| Home | Register | Members | Search | Windows Vista Tips | File Database | Links |
 |
| Thread Tools | Display Modes |
|
stiitwok
Guest
Posts: n/a
|
My environment is a little weird. Most of the infrastructure is on
Linux/Unix platforms including DNS (BIND 8).  igressionThe domain name for the Windows AD is the same as the hosted web services. This eliminates the possibility of non-srv aware clients resolving the domain name to a DC so we'll see things like non-srv aware clients not being able to find DFS roots. I'm mentioning this because I suspect that plays a small part in the weirdness we're experiencing with FRS sysvol replication. Particularly because we have two DCs for the root Domain in the forest that do not have identical sysvols, specifically the policies for GPOs. Timestamps are different, last modify dates are different. This is clearly seen when using the gpotool to view a comparison of the two DCs contents. :End Digression My question is, what is the best way to get these two sysvols to sync normally. Reg burflags and an ntfrs recovery seems to be in order but the event logs for ntfrs seem to indicate that everything is fine. That is, when replication happens (see caveat below). Bizarre things will happen such as Windows XP clients will have all of their software reinstalled via GPOs. Probably because the software installation extensions are seeing different timestamps on the GPOs and think they need to repair. One more caveat - one of the DCs every couple of days needs to be rebooted because lsass.exe is pegged. Non-paged memory is fine but the processor chokes. This causes RPC to become unavailable, then replication fails (obviously), clients begin to contact the other DC with the *different* GPO modify times in sysvol, and voila - clients reinstall their GPO software. Have you ever seen anything so screwed up in the history of man? I don't expect anyone to answer that. Aside from all of this mess, one would think that if ntfrs is reporting normal replication between two DC sysvols, and dcdiag is reporting no anomalies, and netdiag gives a green light, that the sysvols would be identical. Any clues? Where's that 'easy button' when you need it? |
|
|
|
|
|||
|
|||
|
|
|
| |
|
Don Wilwol
Guest
Posts: n/a
|
Are these 2000 or 2003 DC's
How's your time synchronization? What does replmon say? What does replmon say when you force a replication. DCdiag and netdiag gives NO errors from either DC? You said - > The domain name for the Windows AD is the same as the hosted web > services. This eliminates the possibility of non-srv aware clients > resolving the domain name to a DC. huh! -- -------- Hope It Helps! dw _______________________________ Don Wilwol Distributed Application Technologies. dwilwol(DELETE)@datbusiness.com www.AtTheDataCenter.com (personal website) www.skysphere.com (hosting available) "stiitwok" <> wrote in message news:... > My environment is a little weird. Most of the infrastructure is on > Linux/Unix platforms including DNS (BIND 8). > igression> The domain name for the Windows AD is the same as the hosted web services. > This eliminates the possibility of non-srv aware clients resolving the > domain name to a DC so we'll see things like non-srv aware clients not > being able to find DFS roots. I'm mentioning this because I suspect that > plays a small part in the weirdness we're experiencing with FRS sysvol > replication. Particularly because we have two DCs for the root Domain in > the forest that do not have identical sysvols, specifically the policies > for GPOs. Timestamps are different, last modify dates are different. > This is clearly seen when using the gpotool to view a comparison of the > two DCs contents. > :End Digression > My question is, what is the best way to get these two sysvols to sync > normally. Reg burflags and an ntfrs recovery seems to be in order but the > event logs for ntfrs seem to indicate that everything is fine. That is, > when replication happens (see caveat below). > > Bizarre things will happen such as Windows XP clients will have all of > their software reinstalled via GPOs. Probably because the software > installation extensions are seeing different timestamps on the GPOs and > think they need to repair. > > One more caveat - one of the DCs every couple of days needs to be rebooted > because lsass.exe is pegged. Non-paged memory is fine but the processor > chokes. This causes RPC to become unavailable, then replication fails > (obviously), clients begin to contact the other DC with the *different* > GPO modify times in sysvol, and voila - clients reinstall their GPO > software. Have you ever seen anything so screwed up in the history of > man? I don't expect anyone to answer that. > > Aside from all of this mess, one would think that if ntfrs is reporting > normal replication between two DC sysvols, and dcdiag is reporting no > anomalies, and netdiag gives a green light, that the sysvols would be > identical. Any clues? Where's that 'easy button' when you need it? |
|
|
|
|
|||
|
|
|||
|
stiitwok
Guest
Posts: n/a
|
Don Wilwol wrote:
> Are these 2000 or 2003 DC's - They're 2003 SP1 DCs > How's your time synchronization? - Time sync is perfect > What does replmon say? - Replmon indicates all partions have replicated successfully and are current > What does replmon say when you force a replication. - Replmon states replication occurred and completed with no errors > DCdiag and netdiag gives NO errors from either DC? Netdiag reports no errors at all. DCDiag currently reports the following errors (see end of reply for full output Testing server: campus\DC3.mydomain.org Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Starting test: RidManager * Available RID Pool for the Domain is 9891 to 1073741823 * dc3.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC3.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC3.mydomain.org on DC DC3.mydomain.org. * The current DC is not in the domain controller's OU ......................... DC3.mydomain.org failed test MachineAccount Starting test: kccevent * The KCC Event log test An Warning Event occured. EventID: 0x80000438 Time Generated: 05/15/2006 10:21:52 (Event String could not be retrieved) ......................... DC3.mydomain.org failed test kccevent Error Source: Kerberos Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Testing server: campus\DC1.ECE-EDU.mydomain.org Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * dc1.ece-edu.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC1.ECE-EDU.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC DC1.ECE-EDU.mydomain.org. * The current DC is not in the domain controller's OU ......................... DC1.ECE-EDU.mydomain.org failed test MachineAccount Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:04:45 (Event String could not be retrieved) ......................... DC1.ECE-EDU.mydomain.org failed test systemlog Error Source: Kerberos Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Testing server: campus\DC4.ECE-EDU.mydomain.org Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * dc1.ece-edu.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC4.ECE-EDU.