Re: Please Help.... Server 2003 and 2008 domain controller problems....

Sorry for the delay in posting back. Here is the DCDIAG output:
Thanks.


Command Line: "dcdiag.exe /v /c /d /e /s:MYDOMAIN.org"

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server MYDOMAIN.org.
MYDOMAIN.org.currentTime = 20090309224141.0Z
MYDOMAIN.org.highestCommittedUSN = 2214527
MYDOMAIN.org.isSynchronized = 1
MYDOMAIN.org.isGlobalCatalogReady = 1
* Collecting site info.
* Identifying all servers.
DC1A.currentTime = 20090309224141.0Z
DC1A.highestCommittedUSN = 2214527
DC1A.isSynchronized = 1
DC1A.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 3 DC(s). Testing 3 of them.
Done gathering initial info.


===============================================Pri nting out pDsInfo

GLOBAL:
ulNumServers=3
pszRootDomain=MYDOMAIN.org
pszNC=
pszRootDomainFQDN=DC=MYDOMAIN,DC=org
pszConfigNc=CN=Configuration,DC=MYDOMAIN,DC=org
pszPartitionsDn=CN=Partitions,CN=Configuration,DC= MYDOMAIN,DC=org
iSiteOptions=0
dwTombstoneLifeTimeDays=60

dwForestBehaviorVersion=2

HomeServer=0, DC1A

SERVER: pServer[0].pszName=DC1A
pServer[0].pszGuidDNSName=5c37a316-7388-4ec0-908e-d5480feec1a3._msdcs.MYDOMAIN.org
pServer[0].pszDNSName=dc1a.MYDOMAIN.org
pServer[0].pszDn=CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
pServer[0].pszComputerAccountDn=CN=DC1A,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
pServer[0].uuidObjectGuid=5c37a316-7388-4ec0-908e-d5480feec1a3
pServer[0].uuidInvocationId=7b64e568-7956-49d9-af8f-8dc6ad86465f
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=3711e620 01c9a108

pServer[0].ftRemoteConnectTime=36ebc080 01c9a108

pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[1]=DC=DomainDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[3]=CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[4]=DC=MYDOMAIN,DC=org

SERVER: pServer[1].pszName=DC2
pServer[1].pszGuidDNSName=ac41956c-d7c8-4bcf-9b58-2c058643f70d._msdcs.MYDOMAIN.org
pServer[1].pszDNSName=DC2.MYDOMAIN.org
pServer[1].pszDn=CN=NTDS

Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
pServer[1].pszComputerAccountDn=CN=DC2,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
pServer[1].uuidObjectGuid=ac41956c-d7c8-4bcf-9b58-2c058643f70d
pServer[1].uuidInvocationId=b697912f-b76d-4565-881c-304da3aa565e
pServer[1].iSite=0 (Default-First-Site-Name)
pServer[1].iOptions=1
pServer[1].ftLocalAcquireTime=00000000 00000000

pServer[1].ftRemoteConnectTime=00000000 00000000

pServer[1].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[1]=DC=DomainDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[3]=CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[4]=DC=MYDOMAIN,DC=org

SERVER: pServer[2].pszName=DC1
pServer[2].pszGuidDNSName=71d9def7-ea4b-4836-9016-ace5ca9c8a4d._msdcs.MYDOMAIN.org
pServer[2].pszDNSName=DC1.MYDOMAIN.org
pServer[2].pszDn=CN=NTDS

Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
pServer[2].pszComputerAccountDn=CN=DC1,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
pServer[2].uuidObjectGuid=71d9def7-ea4b-4836-9016-ace5ca9c8a4d
pServer[2].uuidInvocationId=d7c3bfcb-b89b-4855-8412-df5bb02395d7
pServer[2].iSite=0 (Default-First-Site-Name)
pServer[2].iOptions=1
pServer[2].ftLocalAcquireTime=00000000 00000000

pServer[2].ftRemoteConnectTime=00000000 00000000

pServer[2].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[1]=DC=DomainDnsZones,DC=MYDOMAIN,DC=org
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[3]=CN=Configuration,DC=MYDOMAIN,DC=org
ppszMasterNCs[4]=DC=MYDOMAIN,DC=org

SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site

Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
pSites[0].pszISTG=CN=NTDS

Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
pSites[0].iSiteOption=0

pSites[0].cServers=3

NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=MYDOMAIN,DC=org

pNCs[0].aCrInfo[0].dwFlags=0x00000201


pNCs[0].aCrInfo[0].pszDn=CN=37a3b9e2-4b98-4e87-94a3-7b61849c6420,CN=Partitions,CN=Configuration,DC=MYD OMAIN,DC=org
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.MYDOMAIN.org
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000

pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=


NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=MYDOMAIN,DC=org

pNCs[1].aCrInfo[0].dwFlags=0x00000201


pNCs[1].aCrInfo[0].pszDn=CN=dc9c9350-17b3-466c-8a22-5cd1637fc32c,CN=Partitions,CN=Configuration,DC=MYD OMAIN,DC=org
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.MYDOMAIN.org
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000

pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=


NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=o rg

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise

Schema,CN=Partitions,CN=Configuration,DC=MYDOMAIN, DC=org
pNCs[2].aCrInfo[0].pszDnsRoot=MYDOMAIN.org
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000

pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=


NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=MYDOMAIN,DC=org

pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise

Configuration,CN=Partitions,CN=Configuration,DC=MY DOMAIN,DC=org
pNCs[3].aCrInfo[0].pszDnsRoot=MYDOMAIN.org
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000

pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].cReplicas=-1
pNCs[3].aCrInfo[0].aszReplicas=


NC: pNCs[4].pszName=MYDOMAIN
pNCs[4].pszDn=DC=MYDOMAIN,DC=org

pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=MYDOMAIN,CN=Partitions,CN=Configuration, DC=MYDOMAIN,DC=org
pNCs[4].aCrInfo[0].pszDnsRoot=MYDOMAIN.org
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000

pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].cReplicas=-1
pNCs[4].aCrInfo[0].aszReplicas=


5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration,
MYDOMAIN,
3 TARGETS: DC1A, DC2, DC1,

=============================================Done Printing pDsInfo

Doing initial required tests

Testing server: Default-First-Site-Name\DC1A
Starting test: Connectivity
* Active Directory LDAP Services Check
Failure Analysis: DC1A ... OK.
* Active Directory RPC Services Check
......................... DC1A passed test Connectivity

Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
DC2.currentTime = 20090309224141.0Z
DC2.highestCommittedUSN = 93807
DC2.isSynchronized = 1
DC2.isGlobalCatalogReady = 1
Failure Analysis: DC2 ... OK.
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity

Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
DC1.currentTime = 20090309224141.0Z
DC1.highestCommittedUSN = 50369
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
Failure Analysis: DC1 ... OK.
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC1A
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
DC=DomainDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
DC=MYDOMAIN,DC=org has 8 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
......................... DC1A passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1A passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1A passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1A.
* Security Permissions Check for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=MYDOMAIN,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=MYDOMAIN,DC=org
(Domain,Version 2)
......................... DC1A passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\DC1A\netlogon
Verified share \\DC1A\sysvol
......................... DC1A passed test NetLogons
Starting test: Advertising
The DC DC1A is advertising itself as a DC and having a DS.
The DC DC1A is advertising as an LDAP server
The DC DC1A is advertising as having a writeable directory
The DC DC1A is advertising as a Key Distribution Center
The DC DC1A is advertising as a time server
The DS DC1A is advertising as a GC.
......................... DC1A passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Domain Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role PDC Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Rid Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Infrastructure Update Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
......................... DC1A passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=MYDOMAIN,DC=org
* Available RID Pool for the Domain is 5106 to 1073741823
fSMORoleOwner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
* dc1a.MYDOMAIN.org is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1A,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
* rIDAllocationPool is 3106 to 3605
* rIDPreviousAllocationPool is 3106 to 3605
* rIDNextRID: 3214
......................... DC1A passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC1A on DC DC1A.
* SPN found :LDAP/dc1a.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/dc1a.MYDOMAIN.org
* SPN found :LDAP/DC1A
* SPN found :LDAP/dc1a.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/5c37a316-7388-4ec0-908e-d5480feec1a3._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5c37a316-7388-4ec0-908e-d5480feec1a3/MYDOMAIN.org
* SPN found :HOST/dc1a.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/dc1a.MYDOMAIN.org
* SPN found :HOST/DC1A
* SPN found :HOST/dc1a.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/dc1a.MYDOMAIN.org/MYDOMAIN.org
......................... DC1A passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1A passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC1A passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC1A is in domain DC=MYDOMAIN,DC=org
Checking for CN=DC1A,OU=Domain Controllers,DC=MYDOMAIN,DC=org in
domain DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
in domain

