Active Directory problems/dcdiag error
Wael
a lot of Event IDs 1865, 1311, 1312. I tried a lot of articles on the
MS Websites, but still can't figure out how to resolve the problem. We
have two locations connected over the internet with two VPN servers.
One of the sites has a slow 5MB DSL connection.
Also notice the Time service error at the end.
Any help is appreciated.
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Location1\MyServer1
Starting test: Connectivity
......................... MyServer1 passed test Connectivity
Doing primary tests
Testing server: Location1\MyServer1
Starting test: Replications
......................... MyServer1 passed test Replications
Starting test: NCSecDesc
......................... MyServer1 passed test NCSecDesc
Starting test: NetLogons
......................... MyServer1 passed test NetLogons
Starting test: Advertising
Warning: MyServer1 is not advertising as a time server.
......................... MyServer1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... MyServer1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... MyServer1 passed test RidManager
Starting test: MachineAccount
......................... MyServer1 passed test MachineAccount
Starting test: Services
Could not open IsmServ Service on [MyServer1]:failed with 1060: The
specified service does not exist as an installed service.
......................... MyServer1 failed test Services
Starting test: ObjectsReplicated
......................... MyServer1 passed test ObjectsReplicated
Starting test: frssysvol
......................... MyServer1 passed test frssysvol
Starting test: frsevent
......................... MyServer1 passed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/22/2010 14:39:41
Event String: A call to the Intersite Messaging service that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/22/2010 14:39:41
Event String: A call to the Intersite Messaging service that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/22/2010 14:39:41
Event String: A call to the Intersite Messaging service that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/22/2010 14:39:41
Event String: A call to the Intersite Messaging service that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/22/2010 14:39:41
Event String: The Knowledge Consistency Checker (KCC) was
......................... MyServer1 failed test kccevent
Starting test: systemlog
......................... MyServer1 passed test systemlog
Starting test: VerifyReferences
......................... MyServer1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : MyOrganization
Starting test: CrossRefValidation
......................... MyOrganization passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... MyOrganization passed test CheckSDRefDom
Running enterprise tests on : MyOrganization.local
Starting test: Intersite
......................... MyOrganization.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... MyOrganization.local failed test FsmoCheck
![kj [SBS MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
kj [SBS MVP]
dcdiag /c /v /e
just by chance are you using Small Business Server for one of your 'sites'?
and do you have seperate domain controllers in each of the sites?
ISMserv and a fucntioning PDCe role seems to be the heart of the issue.
--
/kj
Wael
One of the servers is an SBS and yes i have another domain controller
in the branch office. The DC is a member server (obviously)
ipconfig /all (SBS)
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server1
Primary Dns Suffix . . . . . . . : MyOrganization.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MyOrganization.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8169 Gigabit
Ethernet Adapter
Physical Address. . . . . . . . . : 00-18-E7-16-B4-0D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.168.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.168.81
DNS Servers . . . . . . . . . . . : 192.168.168.1
Primary WINS Server . . . . . . . : 192.168.168.1
-----------------------------------------
ipconfig /all on the member domain controller
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server2
Primary Dns Suffix . . . . . . . : MyOrganization.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : MyOrganization.local
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-14-22-78-06-EE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.169.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.169.19
DNS Servers . . . . . . . . . . . : 192.168.168.1
Primary WINS Server . . . . . . . : 192.168.169.2
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Dual Port
Server Adapter
Physical Address. . . . . . . . . : 00-04-23-C2-4A-0E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : No
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Disabled
-----------------------------------------
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine Server1, is a DC.
* Connecting to directory service on server Server1.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Location1\Server1
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... Server1 passed test Connectivity
Testing server: Branch-Office\Server2
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... Server2 passed test Connectivity
Doing primary tests
Testing server: Location1\Server1
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... Server1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
[Topology Integrity Check,Server1] Intra-site topology
generation is disabled in this site.
* Analyzing the connection topology for
DC=ForestDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... Server1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... Server1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC Server1.
* Security Permissions Check for
DC=ForestDnsZones,DC=MyOrganization,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=MyOrganization,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=MyOrganization,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=MyOrganization,DC=local
(Domain,Version 2)
......................... Server1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\Server1\netlogon
Verified share \\Server1\sysvol
......................... Server1 passed test NetLogons
Starting test: Advertising
The DC Server1 is advertising itself as a DC and having a DS.
The DC Server1 is advertising as an LDAP server
The DC Server1 is advertising as having a writeable directory
The DC Server1 is advertising as a Key Distribution Center
Warning: Server1 is not advertising as a time server.