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC DC4.ECE-EDU.mydomain.org. * The current DC is not in the domain controller's OU ......................... DC4.ECE-EDU.mydomain.org failed test MachineAccount Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:00:38 (Event String could not be retrieved) ......................... DC4.ECE-EDU.mydomain.org failed test systemlog Error Source: Kerberos Error Code: 0xd KDC_ERR_BADOPTION Extended Error: 0xc00000bb KLIN(0) Testing server: campus\DC2.mydomain.org Test omitted by user request: Topology Test omitted by user request: CutoffServers Test omitted by user request: OutboundSecureChannels Test omitted by user request: VerifyReplicas Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Starting test: RidManager * Available RID Pool for the Domain is 9891 to 1073741823 * dc3.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC2.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC2.mydomain.org on DC DC2.mydomain.org. ***Error: The server DC2.mydomain.org is missing its machine account. Try running with the /repairmachineaccount option. * The current DC is not in the domain controller's OU ......................... DC2.mydomain.org failed test MachineAccount Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:02:51 (Event String could not be retrieved) ......................... DC2.mydomain.org failed test systemlog Running enterprise tests on : mydomain.org Test omitted by user request: DNS Test omitted by user request: DNS Starting test: Intersite Skipping site campus, this site is outside the scope provided by the command line arguments provided. ......................... mydomain.org passed test Intersite > > You said - > The domain name for the Windows AD is the same as the hosted > web >> services. This eliminates the possibility of non-srv aware clients >> resolving the domain name to a DC. > huh! Right - so this means that non-domain member systems (ones that don't look for srv dns records) must rely on a shot in the dark when it comes to resolving things like DFS roots. A client will attempt to contact the domain in the DFS UNC path (\\na.world.com\dfs_root for example) on the chance that a DC will respond and provide the proper reference from AD. Essentially the main domain entry in Windows DNS that you would typically see resolving to a domain controller (the pdc in most cases) does not behave this way in my environment. This entry resolves to the site's web server. I know it sounds pretty screwed up but this domain has been upgraded for years from the original NT4 domain and beyond. Most of the infrastructure is on Linux/Unix systems. To further complicate things, there is a kerberos realm infrastructure existing in parallel with the AD kerberos realm. And they both have the same name! Which is why I'm in the middle of migrating the domain to a child DNS zone with all of the trimmings - a full domain migration to a new domain name. > > Begin dcdiag /debug output ------------ Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine dc2, is a DC. * Connecting to directory service on server dc2. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 4 DC(s). Testing 4 of them. Done gathering initial info. Doing initial required tests Testing server: campus\DC3.mydomain.org Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DC3.mydomain.org passed test Connectivity Testing server: campus\DC1.ECE-EDU.mydomain.org Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DC1.ECE-EDU.mydomain.org passed test Connectivity Testing server: campus\DC4.ECE-EDU.mydomain.org Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DC4.ECE-EDU.mydomain.org passed test Connectivity Testing server: campus\DC2.mydomain.org Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... DC2.mydomain.org passed test Connectivity Doing primary tests Testing server: campus\DC3.mydomain.org Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ece-edu,DC=ece,DC=cmu,DC=edu Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... DC3.mydomain.org passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC3.mydomain.org. * Security Permissions Check for CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ece,DC=cmu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=ece,DC=cmu,DC=edu (Domain,Version 2) * Security Permissions Check for DC=ece-edu,DC=ece,DC=cmu,DC=edu (Domain,Version 2) ......................... DC3.mydomain.org passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC3.mydomain.org\netlogon Verified share \\DC3.mydomain.org\sysvol ......................... DC3.mydomain.org passed test NetLogons Starting test: Advertising The DC DC3.mydomain.org is advertising itself as a DC and having a DS. The DC DC3.mydomain.org is advertising as an LDAP server The DC DC3.mydomain.org is advertising as having a writeable directory The DC DC3.mydomain.org is advertising as a Key Distribution Center The DC DC3.mydomain.org is advertising as a time server The DS DC3.mydomain.org is advertising as a GC. ......................... DC3.mydomain.org passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Domain Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role PDC Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu ......................... DC3.mydomain.org passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 9891 to 1073741823 * dc3.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC3.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC3.mydomain.org on DC DC3.mydomain.org. * The current DC is not in the domain controller's OU * SPN found :LDAP/dc3.mydomain.org/mydomain.org * SPN found :LDAP/dc3.mydomain.org * SPN found :LDAP/DC3.mydomain.org * SPN found :LDAP/dc3.mydomain.org/ECE * SPN found :LDAP/a7d794c9-f558-4df6-87c0-1229e5c56cc8._msdcs.mydomain.org * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a7d794c9-f558-4df6-87c0-1229e5c56cc8/mydomain.org * SPN found :HOST/dc3.mydomain.org/mydomain.org * SPN found :HOST/dc3.mydomain.org * SPN found :HOST/DC3.mydomain.org * SPN found :HOST/dc3.mydomain.org/ECE * SPN found :GC/dc3.mydomain.org/mydomain.org ......................... DC3.mydomain.org failed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DC3.mydomain.org passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated DC3.mydomain.org is in domain DC=ece,DC=cmu,DC=edu Checking for CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu in domain DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. ......................... DC3.mydomain.org passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC3.mydomain.org passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DC3.mydomain.org passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DC3.mydomain.org passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:07:35 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:22:43 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:37:44 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:52:46 (Event String could not be retrieved) ......................... DC3.mydomain.org failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites, CN=Configuration,DC=ece,DC=cmu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece,DC=cmu,DC=edu and backlink on CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu are correct. The system object reference (serverReferenceBL) CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece,DC=cmu,DC=edu and backlink on CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu are correct. ......................... DC3.mydomain.org passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Testing server: campus\DC1.ECE-EDU.mydomain.org Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ece,DC=cmu,DC=edu Latency information for 6 entries in the vector were ignored. 