CN=Configuration,DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
......................... DC1A passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1A passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DC1A passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... DC1A passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC1A passed test systemlog
Starting test: VerifyReplicas
......................... DC1A passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1A,OU=Domain Controllers,DC=MYDOMAIN,DC=org and

backlink on
CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org

are correct.
The system object reference (frsComputerReferenceBL)
CN=DC1A,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=DC1A,OU=Domain

Controllers,DC=MYDOMAIN,DC=org are correct.
The system object reference (serverReferenceBL)
CN=DC1A,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
are

correct.
......................... DC1A passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC1A passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1A for domain MYDOMAIN.org in site
Default-First-Site-Name
Checking machine account for DC DC1A on DC DC1A.
* SPN found :LDAP/dc1a.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/dc1a.MYDOMAIN.org
* SPN found :LDAP/DC1A
* SPN found :LDAP/dc1a.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/5c37a316-7388-4ec0-908e-d5480feec1a3._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/5c37a316-7388-4ec0-908e-d5480feec1a3/MYDOMAIN.org
* SPN found :HOST/dc1a.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/dc1a.MYDOMAIN.org
* SPN found :HOST/DC1A
* SPN found :HOST/dc1a.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/dc1a.MYDOMAIN.org/MYDOMAIN.org
[DC1A] No security related replication errors were found on this
DC! To target the connection to a

specific source DC use /ReplSource:<DC>.
......................... DC1A passed test CheckSecurityError

Testing server: Default-First-Site-Name\DC2
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
DC=DomainDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
DC=MYDOMAIN,DC=org has 8 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
......................... DC2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC2.
* Security Permissions Check for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=MYDOMAIN,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=MYDOMAIN,DC=org
(Domain,Version 2)
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\DC2\netlogon)
[DC2] An net use or LsaPolicy operation failed with error 1203, No
network provider accepted the given

network path..
......................... DC2 failed test NetLogons
Starting test: Advertising
Warning: DsGetDcName returned information for \\dc1a.MYDOMAIN.org,
when we were trying to reach DC2.
Server is not responding or is not considered suitable.
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
The DS DC2 is advertising as a GC.
......................... DC2 failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Domain Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role PDC Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Rid Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Infrastructure Update Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
......................... DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=MYDOMAIN,DC=org
* Available RID Pool for the Domain is 5106 to 1073741823
fSMORoleOwner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
* dc1a.MYDOMAIN.org is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC2,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
* rIDAllocationPool is 4106 to 4605
* rIDPreviousAllocationPool is 4106 to 4605
* rIDNextRID: 4106
......................... DC2 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC2 on DC DC2.
* SPN found :LDAP/DC2.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/DC2.MYDOMAIN.org
* SPN found :LDAP/DC2
* SPN found :LDAP/DC2.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/ac41956c-d7c8-4bcf-9b58-2c058643f70d._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/ac41956c-d7c8-4bcf-9b58-2c058643f70d/MYDOMAIN.org
* SPN found :HOST/DC2.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/DC2.MYDOMAIN.org
* SPN found :HOST/DC2
* SPN found :HOST/DC2.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/DC2.MYDOMAIN.org/MYDOMAIN.org
......................... DC2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC2 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC2 is in domain DC=MYDOMAIN,DC=org
Checking for CN=DC2,OU=Domain Controllers,DC=MYDOMAIN,DC=org in
domain DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS

Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
in domain

CN=Configuration,DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL.
The error returned was 0 (The

operation completed successfully.). Check the FRS event log to see
if the SYSVOL has successfully been

shared.
......................... DC2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the SYSVOL has been shared.

Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 10:44:30
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 11:12:11
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 12:12:49
(Event String could not be retrieved)
......................... DC2 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... DC2 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC2 passed test systemlog
Starting test: VerifyReplicas
......................... DC2 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC2,OU=Domain Controllers,DC=MYDOMAIN,DC=org and

backlink on
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org

are correct.
The system object reference (frsComputerReferenceBL)
CN=DC2,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=DC2,OU=Domain

Controllers,DC=MYDOMAIN,DC=org are correct.
The system object reference (serverReferenceBL)
CN=DC2,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=NTDS

Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
are

correct.
......................... DC2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC2 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1A for domain MYDOMAIN.org in site
Default-First-Site-Name
Checking machine account for DC DC2 on DC DC1A.
* SPN found :LDAP/DC2.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/DC2.MYDOMAIN.org
* SPN found :LDAP/DC2
* SPN found :LDAP/DC2.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/ac41956c-d7c8-4bcf-9b58-2c058643f70d._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/ac41956c-d7c8-4bcf-9b58-2c058643f70d/MYDOMAIN.org
* SPN found :HOST/DC2.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/DC2.MYDOMAIN.org
* SPN found :HOST/DC2
* SPN found :HOST/DC2.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/DC2.MYDOMAIN.org/MYDOMAIN.org
Checking for CN=DC2,OU=Domain Controllers,DC=MYDOMAIN,DC=org in
domain DC=MYDOMAIN,DC=org on 2 servers
Object is up-to-date on all servers.
[DC2] No security related replication errors were found on this DC!
To target the connection to a specific

source DC use /ReplSource:<DC>.
......................... DC2 passed test CheckSecurityError

Testing server: Default-First-Site-Name\DC1
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
DC=DomainDnsZones,DC=MYDOMAIN,DC=org has 5 cursors.
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
CN=Configuration,DC=MYDOMAIN,DC=org has 8 cursors.
DC=MYDOMAIN,DC=org has 8 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
CN=Configuration,DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
DC=MYDOMAIN,DC=org
Latency information for 5 entries in the vector were ignored.
5 were retired Invocations. 0 were either: read-only
replicas and are not verifiably latent, or

dc's no longer replicating this nc. 0 had no latency information (Win2K
DC).
......................... DC1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
CN=Configuration,DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for
DC=MYDOMAIN,DC=org.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC DC1.
* Security Permissions Check for
DC=ForestDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=MYDOMAIN,DC=org
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=org
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=MYDOMAIN,DC=org
(Configuration,Version 2)
* Security Permissions Check for
DC=MYDOMAIN,DC=org
(Domain,Version 2)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\DC1\netlogon)
[DC1] An net use or LsaPolicy operation failed with error 1203, No
network provider accepted the given

network path..
......................... DC1 failed test NetLogons
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Domain Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role PDC Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Rid Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
Role Infrastructure Update Owner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=MYDOMAIN,DC=org
* Available RID Pool for the Domain is 5106 to 1073741823
fSMORoleOwner = CN=NTDS

Settings,CN=DC1A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
* dc1a.MYDOMAIN.org is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1,OU=Domain
Controllers,DC=MYDOMAIN,DC=org
* rIDAllocationPool is 4606 to 5105
* rIDPreviousAllocationPool is 4606 to 5105
* rIDNextRID: 4606
......................... DC1 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC DC1 on DC DC1.
* SPN found :LDAP/DC1.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/DC1.MYDOMAIN.org
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/71d9def7-ea4b-4836-9016-ace5ca9c8a4d._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/71d9def7-ea4b-4836-9016-ace5ca9c8a4d/MYDOMAIN.org
* SPN found :HOST/DC1.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/DC1.MYDOMAIN.org
* SPN found :HOST/DC1
* SPN found :HOST/DC1.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/DC1.MYDOMAIN.org/MYDOMAIN.org
......................... DC1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=MYDOMAIN,DC=org
Checking for CN=DC1,OU=Domain Controllers,DC=MYDOMAIN,DC=org in
domain DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
Checking for CN=NTDS

Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
in domain

CN=Configuration,DC=MYDOMAIN,DC=org on 3 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL.
The error returned was 0 (The

operation completed successfully.). Check the FRS event log to see
if the SYSVOL has successfully been

shared.
......................... DC1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after
the SYSVOL has been shared.