The DS Server1 is advertising as a GC.
......................... Server1 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
......................... Server1 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6609 to 1073741823
* Server1.MyOrganization.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 5609 to 6108
* rIDPreviousAllocationPool is 4109 to 4608
* rIDNextRID: 4485
......................... Server1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC Server1 on DC Server1.
* SPN found :LDAP/Server1.MyOrganization.local/
MyOrganization.local
* SPN found :LDAP/Server1.MyOrganization.local
* SPN found :LDAP/Server1
* SPN found :LDAP/Server1.MyOrganization.local/MyOrganization
* SPN found :LDAP/c022f83e-
c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e-
c0aa-451c-8fa4-2a089356de62/MyOrganization.local
* SPN found :HOST/Server1.MyOrganization.local/
MyOrganization.local
* SPN found :HOST/Server1.MyOrganization.local
* SPN found :HOST/Server1
* SPN found :HOST/Server1.MyOrganization.local/MyOrganization
* SPN found :GC/Server1.MyOrganization.local/
MyOrganization.local
......................... Server1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
Could not open IsmServ Service on [Server1]:failed with
1060: The specified service does not exist as an installed service.
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... Server1 failed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... Server1 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
Server1 is in domain DC=MyOrganization,DC=local
Checking for CN=Server1,OU=Domain
Controllers,DC=MyOrganization,DC=local in domain
DC=MyOrganization,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
in domain CN=Configuration,DC=MyOrganization,DC=local on 2 servers
Object is up-to-date on all servers.
......................... Server1 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... Server1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... Server1 passed test frsevent
Starting test: kccevent
* The KCC Event log test
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/23/2010 16:39:59
Event String: A call to the Intersite Messaging service
that
specifies the following transport failed.
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
As a result, the Knowledge Consistency Checker
(KCC) cannot configure a correct intersite
replication topology.
User Action
Verify that the Intersite Messaging service is
running.
Additional Data
Error value:
1722 The RPC server is unavailable.
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
DC=MyOrganization,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/23/2010 16:39:59
Event String: A call to the Intersite Messaging service
that
specifies the following transport failed.
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
As a result, the Knowledge Consistency Checker
(KCC) cannot configure a correct intersite
replication topology.
User Action
Verify that the Intersite Messaging service is
running.
Additional Data
Error value:
1722 The RPC server is unavailable.
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
DC=ForestDnsZones,DC=MyOrganization,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/23/2010 16:39:59
Event String: A call to the Intersite Messaging service
that
specifies the following transport failed.
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
As a result, the Knowledge Consistency Checker
(KCC) cannot configure a correct intersite
replication topology.
User Action
Verify that the Intersite Messaging service is
running.
Additional Data
Error value:
1722 The RPC server is unavailable.
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
DC=DomainDnsZones,DC=MyOrganization,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/23/2010 16:39:59
Event String: A call to the Intersite Messaging service
that
specifies the following transport failed.
Transport:
CN=IP,CN=Inter-Site
Transports,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
As a result, the Knowledge Consistency Checker
(KCC) cannot configure a correct intersite
replication topology.
User Action
Verify that the Intersite Messaging service is
running.
Additional Data
Error value:
1722 The RPC server is unavailable.
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) has
detected problems with the following directory
partition.
Directory partition:
CN=Configuration,DC=MyOrganization,DC=local
There is insufficient site connectivity
information in Active Directory Sites and
Services for the KCC to create a spanning tree
replication topology. Or, one or more domain
controllers with this directory partition are
unable to replicate the directory partition
information. This is probably due to inaccessible
domain controllers.
User Action
Use Active Directory Sites and Services to
perform one of the following actions:
- Publish sufficient site connectivity
information so that the KCC can determine a route
by which this directory partition can reach this
site. This is the preferred option.
- Add a Connection object to a domain controller
that contains the directory partition in this
site from a domain controller that contains the
same directory partition in another site.
If neither of the Active Directory Sites and
Services tasks correct this condition, see
previous events logged by the KCC that identify
the inaccessible domain controllers.
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/23/2010 16:39:59
Event String: The Knowledge Consistency Checker (KCC) was
unable to form a complete spanning tree network
topology. As a result, the following list of
sites cannot be reached from the local site.
