The local domain controller could not connect with - 2008

Hello,

I'm playing around with my first 2008 server setup. So far the only role
I've added was AD. It is in a new domain (not a production environment)
and is the sole server. It automatically installs DNS during the process.
After the AD wizard ran it rebooted and I see this error along with a few
others in the server manager under the ad role.

The name of my local area domain is abc.lan

The local domain controller could not connect with the following domain
controller hosting the following directory partition to resolve
distinguished names.

Domain controller:

Directory partition:
abc.lan

Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200d50

Hello boe,

PLease post an unedited ipconfig /all from the server. Run diagnostics tool
dcdiag /v and repadmin /showreps If you have errors in the output please
post the complete output here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> Hello,
>
> I'm playing around with my first 2008 server setup. So far the only
> role I've added was AD. It is in a new domain (not a production
> environment) and is the sole server. It automatically installs DNS
> during the process. After the AD wizard ran it rebooted and I see this
> error along with a few others in the server manager under the ad role.
>
> The name of my local area domain is abc.lan
>
> The local domain controller could not connect with the following
> domain controller hosting the following directory partition to resolve
> distinguished names.
>
> Domain controller:
>
> Directory partition:
> abc.lan
> Additional Data
> Error value:
> 1355 The specified domain either does not exist or could not be
> contacted.
> Internal ID:
> 3200d50

Make sure you are pointing to the existing server for Dns and check if we
can ping the domain name

"boe" <> wrote in message
news:73D8C004-5191-4EF8-AC2E-...
> Hello,
>
> I'm playing around with my first 2008 server setup. So far the only role
> I've added was AD. It is in a new domain (not a production environment)
> and is the sole server. It automatically installs DNS during the
> process. After the AD wizard ran it rebooted and I see this error along
> with a few others in the server manager under the ad role.
>
> The name of my local area domain is abc.lan
>
> The local domain controller could not connect with the following domain
> controller hosting the following directory partition to resolve
> distinguished names.
>
> Domain controller:
>
> Directory partition:
> abc.lan
>
> Additional Data
> Error value:
> 1355 The specified domain either does not exist or could not be contacted.
> Internal ID:
> 3200d50

Is this machine pointing to an ISP for DNS? I'm guessing so. Do as Meinolf
suggested and post the ipconfig /all.

In the meantime if this machine is pointing to an ISP just change the client
dns settings to point at the AD DNS server (Which I am assuming is itself)
and modify the dns server to forward unknown dns requests to your ISP. This
should take care of it.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"boe" <> wrote in message
news:73D8C004-5191-4EF8-AC2E-...
> Hello,
>
> I'm playing around with my first 2008 server setup. So far the only role
> I've added was AD. It is in a new domain (not a production environment)
> and is the sole server. It automatically installs DNS during the
> process. After the AD wizard ran it rebooted and I see this error along
> with a few others in the server manager under the ad role.
>
> The name of my local area domain is abc.lan
>
> The local domain controller could not connect with the following domain
> controller hosting the following directory partition to resolve
> distinguished names.
>
> Domain controller:
>
> Directory partition:
> abc.lan
>
> Additional Data
> Error value:
> 1355 The specified domain either does not exist or could not be contacted.
> Internal ID:
> 3200d50

Thanks - during set up it changed it in the DNS section of my IP properties
from using my internal IP of 192.168.20.100 (the server's IP address) to the
loopback 127.0.01 address.

I can ping my abc.lan domain name from a command prompt.

"Deep" <> wrote in message
news:02A4D0A7-12DE-4BFE-B06D-...
> Make sure you are pointing to the existing server for Dns and check if we
> can ping the domain name
>
> "boe" <> wrote in message
> news:73D8C004-5191-4EF8-AC2E-...
>> Hello,
>>
>> I'm playing around with my first 2008 server setup. So far the only
>> role I've added was AD. It is in a new domain (not a production
>> environment) and is the sole server. It automatically installs DNS
>> during the process. After the AD wizard ran it rebooted and I see this
>> error along with a few others in the server manager under the ad role.
>>
>> The name of my local area domain is abc.lan
>>
>> The local domain controller could not connect with the following domain
>> controller hosting the following directory partition to resolve
>> distinguished names.
>>
>> Domain controller:
>>
>> Directory partition:
>> abc.lan
>>
>> Additional Data
>> Error value:
>> 1355 The specified domain either does not exist or could not be
>> contacted.
>> Internal ID:
>> 3200d50
>

Thanks - no, it isn't pointing to the ISP for DNS. I've just posted my
info above.

"Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
news:#...
> Is this machine pointing to an ISP for DNS? I'm guessing so. Do as
> Meinolf suggested and post the ipconfig /all.
>
> In the meantime if this machine is pointing to an ISP just change the
> client dns settings to point at the AD DNS server (Which I am assuming is
> itself) and modify the dns server to forward unknown dns requests to your
> ISP. This should take care of it.
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "boe" <> wrote in message
> news:73D8C004-5191-4EF8-AC2E-...
>> Hello,
>>
>> I'm playing around with my first 2008 server setup. So far the only
>> role I've added was AD. It is in a new domain (not a production
>> environment) and is the sole server. It automatically installs DNS
>> during the process. After the AD wizard ran it rebooted and I see this
>> error along with a few others in the server manager under the ad role.
>>
>> The name of my local area domain is abc.lan
>>
>> The local domain controller could not connect with the following domain
>> controller hosting the following directory partition to resolve
>> distinguished names.
>>
>> Domain controller:
>>
>> Directory partition:
>> abc.lan
>>
>> Additional Data
>> Error value:
>> 1355 The specified domain either does not exist or could not be
>> contacted.
>> Internal ID:
>> 3200d50
>
>

Thanks for your help.

I reformatted my computer just in case something else I had done
was messing things up but even after a fresh install and the only item I
added other than windows update was AD (which also installs DNS) I see the
same issue.
I checked and it changed my internal IP address for the DNS to the
127.0.0.1 (it was set for 192.168.20.100) address during active directory DS
wizard

Windows IP Configuration

Host Name . . . . . . . . . . . . : abc-6700
Primary Dns Suffix . . . . . . . : abc.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PL Network
Connection
Physical Address. . . . . . . . . : 00-16-76-B0-E1-D3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.20.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{F1B7B090-D154-4AF3-B3F1-23390FB8E
7FD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes




C:\Users\Administrator>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine abc-6700, is a Directory Server.
Home Server = abc-6700
* Connecting to directory service on server abc-6700.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuratio n,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings), .......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=abc,DC=lan
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuratio n,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... abc-6700 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Advertising
The DC abc-6700 is advertising itself as a DC and having a DS.
The DC abc-6700 is advertising as an LDAP server
The DC abc-6700 is advertising as having a writeable directory
The DC abc-6700 is advertising as a Key Distribution Center
The DC abc-6700 is advertising as a time server
The DS abc-6700 is advertising as a GC.
......................... abc-6700 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the event log File Replication Service does
not e
xist.
......................... abc-6700 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after
the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Error Event occurred. EventID: 0xC00004B2
Time Generated: 06/13/2008 08:54:53
Event String:
The DFS Replication service failed to contact domain controller
to
access configuration information. Replication is stopped. The service will
try a
gain during the next configuration polling cycle, which will occur in 60
minutes
.. This event can be caused by TCP/IP connectivity, firewall, Active
Directory Do
main Services, or DNS issues.

Additional Information:
Error: 1355 (The specified domain either does not exist or could
not
be contacted.)
......................... abc-6700 failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... abc-6700 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x80000B46
Time Generated: 06/13/2008 09:00:23
Event String:
The security of this directory server can be significantly
enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest)
LDAP binds that do not request signing (integrity verification) and LDAP
simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. E
ven if no clients are using such binds, configuring the server to reject
them wi
ll improve the security of this server.

Some clients may currently be relying on unsigned SASL binds or
LDAP
simple binds over a non-SSL/TLS connection, and will stop working if this
confi
guration change is made. To assist in identifying these clients, if such
binds
occur this directory server will log a summary event once every 24 hours
indica
ting how many such binds occurred. You are encouraged to configure those
clien
ts to not use such binds. Once no such events are observed for an extended
per
iod, it is recommended that you configure the server to reject such binds.

For more details and information on how to make this
configuration c
hange to the server, please see
http://go.microsoft.com/fwlink/?LinkID=87923.

You can enable additional logging to log an event each time a
client
makes such a bind, including information on which client made the bind. To
do
so, please raise the setting for the "LDAP Interface Events" event logging
categ
ory to level 2 or higher.
An Warning Event occurred. EventID: 0x80000734
Time Generated: 06/13/2008 09:01:03
Event String:
The local domain controller could not connect with the following
dom
ain controller hosting the following directory partition to resolve
distinguishe
d names.