5 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... DC1.ECE-EDU.mydomain.org passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC1.ECE-EDU.mydomain.org. * Security Permissions Check for DC=ece-edu,DC=ece,DC=cmu,DC=edu (Domain,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ece,DC=cmu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=ece,DC=cmu,DC=edu (Domain,Version 2) ......................... DC1.ECE-EDU.mydomain.org passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC1.ECE-EDU.mydomain.org\netlogon Verified share \\DC1.ECE-EDU.mydomain.org\sysvol ......................... DC1.ECE-EDU.mydomain.org passed test NetLogons Starting test: Advertising The DC DC1.ECE-EDU.mydomain.org is advertising itself as a DC and having a DS. The DC DC1.ECE-EDU.mydomain.org is advertising as an LDAP server The DC DC1.ECE-EDU.mydomain.org is advertising as having a writeable directory The DC DC1.ECE-EDU.mydomain.org is advertising as a Key Distribution Center The DC DC1.ECE-EDU.mydomain.org is advertising as a time server The DS DC1.ECE-EDU.mydomain.org is advertising as a GC. ......................... DC1.ECE-EDU.mydomain.org passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Domain Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role PDC Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu ......................... DC1.ECE-EDU.mydomain.org passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * dc1.ece-edu.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC1.ECE-EDU.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC DC1.ECE-EDU.mydomain.org. * The current DC is not in the domain controller's OU * SPN found :LDAP/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org * SPN found :LDAP/dc1.ece-edu.mydomain.org * SPN found :LDAP/DC1.ECE-EDU.mydomain.org * SPN found :LDAP/dc1.ece-edu.mydomain.org/ECE-EDU * SPN found :LDAP/e85eca0a-8d03-4cbe-a880-68a77931606e._msdcs.mydomain.org * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e85eca0a-8d03-4cbe-a880-68a77931606e/ece-edu.mydomain.org * SPN found :HOST/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org * SPN found :HOST/dc1.ece-edu.mydomain.org * SPN found :HOST/DC1.ECE-EDU.mydomain.org * SPN found :HOST/dc1.ece-edu.mydomain.org/ECE-EDU * SPN found :GC/dc1.ece-edu.mydomain.org/mydomain.org ......................... DC1.ECE-EDU.mydomain.org failed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DC1.ECE-EDU.mydomain.org passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated DC1.ECE-EDU.mydomain.org is in domain DC=ece-edu,DC=ece,DC=cmu,DC=edu Checking for CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. ......................... DC1.ECE-EDU.mydomain.org passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC1.ECE-EDU.mydomain.org passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DC1.ECE-EDU.mydomain.org passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DC1.ECE-EDU.mydomain.org passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:04:45 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:19:45 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:34:46 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:49:46 (Event String could not be retrieved) ......................... DC1.ECE-EDU.mydomain.org failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are correct. The system object reference (serverReferenceBL) CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu are correct. ......................... DC1.ECE-EDU.mydomain.org passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Testing server: campus\DC4.ECE-EDU.mydomain.org Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ece,DC=cmu,DC=edu Latency information for 6 entries in the vector were ignored. 5 were retired Invocations. 1 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... DC4.ECE-EDU.mydomain.org passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC4.ECE-EDU.mydomain.org. * Security Permissions Check for DC=ece-edu,DC=ece,DC=cmu,DC=edu (Domain,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ece,DC=cmu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=ece,DC=cmu,DC=edu (Domain,Version 2) ......................... DC4.ECE-EDU.mydomain.org passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC4.ECE-EDU.mydomain.org\netlogon Verified share \\DC4.ECE-EDU.mydomain.org\sysvol ......................... DC4.ECE-EDU.mydomain.org passed test NetLogons Starting test: Advertising The DC DC4.ECE-EDU.mydomain.org is advertising itself as a DC and having a DS. The DC DC4.ECE-EDU.mydomain.org is advertising as an LDAP server The DC DC4.ECE-EDU.mydomain.org is advertising as having a writeable directory The DC DC4.ECE-EDU.mydomain.org is advertising as a Key Distribution Center The DC DC4.ECE-EDU.mydomain.org is advertising as a time server The DS DC4.ECE-EDU.mydomain.org is advertising as a GC. ......................... DC4.ECE-EDU.mydomain.org passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Domain Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role PDC Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu ......................... DC4.ECE-EDU.mydomain.org passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4103 to 1073741823 * dc1.ece-edu.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC4.ECE-EDU.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC DC4.ECE-EDU.mydomain.org. * The current DC is not in the domain controller's OU * SPN found :LDAP/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org * SPN found :LDAP/dc4.ece-edu.mydomain.org * SPN found :LDAP/DC4.ECE-EDU.mydomain.org * SPN found :LDAP/dc4.ece-edu.mydomain.org/ECE-EDU * SPN found :LDAP/500f9c2c-5994-4da6-a2ce-07a009a23870._msdcs.mydomain.org * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/500f9c2c-5994-4da6-a2ce-07a009a23870/ece-edu.mydomain.org * SPN found :HOST/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org * SPN found :HOST/dc4.ece-edu.mydomain.org * SPN found :HOST/DC4.ECE-EDU.mydomain.org * SPN found :HOST/dc4.ece-edu.mydomain.org/ECE-EDU * SPN found :GC/dc4.ece-edu.mydomain.org/mydomain.org ......................... DC4.ECE-EDU.mydomain.org failed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DC4.ECE-EDU.mydomain.org passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated DC4.ECE-EDU.mydomain.org is in domain DC=ece-edu,DC=ece,DC=cmu,DC=edu Checking for CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. ......................... DC4.ECE-EDU.mydomain.org passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC4.ECE-EDU.mydomain.org passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DC4.ECE-EDU.mydomain.org passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DC4.ECE-EDU.mydomain.org passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:00:38 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:15:38 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:30:39 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:45:39 (Event String could not be retrieved) ......................... DC4.ECE-EDU.mydomain.org failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are correct. The system object reference (serverReferenceBL) CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu and backlink on CN=NTDS Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu are correct. ......................... DC4.ECE-EDU.mydomain.org passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Testing server: campus\DC2.mydomain.org Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ece,DC=cmu,DC=edu Latency information for 5 entries in the vector were ignored. 