Failing SYSVOL replication problems may cause Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 12:12:38
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 13:05:26
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C4
Time Generated: 03/09/2009 13:08:19
(Event String could not be retrieved)
......................... DC1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... DC1 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC1 passed test systemlog
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=MYDOMAIN,DC=org and

backlink on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org

are correct.
The system object reference (frsComputerReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=DC1,OU=Domain

Controllers,DC=MYDOMAIN,DC=org are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL

share),CN=File Replication Service,CN=System,DC=MYDOMAIN,DC=org and
backlink on CN=NTDS

Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=MYDOMAIN,DC=org
are

correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test
VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC DC1A for domain MYDOMAIN.org in site
Default-First-Site-Name
Checking machine account for DC DC1 on DC DC1A.
* SPN found :LDAP/DC1.MYDOMAIN.org/MYDOMAIN.org
* SPN found :LDAP/DC1.MYDOMAIN.org
* SPN found :LDAP/DC1
* SPN found :LDAP/DC1.MYDOMAIN.org/MYDOMAIN
* SPN found
:LDAP/71d9def7-ea4b-4836-9016-ace5ca9c8a4d._msdcs.MYDOMAIN.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/71d9def7-ea4b-4836-9016-ace5ca9c8a4d/MYDOMAIN.org
* SPN found :HOST/DC1.MYDOMAIN.org/MYDOMAIN.org
* SPN found :HOST/DC1.MYDOMAIN.org
* SPN found :HOST/DC1
* SPN found :HOST/DC1.MYDOMAIN.org/MYDOMAIN
* SPN found :GC/DC1.MYDOMAIN.org/MYDOMAIN.org
Checking for CN=DC1,OU=Domain Controllers,DC=MYDOMAIN,DC=org in
domain DC=MYDOMAIN,DC=org on 2 servers
Object is up-to-date on all servers.
[DC1] No security related replication errors were found on this DC!
To target the connection to a specific

source DC use /ReplSource:<DC>.
......................... DC1 passed test CheckSecurityError

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : MYDOMAIN
Starting test: CrossRefValidation
......................... MYDOMAIN passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... MYDOMAIN passed test CheckSDRefDom

Running enterprise tests on : MYDOMAIN.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope provided by the command line

arguments provided.
......................... MYDOMAIN.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc1a.MYDOMAIN.org
Locator Flags: 0xe00003fd
PDC Name: \\dc1a.MYDOMAIN.org
Locator Flags: 0xe00003fd
Time Server Name: \\dc1a.MYDOMAIN.org
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\dc1a.MYDOMAIN.org
Locator Flags: 0xe00003fd
KDC Name: \\dc1a.MYDOMAIN.org
Locator Flags: 0xe00003fd
......................... MYDOMAIN.org passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: DC2.MYDOMAIN.org
Domain: MYDOMAIN.org


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard (Service Pack
level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000012] Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client):
MAC address is 00:22:19:1E:A9:47
IP address is static
IP address: 192.168.20.13
DNS servers:
192.168.20.12 (<name unavailable>) [Valid]
192.168.20.13 (<name unavailable>) [Valid]
192.168.20.43 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
65.106.1.196 (<name unavailable>) [Valid]
65.106.7.196 (<name unavailable>) [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone MYDOMAIN.org.
Test record _dcdiag_test_record added successfully in zone
MYDOMAIN.org.
Test record _dcdiag_test_record deleted successfully in
zone MYDOMAIN.org.