Sites:
CN=Branch-Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
......................... Server1 failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002720
Time Generated: 03/23/2010 16:12:57
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:08
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:14
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/23/2010 16:43:31
(Event String could not be retrieved)
......................... Server1 failed test systemlog
Starting test: VerifyReplicas
......................... Server1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local
and backlink
on
CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN={5af2cfd7-dc82-4e9a-9650-6ac3571706a3},CN=DFSDomainRoot|
DFSLink1,CN=LostAndFound,DC=MyOrganization,DC=local
and backlink on
CN=Server1,OU=Domain Controllers,DC=MyOrganization,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=Server1,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=MyOrganization,DC=local
and backlink on
CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
are correct.
......................... Server1 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... Server1 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC Server1 for domain MyOrganization.local in site
Location1
Checking machine account for DC Server1 on DC Server1.
* SPN found :LDAP/Server1.MyOrganization.local/
MyOrganization.local
* SPN found :LDAP/Server1.MyOrganization.local
* SPN found :LDAP/Server1
* SPN found :LDAP/Server1.MyOrganization.local/MyOrganization
* SPN found :LDAP/c022f83e-
c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c022f83e-
c0aa-451c-8fa4-2a089356de62/MyOrganization.local
* SPN found :HOST/Server1.MyOrganization.local/
MyOrganization.local
* SPN found :HOST/Server1.MyOrganization.local
* SPN found :HOST/Server1
* SPN found :HOST/Server1.MyOrganization.local/MyOrganization
* SPN found :GC/Server1.MyOrganization.local/
MyOrganization.local
[Server1] No security related replication errors were found
on this DC! To target the connection to a specific source DC use /
ReplSource:<DC>.
......................... Server1 passed test
CheckSecurityError
Testing server: Branch-Office\Server2
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
DC=MyOrganization,DC=local
Latency information for 4 entries in the vector were
ignored.
4 were retired Invocations. 0 were either: read-
only replicas and are not verifiably latent, or dc's no longer
replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... Server2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
[Topology Integrity Check,Server2] Intra-site topology
generation is disabled in this site.
* Analyzing the connection topology for
DC=ForestDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... Server2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=MyOrganization,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... Server2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC Server2.
* Security Permissions Check for
DC=ForestDnsZones,DC=MyOrganization,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=MyOrganization,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=MyOrganization,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=MyOrganization,DC=local
(Domain,Version 2)
......................... Server2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\Server2\netlogon
Verified share \\Server2\sysvol
......................... Server2 passed test NetLogons
Starting test: Advertising
The DC Server2 is advertising itself as a DC and having a DS.
The DC Server2 is advertising as an LDAP server
The DC Server2 is advertising as having a writeable directory
The DC Server2 is advertising as a Key Distribution Center
Warning: Server2 is not advertising as a time server.
The DS Server2 is advertising as a GC.
......................... Server2 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Domain Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role PDC Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Rid Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=Server1,CN=Servers,CN=Location1,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
......................... Server2 passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6609 to 1073741823
* Server1.MyOrganization.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2109 to 2608
* rIDPreviousAllocationPool is 2109 to 2608
* rIDNextRID: 2146
......................... Server2 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC Server2 on DC Server2.
* SPN found :LDAP/Server2.MyOrganization.local/
MyOrganization.local
* SPN found :LDAP/Server2.MyOrganization.local
* SPN found :LDAP/Server2
* SPN found :LDAP/Server2.MyOrganization.local/MyOrganization
* SPN found :LDAP/
a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/
a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local
* SPN found :HOST/Server2.MyOrganization.local/
MyOrganization.local
* SPN found :HOST/Server2.MyOrganization.local
* SPN found :HOST/Server2
* SPN found :HOST/Server2.MyOrganization.local/MyOrganization
* SPN found :GC/Server2.MyOrganization.local/
MyOrganization.local
......................... Server2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... Server2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... Server2 passed test
OutboundSecureChannels
Starting test: ObjectsReplicated
Server2 is in domain DC=MyOrganization,DC=local
Checking for CN=Server2,OU=Domain
Controllers,DC=MyOrganization,DC=local in domain
DC=MyOrganization,DC=local on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch-
Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local in domain
CN=Configuration,DC=MyOrganization,DC=local on 2 servers
Object is up-to-date on all servers.
......................... Server2 passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... Server2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... Server2 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the
last 15 minutes.
......................... Server2 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40011006
Time Generated: 03/23/2010 16:03:54
Event String: The connection was aborted by the remote
WINS.
Remote WINS may not be configured to replicate
with the server.
An Error Event occured. EventID: 0x40011006
Time Generated: 03/23/2010 16:33:54
Event String: The connection was aborted by the remote
WINS.
Remote WINS may not be configured to replicate
with the server.