5 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... DC2.mydomain.org passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC2.mydomain.org. * Security Permissions Check for CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ece,DC=cmu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=ece,DC=cmu,DC=edu (Domain,Version 2) ......................... DC2.mydomain.org passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC2.mydomain.org\netlogon Verified share \\DC2.mydomain.org\sysvol ......................... DC2.mydomain.org passed test NetLogons Starting test: Advertising The DC DC2.mydomain.org is advertising itself as a DC and having a DS. The DC DC2.mydomain.org is advertising as an LDAP server The DC DC2.mydomain.org is advertising as having a writeable directory The DC DC2.mydomain.org is advertising as a Key Distribution Center The DC DC2.mydomain.org is advertising as a time server ......................... DC2.mydomain.org passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Domain Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role PDC Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu ......................... DC2.mydomain.org passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 9891 to 1073741823 * dc3.mydomain.org is the RID Master * DsBind with RID Master was successful Failed with 8481: The search failed to retrieve attributes from the database. Could not get Rid set Reference :failed with 8481: The search failed to retrieve attributes from the database. ......................... DC2.mydomain.org failed test RidManager Starting test: MachineAccount Checking machine account for DC DC2.mydomain.org on DC DC2.mydomain.org. ***Error: The server DC2.mydomain.org is missing its machine account. Try running with the /repairmachineaccount option. * The current DC is not in the domain controller's OU * SPN found :LDAP/dc2.mydomain.org/mydomain.org * SPN found :LDAP/dc2.mydomain.org * SPN found :LDAP/DC2.mydomain.org * SPN found :LDAP/dc2.mydomain.org/ECE * SPN found :LDAP/b4483822-0d6a-4821-af5f-7f2a15534c6b._msdcs.mydomain.org * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/b4483822-0d6a-4821-af5f-7f2a15534c6b/mydomain.org * SPN found :HOST/dc2.mydomain.org/mydomain.org * SPN found :HOST/dc2.mydomain.org * SPN found :HOST/DC2.mydomain.org * SPN found :HOST/dc2.mydomain.org/ECE * SPN found :GC/dc2.mydomain.org/mydomain.org ......................... DC2.mydomain.org failed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... DC2.mydomain.org passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated DC2.mydomain.org is in domain DC=ece,DC=cmu,DC=edu Checking for CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu in domain DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers Object is up-to-date on all servers. ......................... DC2.mydomain.org passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC2.mydomain.org passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... DC2.mydomain.org passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... DC2.mydomain.org passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:02:51 (Event String could not be retrieved) An Error Event occured. EventID: 0x0000165B Time Generated: 05/16/2006 08:12:06 Event String: The session setup from computer 'RIESLING' failed because the security database does not contain a trust account 'RIESLING$' referenced by the specified computer. USER ACTION If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem: If 'RIESLING$' is a legitimate machine account for the computer 'RIESLING', then 'RIESLING' should be rejoined to the domain. If 'RIESLING$' is a legitimate interdomain trust account, then the trust should be recreated. Otherwise, assuming that 'RIESLING$' is not a legitimate account, the following action should be taken on 'RIESLING': If 'RIESLING' is a Domain Controller, then the trust associated with 'RIESLING$' should be deleted. If 'RIESLING' is not a Domain Controller, it should be disjoined from the domain. An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:17:52 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:32:55 (Event String could not be retrieved) An Error Event occured. EventID: 0x80000003 Time Generated: 05/16/2006 08:47:58 (Event String could not be retrieved) ......................... DC2.mydomain.org failed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on CN=DC2.mydomain.org,CN=Servers,CN=campus,CN=Sites, CN=Configuration,DC=ece,DC=cmu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece,DC=cmu,DC=edu and backlink on CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu are correct. The system object reference (serverReferenceBL) CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ece,DC=cmu,DC=edu and backlink on CN=NTDS Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu are correct. ......................... DC2.mydomain.org passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ece Starting test: CrossRefValidation ......................... ece passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ece passed test CheckSDRefDom Running partition tests on : ece-edu Starting test: CrossRefValidation ......................... ece-edu passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ece-edu passed test CheckSDRefDom Running enterprise tests on : mydomain.org Starting test: Intersite Skipping site campus, this site is outside the scope provided by the command line arguments provided. ......................... mydomain.org passed test Intersite Starting test: FsmoCheck GC Name: \\dc4.ece-edu.mydomain.org Locator Flags: 0xe00001fc PDC Name: \\dc3.mydomain.org Locator Flags: 0xe00003fd Time Server Name: \\dc2.mydomain.org Locator Flags: 0xe00003f8 Preferred Time Server Name: \\dc2.mydomain.org Locator Flags: 0xe00003f8 KDC Name: \\dc2.mydomain.org Locator Flags: 0xe00003f8 ......................... mydomain.org passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS |
|
|
|
|
|||
|
|
|||
|
Don Wilwol
Guest
Posts: n/a
|
run ntdsutil and verify the fsmo rolls in both mydomain.org and
ECE-EDU.mydomain.org. Then verify DNS is working between the domains. Make sure all DNS zones are replicated throughout all DNS servers. Let us know what you find. -- -------- Hope It Helps! dw _______________________________ Don Wilwol Distributed Application Technologies. dwilwol(DELETE)@datbusiness.com www.AtTheDataCenter.com (personal website) www.skysphere.com (hosting available) "stiitwok" <> wrote in message news:%... > Don Wilwol wrote: >> Are these 2000 or 2003 DC's > - They're 2003 SP1 DCs > >> How's your time synchronization? > - Time sync is perfect > >> What does replmon say? > - Replmon indicates all partions have replicated successfully and are > current > >> What does replmon say when you force a replication. > - Replmon states replication occurred and completed with no errors > >> DCdiag and netdiag gives NO errors from either DC? > Netdiag reports no errors at all. > > DCDiag currently reports the following errors (see end of reply for full > output > > Testing server: campus\DC3.mydomain.org > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Test omitted by user request: OutboundSecureChannels > Test omitted by user request: VerifyReplicas > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Starting test: RidManager > * Available RID Pool for the Domain is 9891 to 1073741823 > * dc3.