i recommend to have really fresh machine.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> --- repadmin running command /showrepl against server localhost

> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Conf
> iguration,DC=domain,DC=local
> Source: Default-First-Site-Name\dc2
>

> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Sun:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Mon:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Mon:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Tue:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Tue:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Wed:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Wed:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Thu:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Thu:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Fri:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Fri:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Sat:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> Sat:
> 0500000005000000050000000500000005000000050000000500000005000000050000
> 00050000000500000005000000
> ----------------------------------------------------------------------


> ----
>
> Microsoft Windows [Version 5.2.3790]
> (C) Copyright 1985-2003 Microsoft Corp.
> C:\Documents and Settings\Administrator>dnslint /ad /s x.x.x.x
>
> DNSLint will attempt to verify the
> DNS entries used in AD replication
> Using 127.0.0.1 for LDAP
> Starting with x.x.x.x for DNS
> This process may take several minutes to complete...............
>
> by-passing www.internic.net lookup...
> using x.x.x.x
> ......
> C:\Documents and Settings\Administrator>dnslint /ad /s x.x.x.x
> DNSLint will attempt to verify the
> DNS entries used in AD replication
> Using 127.0.0.1 for LDAP
> Starting with x.x.x.x for DNS
> This process may take several minutes to complete...............
>
> by-passing www.internic.net lookup...
> using x.x.x.x
> ......
> ----------------------------------------------------------------------
> ----
> These are results...
>

> http://forums.techarena.in
>


cchelavi

unread,
Jun 18, 2010, 9:57:32 AM6/18/10
to

Paul Hi,

i was thinking to transfer FSMO roles to DC2, and demote srv01 because
most of the newest data are on DC2. When i connect new computer on
domain, it registers on DC2 (there are many new computers registerd on
domain, but not shown in AD on DC1) . I also assume that most of new
data like user passwords on domain are on DC2. I'm afraid that when i
demote and clean DC2 all of data will be lost. I have one more question,
when i demote server, will NTDS settings on other computer dissapear, or
i will have to remove them manually?

Thnx a lot.

Best Reg's..

'Paul Bergson [MVP-DS Wrote:
> ;4985211']It sounds like your domain is really out of sync. I am

Meinolf Weber [MVP-DS]

unread,
Jun 18, 2010, 10:56:04 AM6/18/10
to
Hello cchelavi,

As the connectivity is broken you have to seize the FSMO roles, transfer
shouldn't work, if you follow this article all steps are mentioned:
http://support.microsoft.com/kb/555846/en-us

Remove DC1 before starting and format and reinstall it afterwards to add
it back to the domain as second DC/DNS/GC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

>> Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=doma
>> in,DC=local
>>
>>> pSites[0].pszISTG=CN=NTDS
>>>
>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>

>> Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=doma
>> in,DC=local
>>
>>> [0x904de,v=38780,t=2010-06-18
>>>
>> 10:00:52,g=65a2e0e8-da24-4618-a52c-1a646a7ab0ce,orig=2446212,local=24
>> 46212]
>>

>> Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=doma
>> in,DC=local
>>
>>> [0x904de,v=38780,t=2010-06-18
>>>
>> 10:00:52,g=65a2e0e8-da24-4618-a52c-1a646a7ab0ce,orig=2446212,local=27

>>> Role Domain Owner = CN=NTDS
>>>
>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>
>>> Role PDC Owner = CN=NTDS
>>>
>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>
>>> Role Rid Owner = CN=NTDS
>>>
>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>
>>> Role Infrastructure Update Owner = CN=NTDS
>>>
>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>

>> Settings,CN=dc1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Con
>> figuration,DC=domain,DC=local
>>
>>> Source: Default-First-Site-Name\dc2
>>>

>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Sun:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Mon:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Mon:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Tue:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Tue:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Wed:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Wed:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Thu:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Thu:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Fri:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Fri:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Sat:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>>> Sat:
>>>
>> 050000000500000005000000050000000500000005000000050000000500000005000
>> 000050000000500000005000000
>>
>> ---------------------------------------------------------------------

> http://forums.techarena.in
>


cchelavi

unread,
Jun 21, 2010, 2:40:19 AM6/21/10
to

Meinolf hi,

i have changed registry key for replication with corrupt partner, and
replication went well, but there are same errors on DC1 regarding
corrupted database etc. I can't reinstall DC1 or DC2 because there are
lot of applications running on both of these servers and these
application are major applications in company. I was thinkig to buy two
additional servers only for dedicated domain controllers. What are the
steps for migrating DC's on new servers. I want to migrate DC1 and DC2
on "DC3" and "DC4" because i think that these applications on current
servers are making a lot of problems. DC1 is also fax server, backup
device, general antivirus server, print server, application server, and
terminal server, and DC2 is also proxy server, application server, file
server, and SQL database server. I think that if i transfer these DC's
on another servers there will be no more problems. What do you think ?

Thnx

Meinolf Weber [MVP-DS]

unread,
Jun 21, 2010, 8:59:22 AM6/21/10
to
Hello cchelavi,

There is no problem to add additional DCs to the domain, if the support tools
state the DCs are healthy. If any errors exist, you must solve them before.

If they belong to the same OS version just install a member server to the
domain, run dcpromo and make them also Global catalog and DNS server(AD integrated
zones). Move the FSMO roles to one of them and control with the support tools
for errors, then reconfigure all domain machines to use that servers as DNS
on the NIC.

Regarding the applications and using a DC for terminal services, you see
now why all this should NEVER be installed on DCs. Especially a Terminal
server has not to be installed on a DC, this requires to lower security that
domain users area bale to logon, which by default isn't allowed.

For applications and terminal services use always member servers. I strongly
suggest to move all services/applications etc. to member servers and let
the new DCs only do their basic job, AD/DNS/GC and maybe DHCP, that's it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Meinolf hi,
>
> i have changed registry key for replication with corrupt partner, and
> replication went well, but there are same errors on DC1 regarding
> corrupted database etc. I can't reinstall DC1 or DC2 because there are
> lot of applications running on both of these servers and these
> application are major applications in company. I was thinkig to buy
> two additional servers only for dedicated domain controllers. What are
> the steps for migrating DC's on new servers. I want to migrate DC1 and
> DC2 on "DC3" and "DC4" because i think that these applications on
> current servers are making a lot of problems. DC1 is also fax server,
> backup device, general antivirus server, print server, application
> server, and terminal server, and DC2 is also proxy server, application
> server, file server, and SQL database server. I think that if i
> transfer these DC's on another servers there will be no more problems.
> What do you think ?
>
> Thnx
>

> http://forums.techarena.in
>


cchelavi

unread,
Jun 23, 2010, 2:56:43 AM6/23/10
to

Thnx very much,

il reply to You when i transfer my DC's :)...

Best reg's

0 new messages