An Error Event occured. EventID: 0x000003F6
Time Generated: 03/23/2010 16:34:11
Event String: The following problem occurred with the Jet
database -1032: Jet database read or write
operations failed. If the computer or database
has just been upgraded, then this message can be
safely ignored. If this message appears
frequently, either there is not enough disk
space to complete the operation or the database
or backup database may be corrupt. To correct
this problem, either free additional space on
your hard disk or restore the database. After
you restore the database, ensure that conflict
detection is enabled in DHCP server properties.
For information about restoring the database,
see Help and Support Center. Additional Debug
Information: JetBackup.
An Error Event occured. EventID: 0x000003F8
Time Generated: 03/23/2010 16:34:11
Event String: The DHCP service encountered the following
error
when backing up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.
An Error Event occured. EventID: 0x000003F2
Time Generated: 03/23/2010 16:34:11
Event String: The DHCP service encountered the following
error
while cleaning up the database:
An error occurred while accessing the DHCP database. Look at the
DHCP server event log for more information on this error.
......................... Server2 failed test systemlog
Starting test: VerifyReplicas
......................... Server2 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local
and backlink
on
CN=Server2,CN=Servers,CN=Branch-
Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN={c7a7beed-3e23-4d59-85c9-fbd36e6c6d43},CN=DFSDomainRoot|
HDrive,CN=DFSDomainRoot,CN=DFS Volumes,CN=File Replication
Service,CN=System,DC=MyOrganization,DC=local
and backlink on
CN=Server2,OU=Domain Controllers,DC=MyOrganization,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=Server2,CN=Domain System Volume (SYSVOL share),CN=File
Replication Service,CN=System,DC=MyOrganization,DC=local
and backlink on
CN=NTDS Settings,CN=Server2,CN=Servers,CN=Branch-
Office,CN=Sites,CN=Configuration,DC=MyOrganization,DC=local
are correct.
......................... Server2 passed test
VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... Server2 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC Server2 for domain MyOrganization.local in site
Branch-Office
Checking machine account for DC Server2 on DC Server2.
* SPN found :LDAP/Server2.MyOrganization.local/
MyOrganization.local
* SPN found :LDAP/Server2.MyOrganization.local
* SPN found :LDAP/Server2
* SPN found :LDAP/Server2.MyOrganization.local/MyOrganization
* SPN found :LDAP/
a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/
a675e995-26a8-4c18-9e0e-88b72f76b63d/MyOrganization.local
* SPN found :HOST/Server2.MyOrganization.local/
MyOrganization.local
* SPN found :HOST/Server2.MyOrganization.local
* SPN found :HOST/Server2
* SPN found :HOST/Server2.MyOrganization.local/MyOrganization
* SPN found :GC/Server2.MyOrganization.local/
MyOrganization.local
[Server2] No security related replication errors were found
on this DC! To target the connection to a specific source DC use /
ReplSource:<DC>.
......................... Server2 passed test
CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Doing intersite inbound replication test on site Location1:
Locating & Contacting Intersite Topology Generator
(ISTG) ...
The ISTG for site Location1 is: Server1.
Checking for down bridgeheads ...
Bridghead Branch-Office\Server2 is up and replicating
fine.
Bridghead Location1\Server1 is up and replicating
fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating into
site
Location1.
Doing intersite inbound replication test on site Branch-
Office:
Locating & Contacting Intersite Topology Generator
(ISTG) ...
The ISTG for site Branch-Office is: Server2.
Checking for down bridgeheads ...
Bridghead Location1\Server1 is up and replicating
fine.
Bridghead Branch-Office\Server2 is up and replicating
fine.
Doing in depth site analysis ...
All expected sites and bridgeheads are replicating into
site
Branch-Office.
......................... MyOrganization.local passed test
Intersite
Starting test: FsmoCheck
GC Name: \\Server1.MyOrganization.local
Locator Flags: 0xe00001bd
PDC Name: \\Server1.MyOrganization.local
Locator Flags: 0xe00001bd
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error 1355
A Good Time Server could not be located.
KDC Name: \\Server1.MyOrganization.local
Locator Flags: 0xe00001bd
......................... MyOrganization.local failed test
FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: Server2.MyOrganization.local
Domain: MyOrganization.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard
Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000003] Intel(R) PRO/1000 MT Network
Connection:
MAC address is 00:14:22:78:06:EE
IP address is static
IP address: 192.168.169.2
DNS servers:
192.168.168.1 (Server1.MyOrganization.local.)
[Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
24.200.241.37 (<name unavailable>) [Valid]
66.28.0.45 (<name unavailable>) [Valid]
66.28.0.61 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone:
MyOrganization.local.
Delegated domain name:
_msdcs.MyOrganization.local.
DNS server: Server1.MyOrganization.local. IP:
192.168.168.1 [Valid]
DNS server: Server2.MyOrganization.local. IP:
192.168.169.2 [Valid]
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure MyOrganization.local.
Test record _dcdiag_test_record added successfully
in zone MyOrganization.local.
Test record _dcdiag_test_record deleted successfully
in zone MyOrganization.local.
TEST: Records registration (RReg)
Network Adapter [00000003] Intel(R) PRO/1000 MT
Network Connection:
Matching A record found at DNS server
192.168.168.1:
Server2.MyOrganization.local
Matching CNAME record found at DNS server
192.168.168.1:
a675e995-26a8-4c18-9e0e-88b72f76b63d._msdcs.MyOrganization.local
Matching DC SRV record found at DNS server
192.168.168.1:
_ldap._tcp.dc._msdcs.MyOrganization.local
Matching GC SRV record found at DNS server
192.168.168.1:
_ldap._tcp.gc._msdcs.MyOrganization.local
DC: Server1.MyOrganization.local
Domain: MyOrganization.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003 for Small
Business Server (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000012] Realtek RTL8169 Gigabit Ethernet
Adapter:
MAC address is 00:18:E7:16:B4:0D
IP address is static
IP address: 192.168.168.1
DNS servers:
192.168.168.1 (Server1.MyOrganization.local.)
[Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was
found
The Active Directory zone on this DC/DNS server was
found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
66.28.0.45 (<name unavailable>) [Valid]
66.28.0.61 (<name unavailable>) [Valid]
TEST: Delegations (Del)
Delegation information for the zone:
MyOrganization.local.
Delegated domain name:
_msdcs.MyOrganization.local.
DNS server: Server1.MyOrganization.local. IP:
192.168.168.1 [Valid]
DNS server: Server2.MyOrganization.local. IP:
192.168.169.2 [Valid]
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but
not secure MyOrganization.local.
Test record _dcdiag_test_record added successfully
in zone MyOrganization.local.
Test record _dcdiag_test_record deleted successfully
in zone MyOrganization.local.
TEST: Records registration (RReg)
Network Adapter [00000012] Realtek RTL8169 Gigabit
Ethernet Adapter:
Matching A record found at DNS server
192.168.168.1:
Server1.MyOrganization.local
Matching CNAME record found at DNS server
192.168.168.1:
c022f83e-
c0aa-451c-8fa4-2a089356de62._msdcs.MyOrganization.local
Matching DC SRV record found at DNS server
192.168.168.1:
_ldap._tcp.dc._msdcs.MyOrganization.local
Matching GC SRV record found at DNS server
192.168.168.1:
_ldap._tcp.gc._msdcs.MyOrganization.local
Matching PDC SRV record found at DNS server
192.168.168.1:
_ldap._tcp.pdc._msdcs.MyOrganization.local
Summary of test results for DNS servers used by the above
domain controllers:
DNS server: 192.168.168.1 (Server1.MyOrganization.local.)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for
the forest root domain is registered
Delegation to the domain _msdcs.MyOrganization.local.
is operational
DNS server: 192.168.169.2 (Server2.MyOrganization.local.)
All tests passed on this DNS server
This is a valid DNS server
Delegation to the domain _msdcs.MyOrganization.local.
is operational
DNS server: 24.200.241.37 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
DNS server: 66.28.0.45 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
DNS server: 66.28.0.61 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn
RReg Ext
________________________________________________________________
Domain: MyOrganization.local
Server2 PASS PASS PASS PASS WARN
PASS n/a
Server1 PASS PASS PASS PASS WARN
PASS n/a
......................... MyOrganization.local passed test
DNS
On Mar 23, 3:20 pm, "kj [SBS MVP]" <KevinJ....@SPAMFREE.gmail.com>
wrote:
> /kj- Hide quoted text -
>
> - Show quoted text -
kj [SBS MVP]
client configurations
Server 2 should have server 2 and server1 for DNS client settings ( both in
repesctive orders)
> IP Address. . . . . . . . . . . . : 192.168.168.1
>
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> Default Gateway . . . . . . . . . : 192.168.168.81
>
> DNS Servers . . . . . . . . . . . : 192.168.168.1
<add> DNS Servers . . . . . . . . . . . : 192.168.169.2
> Primary WINS Server . . . . . . . : 192.168.168.1
???????