Domain controller:

Directory partition:
abc.lan

Additional Data
Error value:
1355 The specified domain either does not exist or could not be
cont
acted.
Internal ID:
3200d50
Found no KCC errors in "Directory Service" Event log in the last 15
min
utes.
......................... abc-6700 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Domain Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role PDC Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Rid Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=abc-6700,CN=Serv
ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
......................... abc-6700 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC abc-6700 on DC abc-6700.
* SPN found :LDAP/abc-6700.abc.lan/abc.lan
* SPN found :LDAP/abc-6700.abc.lan
* SPN found :LDAP/abc-6700
* SPN found :LDAP/abc-6700.abc.lan/abc
* SPN found
:LDAP/8c6aa57c-181d-4105-bc9d-0f2b1ec89215._msdcs.abc.lan
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/8c6aa57c-181d-4105-bc
9d-0f2b1ec89215/abc.lan
* SPN found :HOST/abc-6700.abc.lan/abc.lan
* SPN found :HOST/abc-6700.abc.lan
* SPN found :HOST/abc-6700
* SPN found :HOST/abc-6700.abc.lan/abc
* SPN found :GC/abc-6700.abc.lan/abc.lan
......................... abc-6700 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC abc-6700.
* Security Permissions Check for
DC=ForestDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=abc,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=abc,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=abc,DC=lan
(Domain,Version 3)
......................... abc-6700 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\abc-6700\netlogon
Verified share \\abc-6700\sysvol
......................... abc-6700 passed test NetLogons
Starting test: ObjectsReplicated
abc-6700 is in domain DC=abc,DC=lan
Checking for CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan in
domain
DC=abc,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan in domain
CN=Configuration,DC=C
SD,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... abc-6700 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... abc-6700 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* abc-6700.abc.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1102
......................... abc-6700 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... abc-6700 passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x80040022
Time Generated: 06/13/2008 08:58:16
Event String:
The driver disabled the write cache on device
\Device\Harddisk2\DR2.

An Warning Event occurred. EventID: 0x8000001D
Time Generated: 06/13/2008 09:00:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable
certificate
to use for smart card logons, or the KDC certificate could not be verified.
Sma
rt card logon may not function correctly if this problem is not resolved. To
cor
rect this problem, either verify the existing KDC certificate using
certutil.exe
or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:00:59
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:01:35
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 06/13/2008 09:04:00
Event String:
The dynamic registration of the DNS record 'abc.lan. 600 IN A
192.16
8.20.100' failed on the following DNS server:

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0

For computers and users to locate this domain controller, this
recor
d must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the
problem,
and initiate registration of the DNS records by the domain controller. To
determ
ine what might have caused this failure, run DCDiag.exe. To learn more about
DCD
iag.exe, see Help and Support Center. To initiate registration of the DNS
record
s by this domain controller, run 'nltest.exe /dsregdns' from the command
prompt
on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not
recomme
nded.

ADDITIONAL DATA
Error Value: DNS operation refused.
An Warning Event occurred. EventID: 0x00001695
Time Generated: 06/13/2008 09:04:00
Event String:
Dynamic registration or deletion of one or more DNS records
associat
ed with DNS domain 'abc.lan.' failed. These records are used by other
computers
to locate this server as a domain controller (if the specified domain is an
Act
ive Directory domain) or as an LDAP server (if the specified domain is an
applic
ation partition).

Possible causes of failure include:
- TCP/IP properties of the network connections of this computer
cont
ain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not
runn
ing
- Preferred or alternate DNS servers are configured with wrong
root
hints
- Parent DNS zone contains incorrect delegation to the child
zone au
thoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate
regist
ration or deletion of the DNS records by running 'nltest.exe /dsregdns' from
the
command prompt on the domain controller or by restarting Net Logon service
on t
he domain controller.
......................... abc-6700 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan and backlink on
CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=abc,DC=lan
are correct.
The system object reference (serverReferenceBL)
CN=abc-6700,CN=Topology,CN=Domain System
Volume,CN=DFSR-GlobalSettings,
CN=System,DC=abc,DC=lan
and backlink on
CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=abc,DC=lan
are correct.
......................... abc-6700 passed test VerifyReferences
Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS
Test omitted by user request: DNS

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation

Running partition tests on : abc
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation

Running enterprise tests on : abc.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
PDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
KDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
......................... abc.lan passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... abc.lan passed test Intersite