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC3.mydomain.org failed test RidManager > > Starting test: MachineAccount > Checking machine account for DC DC3.on DC DC3.mydomain.org. > * The current DC is not in the domain controller's OU > ......................... DC3.mydomain.org failed test > MachineAccount > > Starting test: kccevent > * The KCC Event log test > An Warning Event occured. EventID: 0x80000438 > Time Generated: 05/15/2006 10:21:52 > (Event String could not be retrieved) > ......................... DC3.mydomain.org failed test kccevent > Error Source: Kerberos > Error Code: 0xd KDC_ERR_BADOPTION > Extended Error: 0xc00000bb KLIN(0) > > > Testing server: campus\DC1.ECE-EDU.mydomain.org > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Test omitted by user request: OutboundSecureChannels > Test omitted by user request: VerifyReplicas > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Starting test: RidManager > * Available RID Pool for the Domain is 4103 to 1073741823 > * dc1.ece-edu.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC1.ECE-EDU.mydomain.org failed test > RidManager > > Starting test: MachineAccount > Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC > DC1.ECE-EDU.mydomain.org. > * The current DC is not in the domain controller's OU > ......................... DC1.ECE-EDU.mydomain.org failed test > MachineAccount > > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:04:45 > (Event String could not be retrieved) > ......................... DC1.ECE-EDU.mydomain.org failed test > systemlog > Error Source: Kerberos > Error Code: 0xd KDC_ERR_BADOPTION > Extended Error: 0xc00000bb KLIN(0) > > > > Testing server: campus\DC4.ECE-EDU.mydomain.org > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Test omitted by user request: OutboundSecureChannels > Test omitted by user request: VerifyReplicas > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Starting test: RidManager > * Available RID Pool for the Domain is 4103 to 1073741823 > * dc1.ece-edu.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC4.ECE-EDU.mydomain.org failed test > RidManager > > Starting test: MachineAccount > Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC > DC4.ECE-EDU.mydomain.org. > * The current DC is not in the domain controller's OU > ......................... DC4.ECE-EDU.mydomain.org failed test > MachineAccount > > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:00:38 > (Event String could not be retrieved) > ......................... DC4.ECE-EDU.mydomain.org failed test > systemlog > Error Source: Kerberos > Error Code: 0xd KDC_ERR_BADOPTION > Extended Error: 0xc00000bb KLIN(0) > > > > > Testing server: campus\DC2.mydomain.org > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Test omitted by user request: OutboundSecureChannels > Test omitted by user request: VerifyReplicas > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Starting test: RidManager > * Available RID Pool for the Domain is 9891 to 1073741823 > * dc3.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC2.mydomain.org failed test RidManager > > Starting test: MachineAccount > Checking machine account for DC DC2.mydomain.org on DC > DC2.mydomain.org. > ***Error: The server DC2.mydomain.org is missing its machine > account. > > Try running with the /repairmachineaccount option. > * The current DC is not in the domain controller's OU > ......................... DC2.mydomain.org failed test > MachineAccount > > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:02:51 > (Event String could not be retrieved) > ......................... DC2.mydomain.org failed test systemlog > > > > Running enterprise tests on : mydomain.org > > Test omitted by user request: DNS > Test omitted by user request: DNS > > Starting test: Intersite > Skipping site campus, this site is outside the scope provided by > the > > command line arguments provided. > ......................... mydomain.org passed test Intersite > >> >> You said - > The domain name for the Windows AD is the same as the hosted >> web >>> services. This eliminates the possibility of non-srv aware clients >>> resolving the domain name to a DC. >> huh! > Right - so this means that non-domain member systems (ones that don't look > for srv dns records) must rely on a shot in the dark when it comes to > resolving things like DFS roots. A client will attempt to contact the > domain in the DFS UNC path (\\na.world.com\dfs_root for example) on the > chance that a DC will respond and provide the proper reference from AD. > Essentially the main domain entry in Windows DNS that you would typically > see resolving to a domain controller (the pdc in most cases) does not > behave this way in my environment. This entry resolves to the site's web > server. > > I know it sounds pretty screwed up but this domain has been upgraded for > years from the original NT4 domain and beyond. Most of the infrastructure > is on Linux/Unix systems. To further complicate things, there is a > kerberos realm infrastructure existing in parallel with the AD kerberos > realm. And they both have the same name! Which is why I'm in the middle > of migrating the domain to a child DNS zone with all of the trimmings - a > full domain migration to a new domain name. >> >> > > Begin dcdiag /debug output > ------------ > > Domain Controller Diagnosis > > Performing initial setup: > * Verifying that the local machine dc2, is a DC. > * Connecting to directory service on server dc2. > * Collecting site info. > * Identifying all servers. > * Identifying all NC cross-refs. > * Found 4 DC(s). Testing 4 of them. > Done gathering initial info. > > Doing initial required tests > > Testing server: campus\DC3.mydomain.org > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... DC3.mydomain.org passed test > Connectivity > > Testing server: campus\DC1.ECE-EDU.mydomain.org > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... DC1.ECE-EDU.mydomain.org passed test > Connectivity > > Testing server: campus\DC4.ECE-EDU.mydomain.org > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... DC4.ECE-EDU.mydomain.org passed test > Connectivity > > Testing server: campus\DC2.mydomain.org > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... DC2.mydomain.org passed test > Connectivity > > Doing primary tests > > Testing server: campus\DC3.mydomain.org > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ece-edu,DC=ece,DC=cmu,DC=edu > Latency information for 2 entries in the vector were > ignored. > 2 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... DC3.mydomain.org passed test > Replications > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC DC3.mydomain.org. > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=ece,DC=cmu,DC=edu > (Configuration,Version 2) > * Security Permissions Check for > DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > * Security Permissions Check for > DC=ece-edu,DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > ......................... DC3.mydomain.org passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\DC3.mydomain.org\netlogon > Verified share \\DC3.mydomain.org\sysvol > ......................... DC3.mydomain.org passed test NetLogons > Starting test: Advertising > The DC DC3.mydomain.org is advertising itself as a DC and having > a DS. > The DC DC3.mydomain.org is advertising as an LDAP server > The DC DC3.mydomain.org is advertising as having a writeable > directory > The DC DC3.mydomain.org is advertising as a Key Distribution > Center > The DC DC3.mydomain.org is advertising as a time server > The DS DC3.mydomain.org is advertising as a GC. > ......................... DC3.mydomain.org passed test > Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Domain Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role PDC Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Rid Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > ......................... DC3.mydomain.org passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 9891 to 1073741823 > * dc3.