> Primary WINS Server . . . . . . . : 192.168.169.2
Do you have WINS replication configured? If not you probably want to settle
on one WINS server or setup WINS replication and add Secondary WINS servers
to both DCs.
SBS server has ISMserv (Intersite messaging service) disabled by default.
You should go into services and enable and start this service ( make sure
its's running on both DCs). Is the other server a windows 2000 server or
something more recent?
Right not your DCs are not replicating well. How long has this configuration
existed?
Server 2 appears to have a second NIC that is not connected. If true it's
better to disable it. Later OS versions can have binding order problems in
DCs with two or more enabled NICs.
After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin
/replsummary"
btw, is this SBS 2003 or SBS 2008?
--
/kj
Wael
wrote:
> OK, for starters server 1 should have both server1 and server2 for DNS
> client configurations
>
> Server 2 should have server 2 and server1 for DNS client settings ( both in
> repesctive orders)
Done. I scheduled the restart for the early morning because those
servers are heavily used until midnight. I noticed that some dcdiag
issues were resolved (even though i did not yet restart). The problem
that remains now is the time service issue.
>
> > IP Address. . . . . . . . . . . . : 192.168.168.1
>
> > Subnet Mask . . . . . . . . . . . : 255.255.255.0
>
> > Default Gateway . . . . . . . . . : 192.168.168.81
>
> > DNS Servers . . . . . . . . . . . : 192.168.168.1
>
> <add> DNS Servers . . . . . . . . . . . : 192.168.169.2
>
>
>
> > Primary WINS Server . . . . . . . : 192.168.168.1
> ???????
> > Primary WINS Server . . . . . . . : 192.168.169.2
>
> Do you have WINS replication configured? If not you probably want to settle
> on one WINS server or setup WINS replication and add Secondary WINS servers
> to both DCs.
>
Done. I verified the configuration, still getting errors with dcdiag
though. Let's see what happens after the restart tonight.
> SBS server has ISMserv (Intersite messaging service) disabled by default.
> You should go into services and enable and start this service ( make sure
> its's running on both DCs). Is the other server a windows 2000 server or
> something more recent?
>
I couldn't find this service (or any variations for the name) on SBS.
I found it on the member server (Intersite Messaging) and it was
already started. Any idea why it is not showing in the list of
services?
> Right not your DCs are not replicating well. How long has this configuration
> existed?
>
6 months probably.
> Server 2 appears to have a second NIC that is not connected. If true it's
> better to disable it. Later OS versions can have binding order problems in
> DCs with two or more enabled NICs.
>
It is disabled. I am using Windows 2003 SBS and R1
> After that, reboot the SBS server, run a fresh dcdiag, and also a "repadmin
> /replsummary"
This test showed 0/5 errors.
kj [SBS MVP]
completes.
In the repadmin command, it's more important when it was last successfull
not the current fail.
Do a repadmin /showrepl and post the entire unedited output.
Missing the ismserv is going to continue to be an issue. May be the root of
the problem for that matter.
first try a net start ismserv & post the output
- If it fails, check the %windir% \system32 directory for the ism*.* files
( should be four of them ). If they are there then its possible the dll's
need to be reregistered. You might consider putting in a call to MS support
for this issue.
There is a 180 day "tombstone lifetime" that is essential that you get this
resolved and it sounds like you are getting close to this time frame
already. ( if not already exceeded).
Do you have the two locations defined as seperate AD sites with unique
subnets? ( if you do not have them defined, do not do it until MS instructed
or until you get replication resolved.)
--
/kj
Wael
wrote:
> Yikes. So, 180 days is a critical time in which to ensure replicaiton
> completes.
>
Actually I don't think there was a big problem with replication,
otherwise i would've probably noticed. In the "File Replication
Service" section of the event viewer the errors are months apart, but
anyway I am posting the results of the replication below.
> In the repadmin command, it's more important when it was last successfull
> not the current fail.
>
> Do a repadmin /showrepl and post the entire unedited output.
>
> Missing the ismserv is going to continue to be an issue. May be the root of
> the problem for that matter.
>
> first try a net start ismserv & post the output
>
I did "ismserv /install" and now it shows in the list of services. I
also started the newly installed service afterwards. DCDiag still
shows the same errors. I will post them separately shortly. This
should make the thread easier to follow (I hope)
> - If it fails, check the %windir% \system32 directory for the ism*.* files
> ( should be four of them ). If they are there then its possible the dll's
> need to be reregistered. You might consider putting in a call to MS support
> for this issue.