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news: .com...
> Hello boe,
>
> PLease post an unedited ipconfig /all from the server. Run diagnostics
> tool dcdiag /v and repadmin /showreps If you have errors in the output
> please post the complete output here.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Hello,
>>
>> I'm playing around with my first 2008 server setup. So far the only
>> role I've added was AD. It is in a new domain (not a production
>> environment) and is the sole server. It automatically installs DNS
>> during the process. After the AD wizard ran it rebooted and I see this
>> error along with a few others in the server manager under the ad role.
>>
>> The name of my local area domain is abc.lan
>>
>> The local domain controller could not connect with the following
>> domain controller hosting the following directory partition to resolve
>> distinguished names.
>>
>> Domain controller:
>>
>> Directory partition:
>> abc.lan
>> Additional Data
>> Error value:
>> 1355 The specified domain either does not exist or could not be
>> contacted.
>> Internal ID:
>> 3200d50
>
>

There is something going on with dns and I can't seem to see what it is

Try this:

Dcdiag /testNS /v /e /sC_Name /f:c:\dnstest.txt

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"boe" <> wrote in message
news:1F2A04FB-13B9-4F8A-A3E9-...
> Thanks - no, it isn't pointing to the ISP for DNS. I've just posted my
> info above.
>
> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
> news:#...
>> Is this machine pointing to an ISP for DNS? I'm guessing so. Do as
>> Meinolf suggested and post the ipconfig /all.
>>
>> In the meantime if this machine is pointing to an ISP just change the
>> client dns settings to point at the AD DNS server (Which I am assuming is
>> itself) and modify the dns server to forward unknown dns requests to your
>> ISP. This should take care of it.
>>
>> --
>> Paul Bergson
>> MVP - Directory Services
>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>> 2008, 2003, 2000 (Early Achiever), NT4
>>
>> http://www.pbbergs.com
>>
>> Please no e-mails, any questions should be posted in the NewsGroup
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> "boe" <> wrote in message
>> news:73D8C004-5191-4EF8-AC2E-...
>>> Hello,
>>>
>>> I'm playing around with my first 2008 server setup. So far the only
>>> role I've added was AD. It is in a new domain (not a production
>>> environment) and is the sole server. It automatically installs DNS
>>> during the process. After the AD wizard ran it rebooted and I see this
>>> error along with a few others in the server manager under the ad role.
>>>
>>> The name of my local area domain is abc.lan
>>>
>>> The local domain controller could not connect with the following domain
>>> controller hosting the following directory partition to resolve
>>> distinguished names.
>>>
>>> Domain controller:
>>>
>>> Directory partition:
>>> abc.lan
>>>
>>> Additional Data
>>> Error value:
>>> 1355 The specified domain either does not exist or could not be
>>> contacted.
>>> Internal ID:
>>> 3200d50
>>
>>

Thanks - I should have posted - the issue just seemed to go away - perhaps
2008 server just takes time to "settle" when you first set it up.

"Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
news:...
> There is something going on with dns and I can't seem to see what it is
>
> Try this:
>
> Dcdiag /testNS /v /e /sC_Name /f:c:\dnstest.txt
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "boe" <> wrote in message
> news:1F2A04FB-13B9-4F8A-A3E9-...
>> Thanks - no, it isn't pointing to the ISP for DNS. I've just posted my
>> info above.
>>
>> "Paul Bergson [MVP-DS]" <pbergson@allete_nospam.com> wrote in message
>> news:#...
>>> Is this machine pointing to an ISP for DNS? I'm guessing so. Do as
>>> Meinolf suggested and post the ipconfig /all.
>>>
>>> In the meantime if this machine is pointing to an ISP just change the
>>> client dns settings to point at the AD DNS server (Which I am assuming
>>> is itself) and modify the dns server to forward unknown dns requests to
>>> your ISP. This should take care of it.
>>>
>>> --
>>> Paul Bergson
>>> MVP - Directory Services
>>> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
>>> 2008, 2003, 2000 (Early Achiever), NT4
>>>
>>> http://www.pbbergs.com
>>>
>>> Please no e-mails, any questions should be posted in the NewsGroup
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> "boe" <> wrote in message
>>> news:73D8C004-5191-4EF8-AC2E-...
>>>> Hello,
>>>>
>>>> I'm playing around with my first 2008 server setup. So far the only
>>>> role I've added was AD. It is in a new domain (not a production
>>>> environment) and is the sole server. It automatically installs DNS
>>>> during the process. After the AD wizard ran it rebooted and I see this
>>>> error along with a few others in the server manager under the ad role.
>>>>
>>>> The name of my local area domain is abc.lan
>>>>
>>>> The local domain controller could not connect with the following domain
>>>> controller hosting the following directory partition to resolve
>>>> distinguished names.
>>>>
>>>> Domain controller:
>>>>
>>>> Directory partition:
>>>> abc.lan
>>>>
>>>> Additional Data
>>>> Error value:
>>>> 1355 The specified domain either does not exist or could not be
>>>> contacted.
>>>> Internal ID:
>>>> 3200d50
>>>
>>>
>
>

I have similar problem

Errors from ActiveDirectory_DomainService

The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a cleartext (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.




Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = talvanmin
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\TALVANMIN
Starting test: Connectivity
......................... TALVANMIN passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\TALVANMIN
Starting test: Advertising
......................... TALVANMIN passed test Advertising
Starting test: FrsEvent
......................... TALVANMIN passed test FrsEvent
Starting test: DFSREvent
There are warning or error events within the last 24 hours after the SYSVOL has be
replication problems may cause Group Policy problems.
......................... TALVANMIN failed test DFSREvent
Starting test: SysVolCheck
......................... TALVANMIN passed test SysVolCheck
Starting test: KccEvent
......................... TALVANMIN passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... TALVANMIN passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... TALVANMIN passed test MachineAccount
Starting test: NCSecDesc
......................... TALVANMIN passed test NCSecDesc
Starting test: NetLogons
......................... TALVANMIN passed test NetLogons
Starting test: ObjectsReplicated
......................... TALVANMIN passed test ObjectsReplicated
Starting test: Replications
......................... TALVANMIN passed test Replications
Starting test: RidManager
......................... TALVANMIN passed test RidManager
Starting test: Services
......................... TALVANMIN passed test Services
Starting test: SystemLog
A warning event occurred. EventID: 0x8000001D
Time Generated: 11/22/2009 01:06:11
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for
C certificate could not be verified. Smart card logon may not function correctly if this pr
rect this problem, either verify the existing KDC certificate using certutil.exe or enroll
An error event occurred. EventID: 0xC00038D6
Time Generated: 11/22/2009 01:06:43
Event String:
The DFS Namespace service could not initialize cross forest trust information o
it will periodically retry the operation. The return code is in the record data.
A warning event occurred. EventID: 0x0000000C
Time Generated: 11/22/2009 01:06:43
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy
, but it is the AD PDC emulator for the domain at the root of the forest, so there is no ma
hierarchy to use as a time source. It is recommended that you either configure a reliable t
n, or manually configure the AD PDC to synchronize with an external time source. Otherwise,
s the authoritative time source in the domain hierarchy. If an external time source is not
omputer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x000727AA
Time Generated: 11/22/2009 01:08:52
Event String:
The WinRM service failed to create the following SPNs: WSMAN/talvanmin.hundathj
min.
An error event occurred. EventID: 0xC0001B76
Time Generated: 11/22/2009 01:40:55
Event String:
The FileZilla Server FTP server service is marked as an interactive service. H
red to not allow interactive services. This service may not function properly.
A warning event occurred. EventID: 0x00001695
Time Generated: 11/22/2009 01:50:14
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS
net.' failed. These records are used by other computers to locate this server as a domain
domain is an Active Directory domain) or as an LDAP server (if the specified domain is an a
A warning event occurred. EventID: 0x00001695
Time Generated: 11/22/2009 01:50:14
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS
thjalfun.sytes.net.' failed. These records are used by other computers to locate this serv
the specified domain is an Active Directory domain) or as an LDAP server (if the specified
tition).
A warning event occurred. EventID: 0x00001695
Time Generated: 11/22/2009 01:50:14
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS
thjalfun.sytes.net.' failed. These records are used by other computers to locate this serv
the specified domain is an Active Directory domain) or as an LDAP server (if the specified
tition).
......................... TALVANMIN failed test SystemLog
Starting test: VerifyReferences
......................... TALVANMIN passed test VerifyReferences


Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation

Running partition tests on : hundathjalfun
Starting test: CheckSDRefDom
......................... hundathjalfun passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... hundathjalfun passed test CrossRefValidation

Running enterprise tests on : hundathjalfun.sytes.net
Starting test: LocatorCheck
......................... hundathjalfun.sytes.net passed test LocatorCheck
Starting test: Intersite
......................... hundathjalfun.sytes.net passed test Intersite


Windows IP Configuration

Host Name . . . . . . . . . . . . : talvanmin
Primary Dns Suffix . . . . . . . : hundathjalfun.sytes.net
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hundathjalfun.sytes.net
localdomain

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-6E-42-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98b3:4c80:888e:213%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.15.129(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 22. n?vember 2009 01:06:11
Lease Expires . . . . . . . . . . : 22. n?vember 2009 02:21:11
Default Gateway . . . . . . . . . : 192.168.15.2
DHCP Server . . . . . . . . . . . : 192.168.15.254
DHCPv6 IAID . . . . . . . . . . . : 234884137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-9A-21-F7-00-0C-29-6E-42-93
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
Primary WINS Server . . . . . . . : 192.168.15.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.localdomain:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : localdomain
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes





boe wrote:

Thanks - I should have posted - the issue just seemed to go away - perhaps
16-j?n.-08

Thanks - I should have posted - the issue just seemed to go away - perhaps
2008 server just takes time to "settle" when you first set it up.