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC3.mydomain.org failed test RidManager > Starting test: MachineAccount > Checking machine account for DC DC3.mydomain.org on DC > DC3.mydomain.org. > * The current DC is not in the domain controller's OU > * SPN found :LDAP/dc3.mydomain.org/mydomain.org > * SPN found :LDAP/dc3.mydomain.org > * SPN found :LDAP/DC3.mydomain.org > * SPN found :LDAP/dc3.mydomain.org/ECE > * SPN found > :LDAP/a7d794c9-f558-4df6-87c0-1229e5c56cc8._msdcs.mydomain.org > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a7d794c9-f558-4df6-87c0-1229e5c56cc8/mydomain.org > * SPN found :HOST/dc3.mydomain.org/mydomain.org > * SPN found :HOST/dc3.mydomain.org > * SPN found :HOST/DC3.mydomain.org > * SPN found :HOST/dc3.mydomain.org/ECE > * SPN found :GC/dc3.mydomain.org/mydomain.org > ......................... DC3.mydomain.org failed test > MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC3.mydomain.org passed test Services > Test omitted by user request: OutboundSecureChannels > Starting test: ObjectsReplicated > DC3.mydomain.org is in domain DC=ece,DC=cmu,DC=edu > Checking for CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu in > domain DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > ......................... DC3.mydomain.org passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC3.mydomain.org passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... DC3.mydomain.org passed test frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the last 15 > minutes. > ......................... DC3.mydomain.org passed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:07:35 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:22:43 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:37:44 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:52:46 > (Event String could not be retrieved) > ......................... DC3.mydomain.org failed test systemlog > Test omitted by user request: VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on > > > CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites, CN=Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > The system object reference (frsComputerReferenceBL) > > CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece,DC=cmu,DC=edu > > and backlink on CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu > are > > correct. > The system object reference (serverReferenceBL) > > CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > ......................... DC3.mydomain.org passed test > VerifyReferences > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Testing server: campus\DC1.ECE-EDU.mydomain.org > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ece,DC=cmu,DC=edu > Latency information for 6 entries in the vector were > ignored. > 5 were retired Invocations. 1 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... DC1.ECE-EDU.mydomain.org passed test > Replications > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC > DC1.ECE-EDU.mydomain.org. > * Security Permissions Check for > DC=ece-edu,DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=ece,DC=cmu,DC=edu > (Configuration,Version 2) > * Security Permissions Check for > DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > ......................... DC1.ECE-EDU.mydomain.org passed test > NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\DC1.ECE-EDU.mydomain.org\netlogon > Verified share \\DC1.ECE-EDU.mydomain.org\sysvol > ......................... DC1.ECE-EDU.mydomain.org passed test > NetLogons > Starting test: Advertising > The DC DC1.ECE-EDU.mydomain.org is advertising itself as a DC and > having a DS. > The DC DC1.ECE-EDU.mydomain.org is advertising as an LDAP server > The DC DC1.ECE-EDU.mydomain.org is advertising as having a > writeable directory > The DC DC1.ECE-EDU.mydomain.org is advertising as a Key > Distribution Center > The DC DC1.ECE-EDU.mydomain.org is advertising as a time server > The DS DC1.ECE-EDU.mydomain.org is advertising as a GC. > ......................... DC1.ECE-EDU.mydomain.org passed test > Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Domain Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role PDC Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > Role Rid Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > ......................... DC1.ECE-EDU.mydomain.org passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 4103 to 1073741823 > * dc1.ece-edu.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC1.ECE-EDU.mydomain.org failed test > RidManager > Starting test: MachineAccount > Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC > DC1.ECE-EDU.mydomain.org. > * The current DC is not in the domain controller's OU > * SPN found :LDAP/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org > * SPN found :LDAP/dc1.ece-edu.mydomain.org > * SPN found :LDAP/DC1.ECE-EDU.mydomain.org > * SPN found :LDAP/dc1.ece-edu.mydomain.org/ECE-EDU > * SPN found > :LDAP/e85eca0a-8d03-4cbe-a880-68a77931606e._msdcs.mydomain.org > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e85eca0a-8d03-4cbe-a880-68a77931606e/ece-edu.mydomain.org > * SPN found :HOST/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org > * SPN found :HOST/dc1.ece-edu.mydomain.org > * SPN found :HOST/DC1.ECE-EDU.mydomain.org > * SPN found :HOST/dc1.ece-edu.mydomain.org/ECE-EDU > * SPN found :GC/dc1.ece-edu.mydomain.org/mydomain.org > ......................... DC1.ECE-EDU.mydomain.org failed test > MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC1.ECE-EDU.mydomain.org passed test > Services > Test omitted by user request: OutboundSecureChannels > Starting test: ObjectsReplicated > DC1.ECE-EDU.mydomain.org is in domain > DC=ece-edu,DC=ece,DC=cmu,DC=edu > Checking for CN=DC1,OU=Domain > Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain > DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > ......................... DC1.ECE-EDU.mydomain.org passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC1.ECE-EDU.mydomain.org passed test > frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... DC1.ECE-EDU.mydomain.org passed test > frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the last 15 > minutes. > ......................... DC1.ECE-EDU.mydomain.org passed test > kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:04:45 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:19:45 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:34:46 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:49:46 > (Event String could not be retrieved) > ......................... DC1.ECE-EDU.mydomain.org failed test > systemlog > Test omitted by user request: VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and > > backlink on > > > CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > The system object reference (frsComputerReferenceBL) > > CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are > > correct. > The system object reference (serverReferenceBL) > > CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > ......................... DC1.ECE-EDU.mydomain.org passed test > VerifyReferences > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Testing server: campus\DC4.ECE-EDU.mydomain.org > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ece,DC=cmu,DC=edu > Latency information for 6 entries in the vector were > ignored. > 5 were retired Invocations. 