>
> There is a 180 day "tombstone lifetime" that is essential that you get this
> resolved and it sounds like you are getting close to this time frame
> already. ( if not already exceeded).
>
I am not sure what this "tombstone" is. I noticed in the WINS server
there were entries marked as "tombstones". I deleted those entries
that I know belong to computers external to our organization.
> Do you have the two locations defined as seperate AD sites with unique
> subnets? ( if you do not have them defined, do not do it until MS instructed
> or until you get replication resolved.)
>
repadmin running command /showrepl against server localhost
Westmount\Server1
DC Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DC object GUID: c022f83e-c0aa-451c-8fa4-2a089356de62
DC invocationID: c022f83e-c0aa-451c-8fa4-2a089356de62
==== INBOUND NEIGHBORS ======================================
DC=MyOrganization,DC=local
Branch-Office\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 13:49:59 was successful.
CN=Configuration,DC=MyOrganization,DC=local
Branch-Office\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 13:49:59 was successful.
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
Branch-Office\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 13:49:59 was successful.
DC=DomainDnsZones,DC=MyOrganization,DC=local
Branch-Office\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 13:49:59 was successful.
DC=ForestDnsZones,DC=MyOrganization,DC=local
Branch-Office\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 13:50:00 was successful.
Wael
> On Mar 24, 1:06 pm, "kj [SBS MVP]" <KevinJ....@SPAMFREE.gmail.com>
> wrote:
>
> > Yikes. So, 180 days is a critical time in which to ensure replicaiton
> > completes.
>
Below is the result for DCDiag. For my previous posting "Westmount" =
"Location1"
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Location1\Server1
Starting test: Connectivity
......................... Server1 passed test Connectivity
Doing primary tests
Testing server: Location1\Server1
Starting test: Replications
......................... Server1 passed test Replications
Starting test: NCSecDesc
......................... Server1 passed test NCSecDesc
Starting test: NetLogons
......................... Server1 passed test NetLogons
Starting test: Advertising
Warning: Server1 is not advertising as a time server.
......................... Server1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... Server1 passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... Server1 passed test RidManager
Starting test: MachineAccount
......................... Server1 passed test MachineAccount
Starting test: Services
......................... Server1 passed test Services
Starting test: ObjectsReplicated
......................... Server1 passed test
ObjectsReplicated
Starting test: frssysvol
......................... Server1 passed test frssysvol
Starting test: frsevent
......................... Server1 passed test frsevent
Starting test: kccevent
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/24/2010 13:54:58
Event String: A call to the Intersite Messaging service
that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/24/2010 13:54:58
Event String: A call to the Intersite Messaging service
that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/24/2010 13:54:58
Event String: A call to the Intersite Messaging service
that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000520
Time Generated: 03/24/2010 13:54:58
Event String: A call to the Intersite Messaging service
that
An Error Event occured. EventID: 0xC000051F
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) has
An Warning Event occured. EventID: 0x80000749
Time Generated: 03/24/2010 13:54:58
Event String: The Knowledge Consistency Checker (KCC) was
An Error Event occured. EventID: 0xC0000713
Time Generated: 03/24/2010 13:58:14
Event String: The Intersite Messaging Service encountered
an
......................... Server1 failed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:04
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:05
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:06
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:07
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:09
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:10
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 13:52:11
(Event String could not be retrieved)
......................... Server1 failed test systemlog
Starting test: VerifyReferences
......................... Server1 passed test
VerifyReferences
Running partition tests on : ForestDnsZones
Wael
time server.
> Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
> A Time Server could not be located.
> The server holding the PDC role is down.
> Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
> error 1355
> A Good Time Server could not be located.
> ......................... MyOrganization.local failed test
> FsmoCheck
w32tm /monitor shows
Getting DC list for default domain...
Analyzing: 1 -- (0 of 2)
Analyzing: -- 2 (1 of 2)
Analyzing: -- 2 (1 of 2)
resolving referer 209.87.233.53 (1 of 2)...
resolving referer 209.87.233.53 (2 of 2)...
Server1.MyOrganization.local *** PDC *** [192.168.168.1]:
ICMP: 0ms delay.
NTP: +0.0000000s offset from Server1.MyOrganization.local
RefID: time1.chu.nrc.ca [209.87.233.53]
Server2.MyOrganization.local [192.168.169.2]:
ICMP: 400ms delay.
NTP: -0.0127315s offset from Server1.MyOrganization.local
RefID: time1.chu.nrc.ca [209.87.233.53]
kj [SBS MVP]
Things are getting better. ISMserv is needed for ISTG and KCC. On the SBS
server you should set the service type to auto.