Previous Posts In This Thread:

On 12. j?n? 2008 19:37
boe wrote:

The local domain controller could not connect with - 2008
Hello,

I'm playing around with my first 2008 server setup. So far the only role
I've added was AD. It is in a new domain (not a production environment)
and is the sole server. It automatically installs DNS during the process.
After the AD wizard ran it rebooted and I see this error along with a few
others in the server manager under the ad role.

The name of my local area domain is abc.lan

The local domain controller could not connect with the following domain
controller hosting the following directory partition to resolve
distinguished names.

Domain controller:

Directory partition:
abc.lan

Additional Data
Error value:
1355 The specified domain either does not exist or could not be contacted.
Internal ID:
3200d50

On 13. j?n? 2008 04:29
Deep wrote:

Make sure you are pointing to the existing server for Dns and check if we can
Make sure you are pointing to the existing server for Dns and check if we
can ping the domain name

On 13. j?n? 2008 04:46
Meinolf Weber wrote:

Hello boe,PLease post an unedited ipconfig /all from the server.
Hello boe,

PLease post an unedited ipconfig /all from the server. Run diagnostics tool
dcdiag /v and repadmin /showreps If you have errors in the output please
post the complete output here.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

On 13. j?n? 2008 08:54
Paul Bergson [MVP-DS] wrote:

Is this machine pointing to an ISP for DNS?
Is this machine pointing to an ISP for DNS? I'm guessing so. Do as Meinolf
suggested and post the ipconfig /all.

In the meantime if this machine is pointing to an ISP just change the client
dns settings to point at the AD DNS server (Which I am assuming is itself)
and modify the dns server to forward unknown dns requests to your ISP. This
should take care of it.

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"boe" <> wrote in message
news:73D8C004-5191-4EF8-AC2E-...

On 13. j?n? 2008 12:18
boe wrote:

Thanks - during set up it changed it in the DNS section of my IP properties
Thanks - during set up it changed it in the DNS section of my IP properties
from using my internal IP of 192.168.20.100 (the server's IP address) to the
loopback 127.0.01 address.

I can ping my abc.lan domain name from a command prompt.

"Deep" <> wrote in message
news:02A4D0A7-12DE-4BFE-B06D-...

On 13. j?n? 2008 12:18
boe wrote:

Thanks - no, it isn't pointing to the ISP for DNS.
Thanks - no, it is not pointing to the ISP for DNS. I have just posted my
info above.

On 13. j?n? 2008 12:36
boe wrote:

Thanks for your help.
Thanks for your help.

I reformatted my computer just in case something else I had done
was messing things up but even after a fresh install and the only item I
added other than windows update was AD (which also installs DNS) I see the
same issue.
I checked and it changed my internal IP address for the DNS to the
127.0.0.1 (it was set for 192.168.20.100) address during active directory DS
wizard

Windows IP Configuration

Host Name . . . . . . . . . . . . : abc-6700
Primary Dns Suffix . . . . . . . : abc.lan
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : abc.lan

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 PL Network
Connection
Physical Address. . . . . . . . . : 00-16-76-B0-E1-D3
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.20.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.20.1
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{F1B7B090-D154-4AF3-B3F1-23390FB8E
7FD}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes




C:\Users\Administrator>dcdiag /v

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
* Verifying that the local machine abc-6700, is a Directory Server.
Home Server = abc-6700
* Connecting to directory service on server abc-6700.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuratio n,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings), .......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=abc,DC=lan
Getting ISTG and options for the site
* Identifying all servers.
Calling
ldap_search_init_page(hld,CN=Sites,CN=Configuratio n,DC=abc,DC=lan,LDA
P_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN
=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... abc-6700 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\abc-6700
Starting test: Advertising
The DC abc-6700 is advertising itself as a DC and having a DS.
The DC abc-6700 is advertising as an LDAP server
The DC abc-6700 is advertising as having a writeable directory
The DC abc-6700 is advertising as a Key Distribution Center
The DC abc-6700 is advertising as a time server
The DS abc-6700 is advertising as a GC.
......................... abc-6700 passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Relication Service Event log test
Skip the test because the event log File Replication Service does
not e
xist.
......................... abc-6700 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after
the
SYSVOL has been shared. Failing SYSVOL replication problems may
cause
Group Policy problems.
An Error Event occurred. EventID: 0xC00004B2
Time Generated: 06/13/2008 08:54:53
Event String:
The DFS Replication service failed to contact domain controller
to
access configuration information. Replication is stopped. The service will
try a
gain during the next configuration polling cycle, which will occur in 60
minutes
... This event can be caused by TCP/IP connectivity, firewall, Active
Directory Do
main Services, or DNS issues.

Additional Information:
Error: 1355 (The specified domain either does not exist or could
not
be contacted.)
......................... abc-6700 failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... abc-6700 passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x80000B46
Time Generated: 06/13/2008 09:00:23
Event String:
The security of this directory server can be significantly
enhanced
by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or
Digest)
LDAP binds that do not request signing (integrity verification) and LDAP
simple
binds that are performed on a cleartext (non-SSL/TLS-encrypted)
connection. E
ven if no clients are using such binds, configuring the server to reject
them wi
ll improve the security of this server.

Some clients may currently be relying on unsigned SASL binds or
LDAP
simple binds over a non-SSL/TLS connection, and will stop working if this
confi
guration change is made. To assist in identifying these clients, if such
binds
occur this directory server will log a summary event once every 24 hours
indica
ting how many such binds occurred. You are encouraged to configure those
clien
ts to not use such binds. Once no such events are observed for an extended
per
iod, it is recommended that you configure the server to reject such binds.

For more details and information on how to make this
configuration c
hange to the server, please see
http://go.microsoft.com/fwlink/?LinkID=87923.

You can enable additional logging to log an event each time a
client
makes such a bind, including information on which client made the bind. To
do
so, please raise the setting for the "LDAP Interface Events" event logging
categ
ory to level 2 or higher.
An Warning Event occurred. EventID: 0x80000734
Time Generated: 06/13/2008 09:01:03
Event String:
The local domain controller could not connect with the following
dom
ain controller hosting the following directory partition to resolve
distinguishe
d names.

Domain controller:

Directory partition:
abc.lan

Additional Data
Error value:
1355 The specified domain either does not exist or could not be
cont
acted.
Internal ID:
3200d50
Found no KCC errors in "Directory Service" Event log in the last 15
min
utes.
......................... abc-6700 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Domain Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-
First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role PDC Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
t-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Rid Owner = CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-Fir
st-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=abc-6700,CN=Serv
ers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan
......................... abc-6700 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC abc-6700 on DC abc-6700.
* SPN found :LDAP/abc-6700.abc.lan/abc.lan
* SPN found :LDAP/abc-6700.abc.lan
* SPN found :LDAP/abc-6700
* SPN found :LDAP/abc-6700.abc.lan/abc
* SPN found
* SPN found
9d-0f2b1ec89215/abc.lan
* SPN found :HOST/abc-6700.abc.lan/abc.lan
* SPN found :HOST/abc-6700.abc.lan
* SPN found :HOST/abc-6700
* SPN found :HOST/abc-6700.abc.lan/abc
* SPN found :GC/abc-6700.abc.lan/abc.lan
......................... abc-6700 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC abc-6700.
* Security Permissions Check for
DC=ForestDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=abc,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=abc,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=abc,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=abc,DC=lan
(Domain,Version 3)
......................... abc-6700 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\abc-6700\netlogon
Verified share \\abc-6700\sysvol
......................... abc-6700 passed test NetLogons
Starting test: ObjectsReplicated
abc-6700 is in domain DC=abc,DC=lan
Checking for CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan in
domain
DC=abc,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-S
ite-Name,CN=Sites,CN=Configuration,DC=abc,DC=lan in domain
CN=Configuration,DC=C
SD,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... abc-6700 passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... abc-6700 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* abc-6700.abc.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1102
......................... abc-6700 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... abc-6700 passed test Services
Starting test: SystemLog
* The System Event log test
An Warning Event occurred. EventID: 0x80040022
Time Generated: 06/13/2008 08:58:16
Event String:
The driver disabled the write cache on device
\Device\Harddisk2\DR2.