1 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... DC4.ECE-EDU.mydomain.org passed test > Replications > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC > DC4.ECE-EDU.mydomain.org. > * Security Permissions Check for > DC=ece-edu,DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=ece,DC=cmu,DC=edu > (Configuration,Version 2) > * Security Permissions Check for > DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > ......................... DC4.ECE-EDU.mydomain.org passed test > NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\DC4.ECE-EDU.mydomain.org\netlogon > Verified share \\DC4.ECE-EDU.mydomain.org\sysvol > ......................... DC4.ECE-EDU.mydomain.org passed test > NetLogons > Starting test: Advertising > The DC DC4.ECE-EDU.mydomain.org is advertising itself as a DC and > having a DS. > The DC DC4.ECE-EDU.mydomain.org is advertising as an LDAP server > The DC DC4.ECE-EDU.mydomain.org is advertising as having a > writeable directory > The DC DC4.ECE-EDU.mydomain.org is advertising as a Key > Distribution Center > The DC DC4.ECE-EDU.mydomain.org is advertising as a time server > The DS DC4.ECE-EDU.mydomain.org is advertising as a GC. > ......................... DC4.ECE-EDU.mydomain.org passed test > Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Domain Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role PDC Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > Role Rid Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > ......................... DC4.ECE-EDU.mydomain.org passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 4103 to 1073741823 > * dc1.ece-edu.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC4.ECE-EDU.mydomain.org failed test > RidManager > Starting test: MachineAccount > Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC > DC4.ECE-EDU.mydomain.org. > * The current DC is not in the domain controller's OU > * SPN found :LDAP/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org > * SPN found :LDAP/dc4.ece-edu.mydomain.org > * SPN found :LDAP/DC4.ECE-EDU.mydomain.org > * SPN found :LDAP/dc4.ece-edu.mydomain.org/ECE-EDU > * SPN found > :LDAP/500f9c2c-5994-4da6-a2ce-07a009a23870._msdcs.mydomain.org > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/500f9c2c-5994-4da6-a2ce-07a009a23870/ece-edu.mydomain.org > * SPN found :HOST/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org > * SPN found :HOST/dc4.ece-edu.mydomain.org > * SPN found :HOST/DC4.ECE-EDU.mydomain.org > * SPN found :HOST/dc4.ece-edu.mydomain.org/ECE-EDU > * SPN found :GC/dc4.ece-edu.mydomain.org/mydomain.org > ......................... DC4.ECE-EDU.mydomain.org failed test > MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC4.ECE-EDU.mydomain.org passed test > Services > Test omitted by user request: OutboundSecureChannels > Starting test: ObjectsReplicated > DC4.ECE-EDU.mydomain.org is in domain > DC=ece-edu,DC=ece,DC=cmu,DC=edu > Checking for CN=DC4,OU=Domain > Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain > DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > ......................... DC4.ECE-EDU.mydomain.org passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC4.ECE-EDU.mydomain.org passed test > frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... DC4.ECE-EDU.mydomain.org passed test > frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the last 15 > minutes. > ......................... DC4.ECE-EDU.mydomain.org passed test > kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:00:38 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:15:38 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:30:39 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:45:39 > (Event String could not be retrieved) > ......................... DC4.ECE-EDU.mydomain.org failed test > systemlog > Test omitted by user request: VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and > > backlink on > > > CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > The system object reference (frsComputerReferenceBL) > > CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are > > correct. > The system object reference (serverReferenceBL) > > CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=NTDS > Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > ......................... DC4.ECE-EDU.mydomain.org passed test > VerifyReferences > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Testing server: campus\DC2.mydomain.org > Starting test: Replications > * Replications Check > * Replication Latency Check > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ece,DC=cmu,DC=edu > Latency information for 5 entries in the vector were > ignored. > 5 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > * Replication Site Latency Check > ......................... DC2.mydomain.org passed test > Replications > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC DC2.mydomain.org. > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=ece,DC=cmu,DC=edu > (Configuration,Version 2) > * Security Permissions Check for > DC=ece,DC=cmu,DC=edu > (Domain,Version 2) > ......................... DC2.mydomain.org passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\DC2.mydomain.org\netlogon > Verified share \\DC2.mydomain.org\sysvol > ......................... DC2.mydomain.org passed test NetLogons > Starting test: Advertising > The DC DC2.mydomain.org is advertising itself as a DC and having > a DS. > The DC DC2.mydomain.org is advertising as an LDAP server > The DC DC2.mydomain.org is advertising as having a writeable > directory > The DC DC2.mydomain.org is advertising as a Key Distribution > Center > The DC DC2.mydomain.org is advertising as a time server > ......................... DC2.mydomain.org passed test > Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Domain Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role PDC Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Rid Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > ......................... DC2.mydomain.org passed test > KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 9891 to 1073741823 > * dc3.mydomain.org is the RID Master > * DsBind with RID Master was successful > Failed with 8481: The search failed to retrieve attributes from > the database. > Could not get Rid set Reference :failed with 8481: The search > failed to retrieve attributes from the database. > ......................... DC2.mydomain.org failed test RidManager > Starting test: MachineAccount > Checking machine account for DC DC2.mydomain.org on DC > DC2.mydomain.org. > ***Error: The server DC2.mydomain.org is missing its machine > account. > > Try running with the /repairmachineaccount option. > * The current DC is not in the domain controller's OU > * SPN found :LDAP/dc2.mydomain.org/mydomain.org > * SPN found :LDAP/dc2.mydomain.org > * SPN found :LDAP/DC2.mydomain.org > * SPN found :LDAP/dc2.mydomain.org/ECE > * SPN found > :LDAP/b4483822-0d6a-4821-af5f-7f2a15534c6b._msdcs.mydomain.org > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/b4483822-0d6a-4821-af5f-7f2a15534c6b/mydomain.org > * SPN found :HOST/dc2.mydomain.org/mydomain.org > * SPN found :HOST/dc2.mydomain.org > * SPN found :HOST/DC2.mydomain.org > * SPN found :HOST/dc2.mydomain.org/ECE > * SPN found :GC/dc2.mydomain.org/mydomain.org > ......................... DC2.mydomain.org failed test > MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... DC2.mydomain.org passed test Services > Test omitted by user request: OutboundSecureChannels > Starting test: ObjectsReplicated > DC2.mydomain.org is in domain DC=ece,DC=cmu,DC=edu > Checking for CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu in > domain DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers > Object is up-to-date on all servers. > ......................... DC2.mydomain.org passed test > ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... DC2.mydomain.org passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > ......................... DC2.mydomain.org passed test frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the last 15 > minutes. > ......................... DC2.mydomain.org passed test kccevent > Starting test: systemlog > * The System Event log test > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:02:51 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x0000165B > Time Generated: 05/16/2006 08:12:06 > Event String: The session setup from computer 'RIESLING' > failed > > because the security database does not contain a > > trust account 'RIESLING$' referenced by the > > specified computer. > > > > USER ACTION > > If this is the first occurrence of this event for > > the specified computer and account, this may be a > > transient issue that doesn't require any action > > at this time. Otherwise, the following steps may > > be taken to resolve this problem: > > > > If 'RIESLING$' is a legitimate machine account > > for the computer 'RIESLING', then 'RIESLING' > > should be rejoined to the domain. > > > > If 'RIESLING$' is a legitimate interdomain trust > > account, then the trust should be recreated. > > > > Otherwise, assuming that 'RIESLING$' is not a > > legitimate account, the following action should > > be taken on 'RIESLING': > > > > If 'RIESLING' is a Domain Controller, then the > > trust associated with 'RIESLING$' should be > > deleted. > > > > If 'RIESLING' is not a Domain Controller, it > > should be disjoined from the domain. > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:17:52 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:32:55 > (Event String could not be retrieved) > An Error Event occured. EventID: 0x80000003 > Time Generated: 05/16/2006 08:47:58 > (Event String could not be retrieved) > ......................... DC2.mydomain.org failed test systemlog > Test omitted by user request: VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on > > > CN=DC2.mydomain.org,CN=Servers,CN=campus,CN=Sites, CN=Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > The system object reference (frsComputerReferenceBL) > > CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece,DC=cmu,DC=edu > > and backlink on CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu > are > > correct. > The system object reference (serverReferenceBL) > > CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication > Service,CN=System,DC=ece,DC=cmu,DC=edu > > and backlink on > > CN=NTDS > Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu > > are correct. > ......................... DC2.mydomain.org passed test > VerifyReferences > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : ece > Starting test: CrossRefValidation > ......................... ece passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ece passed test CheckSDRefDom > > Running partition tests on : ece-edu > Starting test: CrossRefValidation > ......................... ece-edu passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ece-edu passed test CheckSDRefDom > > Running enterprise tests on : mydomain.org > Starting test: Intersite > Skipping site campus, this site is outside the scope provided by > the > > command line arguments provided. > ......................... mydomain.org passed test Intersite > Starting test: FsmoCheck > GC Name: \\dc4.ece-edu.mydomain.org > Locator Flags: 0xe00001fc > PDC Name: \\dc3.mydomain.org > Locator Flags: 0xe00003fd > Time Server Name: \\dc2.mydomain.org > Locator Flags: 0xe00003f8 > Preferred Time Server Name: \\dc2.mydomain.org > Locator Flags: 0xe00003f8 > KDC Name: \\dc2.mydomain.org > Locator Flags: 0xe00003f8 > ......................... mydomain.org passed test FsmoCheck > Test omitted by user request: DNS > Test omitted by user request: DNS |
|
|
|
|
|||
|
|
|||
|
stiitwok
Guest
Posts: n/a
|
Don Wilwol wrote:
> run ntdsutil and verify the fsmo rolls in both mydomain.org and > ECE-EDU.mydomain.org. Then verify DNS is working between the domains. Make > sure all DNS zones are replicated throughout all DNS servers. Let us know > what you find. > netdiag finds that all dns data for both zones is consistent. Both zones are housed in the same server pairs. Here's what ntdsutil returns select operation target: list roles for connected server Server "dc2.mydomain.org" knows about 5 roles Schema - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Domain - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org PDC - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org RID - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Infrastructure - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Server "dc3.mydomain.org" knows about 5 roles Schema - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Domain - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org PDC - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org RID - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Infrastructure - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Server "dc1.ece-edu.mydomain.org" knows about 5 roles Schema - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Domain - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org PDC - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org RID - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org Infrastructure - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org Server "dc4.ece-edu.mydomain.org" knows about 5 roles Schema - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org Domain - CN=NTDS Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus, CN=Sites,CN=Configuration,DC=mydomain,DC=org PDC - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org RID - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org Infrastructure - CN=NTDS Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN= Configuration,DC=mydomain,DC=org |
|
|
|
|
|||
|
|
|||
|
stiitwok
Guest
Posts: n/a
|
Part of the problem was that one DC's sysvol junction points were
missing. Regardless, the target of the juntion points were not sync'd. I still haven't figured out why replication was failing between the systems. I performed a non-authoritative restore for the ill DC and replication has been fully restored. Perhaps a journal wrap occured when the rpc/lsass issue arose? I've increase the NTFS journal size on all DC's to avoid that problem again just in case servers go down. This is just another problem in a long line from this hand-me-down domain. When the rebuilds and domain migration occur, all DC's will have their sysvols on a separate partition with no other services hosted from that volume. |
|
|
|
|
|||
|
|
|||
|
|
|
| |
|
| Thread Tools | |
| Display Modes | |
|
|
Forum Software Powered by vBulletin®, Copyright Jelsoft Enterprises Ltd.
SEO by vBSEO 3.3.2 ©2009, Crawlability, Inc. |
Linear Mode