You should define AD sites (ad sites and services) and subnets assigning
each of the two DCs to it's own site. So, the PDCe role seems to be the last
issue besides that.
From the previous dcdiag stuff it showed that the SBS *should* be the PDCe.
do a netdom query fsmo and post results.
also do a repadmin /showreps from the other server too.
and a w32tm /dumpreg probably would be a good idea too.
--
/kj
Wael
wrote:
> Things are getting better. ISMserv is needed for ISTG and KCC. On the SBS
> server you should set the service type to auto.
>
> You should define AD sites (ad sites and services) and subnets assigning
> each of the two DCs to it's own site. So, the PDCe role seems to be the last
> issue besides that.
>
> From the previous dcdiag stuff it showed that the SBS *should* be the PDCe.
Everything was already as you described. I noticed that it took a
while before all the errors were gone. I will post the new dcdiag
below, but there are no more errors.
>
> do a netdom query fsmo and post results.
>
Schema owner Server1.JSSResearch.local
Domain role owner Server1.JSSResearch.local
PDC role Server1.JSSResearch.local
RID pool manager Server1.JSSResearch.local
Infrastructure owner Server1.JSSResearch.local
The command completed successfully.
> also do a repadmin /showreps from the other server too.
>
Westmount\Server1
DC Options: IS_GC
Site Options: IS_GROUP_CACHING_ENABLED
DC object GUID: c022f83e-c0aa-451c-8fa4-2a089356de62
DC invocationID: c022f83e-c0aa-451c-8fa4-2a089356de62
==== INBOUND NEIGHBORS ======================================
DC=MyOrganization,DC=local
St-Laurent\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 15:49:58 was successful.
CN=Configuration,DC=MyOrganization,DC=local
St-Laurent\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 15:49:58 was successful.
CN=Schema,CN=Configuration,DC=MyOrganization,DC=local
St-Laurent\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 15:49:59 was successful.
DC=DomainDnsZones,DC=MyOrganization,DC=local
St-Laurent\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 15:49:59 was successful.
DC=ForestDnsZones,DC=MyOrganization,DC=local
St-Laurent\Server2 via RPC
DC object GUID: a675e995-26a8-4c18-9e0e-88b72f76b63d
Last attempt @ 2010-03-24 15:49:59 was successful.
> and a w32tm /dumpreg probably would be a good idea too.
>
Value Name Value Type Value Data
----------------------------------------------------
Description REG_SZ Maintains date and time
synchronization on all clients and servers in the network. If this
service is stopped, date and time synchronization will be unavailable.
If this service is disabled, any services that explicitly depend on it
will fail to start.
DisplayName REG_SZ Windows Time
ErrorControl REG_DWORD 1
FailureActions REG_BINARY
05000000000000000000000002000000640020000100000060EA00000100000060EA0000
Group REG_SZ
ImagePath REG_EXPAND_SZ %SystemRoot%
\system32\svchost.exe -k LocalService
Objectname REG_SZ NT AUTHORITY\LocalService
Start REG_DWORD 2
Type REG_DWORD 32
----------------------------------------------------------
dcdiag
Domain Controller Diagnosis
Doing initial required tests
Doing primary tests
......................... Server1 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0002720
Time Generated: 03/24/2010 16:41:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:39
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:40
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:42
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:49
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:50
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 03/24/2010 16:44:51
kj [SBS MVP]
event logs if dcdiag still has time and PDCe isssues.
--
/kj
Wael
wrote:
> After your SBS scheduled restart check the System and Directory Services
> event logs if dcdiag still has time and PDCe isssues.
>
>
but they don't show in the system log.
Event Type: Warning
Event Source: NTDS Replication
Event Category: Backup
Event ID: 2089
Date: 3/25/2010
Time: 2:05:17 AM
User: NT AUTHORITY\ANONYMOUS LOGON
Computer: Server1
Description:
This directory partition has not been backed up since at least the
following number of days.
Directory partition:
DC=ForestDnsZones,DC=MyOrganization,DC=local
'Backup latency interval' (days):
30
It is recommended that you take a backup as often as possible to
recover from accidental loss of data. However if you haven't taken a
backup since at least the 'backup latency interval' number of days,
this message will be logged every day until a backup is taken. You can
take a backup of any replica that holds this partition.
By default the 'Backup latency interval' is set to half the 'Tombstone
Lifetime Interval'. If you want to change the default 'Backup latency
interval', you could do so by adding the following registry key.
'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency
Threshold (days)
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.