An Warning Event occurred. EventID: 0x8000001D
Time Genrated: 06/13/2008 09:00:25
Event String:
The Key Distribution Center (KDC) cannot find a suitable
certificate
to use for smart card logons, or the KDC certificate could not be verified.
Sma
rt card logon may not function correctly if this problem is not resolved. To
cor
rect this problem, either verify the existing KDC certificate using
certutil.exe
or enroll for a new KDC certificate.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:00:59
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Warning Event occurred. EventID: 0x825A000C
Time Generated: 06/13/2008 09:01:35
Event String:
Time Provider NtpClient: This machine is configured to use the
domai
n hierarchy to determine its time source, but it is the AD PDC emulator for
the
domain at the root of the forest, so there is no machine above it in the
domain
hierarchy to use as a time source. It is recommended that you either
configure a
reliable time service in the root domain, or manually configure the AD PDC
to s
ynchronize with an external time source. Otherwise, this machine will
function a
s the authoritative time source in the domain hierarchy. If an external time
sou
rce is not configured or used for this computer, you may choose to disable
the N
tpClient.
An Error Event occurred. EventID: 0x0000168E
Time Generated: 06/13/2008 09:04:00
Event String:
The dynamic registration of the DNS record 'abc.lan. 600 IN A
192.16
8.20.100' failed on the following DNS server:

DNS server IP address: ::
Returned Response Code (RCODE): 0
Returned Status Code: 0

For computers and users to locate this domain controller, this
recor
d must be registered in DNS.

USER ACTION
Determine what might have caused this failure, resolve the
problem,
and initiate registration of the DNS records by the domain controller. To
determ
ine what might have caused this failure, run DCDiag.exe. To learn more about
DCD
iag.exe, see Help and Support Center. To initiate registration of the DNS
record
s by this domain controller, run 'nltest.exe /dsregdns' from the command
prompt
on the domain controller or restart Net Logon service.
Or, you can manually add this record to DNS, but it is not
recomme
nded.

ADDITIONAL DATA
Error Value: DNS operation refused.
An Warning Event occurred. EventID: 0x00001695
Time Generated: 06/13/2008 09:04:00
Event String:
Dynamic registration or deletion of one or more DNS records
associat
ed with DNS domain 'abc.lan.' failed. These records are used by other
computers
to locate this server as a domain controller (if the specified domain is an
Act
ive Directory domain) or as an LDAP server (if the specified domain is an
applic
ation partition).

Possible causes of failure include:
- TCP/IP properties of the network connections of this computer
cont
ain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not
runn
ing
- Preferred or alternate DNS servers are configured with wrong
root
hints
- Parent DNS zone contains inorrect delegation to the child
zone au
thoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate
regist
ration or deletion of the DNS records by running 'nltest.exe /dsregdns' from
the
command prompt on the domain controller or by restarting Net Logon service
on t
he domain controller.
......................... abc-6700 failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=abc-6700,OU=Domain Controllers,DC=abc,DC=lan and backlink on
CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configura
tion,DC=abc,DC=lan
are correct.
The system object reference (serverReferenceBL)
CN=abc-6700,CN=Topology,CN=Domain System
Volume,CN=DFSR-GlobalSettings,
CN=System,DC=abc,DC=lan
and backlink on
CN=NTDS
Settings,CN=abc-6700,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=abc,DC=lan
are correct.
......................... abc-6700 passed test VerifyReferences
Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS
Test omitted by user request: DNS

Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation

Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation

Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation

Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation

Running partition tests on : abc
Starting test: CheckSDRefDom
......................... abc passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... abc passed test CrossRefValidation

Running enterprise tests on : abc.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
PDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
KDC Name: \\abc-6700.abc.lan
Locator Flags: 0xe00013fd
......................... abc.lan passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... abc.lan passed test Intersite


"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news: .com...

On 16. j?n? 2008 08:48
Paul Bergson [MVP-DS] wrote:

There is something going on with dns and I can't seem to see what it isTry
There is something going on with dns and I can't seem to see what it is

Try this:

Dcdiag /testNS /v /e /sC_Name /f:c:\dnstest.txt

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.

"boe" <> wrote in message
news:1F2A04FB-13B9-4F8A-A3E9-...

On 16. j?n? 2008 10:46
boe wrote:

Thanks - I should have posted - the issue just seemed to go away - perhaps
Thanks - I should have posted - the issue just seemed to go away - perhaps
2008 server just takes time to "settle" when you first set it up.

EggHeadCafe - Software Developer Portal of Choice
Generic GetXmlReader Data Access Method
http://www.eggheadcafe.com/tutorials...ader-data.aspx