TEST: Records registration (RReg)
Network Adapter [00000012] Broadcom BCM5708C NetXtreme II
GigE (NDIS VBD Client):
Matching A record found at DNS server 192.168.20.12:
DC2.MYDOMAIN.org

Matching CNAME record found at DNS server
192.168.20.12:
ac41956c-d7c8-4bcf-9b58-2c058643f70d._msdcs.MYDOMAIN.org

Matching DC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.dc._msdcs.MYDOMAIN.org

Matching GC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.gc._msdcs.MYDOMAIN.org

Total query time:0 min. 1 sec.. Total RPC connection time:0
min. 0 sec.
Total WMI connection time:0 min. 42 sec. Total Netuse
connection time:0 min. 0 sec.


DC: dc1a.MYDOMAIN.org
Domain: MYDOMAIN.org


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition
(Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000003] Intel(R) PRO/100 S Dual Port Server
Adapter:
MAC address is 00:02:B3:8F:2E:EF
IP address is static
IP address: 192.168.20.43
DNS servers:
192.168.20.12 (<name unavailable>) [Valid]
192.168.20.13 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
65.106.1.196 (<name unavailable>) [Valid]
65.106.7.196 (<name unavailable>) [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone MYDOMAIN.org.
Test record _dcdiag_test_record added successfully in zone
MYDOMAIN.org.
Test record _dcdiag_test_record deleted successfully in
zone MYDOMAIN.org.

TEST: Records registration (RReg)
Network Adapter [00000003] Intel(R) PRO/100 S Dual Port
Server Adapter:
Matching A record found at DNS server 192.168.20.12:
dc1a.MYDOMAIN.org

Matching CNAME record found at DNS server
192.168.20.12:
5c37a316-7388-4ec0-908e-d5480feec1a3._msdcs.MYDOMAIN.org

Matching DC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.dc._msdcs.MYDOMAIN.org

Matching GC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.gc._msdcs.MYDOMAIN.org

Matching PDC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.pdc._msdcs.MYDOMAIN.org

Matching A record found at DNS server 192.168.20.13:
dc1a.MYDOMAIN.org

Matching CNAME record found at DNS server
192.168.20.13:
5c37a316-7388-4ec0-908e-d5480feec1a3._msdcs.MYDOMAIN.org

Matching DC SRV record found at DNS server
192.168.20.13:
_ldap._tcp.dc._msdcs.MYDOMAIN.org

Matching GC SRV record found at DNS server
192.168.20.13:
_ldap._tcp.gc._msdcs.MYDOMAIN.org

Matching PDC SRV record found at DNS server
192.168.20.13:
_ldap._tcp.pdc._msdcs.MYDOMAIN.org

Total query time:0 min. 0 sec.. Total RPC connection time:0
min. 0 sec.
Total WMI connection time:0 min. 42 sec. Total Netuse
connection time:0 min. 0 sec.


DC: DC1.MYDOMAIN.org
Domain: MYDOMAIN.org


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Standard (Service Pack
level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000006] Intel(R) PRO/1000 PT Dual Port Server
Adapter:
MAC address is 00:15:17:9E:9F:64
IP address is static
IP address: 192.168.20.12
DNS servers:
192.168.20.12 (<name unavailable>) [Valid]
192.168.20.13 (<name unavailable>) [Valid]
192.168.20.43 (<name unavailable>) [Valid]
127.0.0.1 (<name unavailable>) [Valid]
Adapter [00000012] Broadcom BCM5708C NetXtreme II GigE
(NDIS VBD Client):
MAC address is 00:22:19:1E:A9:38
IP address is static
IP address: 1.1.1.1
DNS servers:
Warning: 127.0.0.1 (<name unavailable>) [Invalid
(unreachable)]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found
(primary)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
65.106.1.196 (<name unavailable>) [Valid]
65.106.7.196 (<name unavailable>) [Valid]

TEST: Delegations (Del)
No delegations were found in this zone on this DNS server

TEST: Dynamic update (Dyn)
Dynamic update is enabled on the zone MYDOMAIN.org.
Test record _dcdiag_test_record added successfully in zone
MYDOMAIN.org.
Test record _dcdiag_test_record deleted successfully in
zone MYDOMAIN.org.

TEST: Records registration (RReg)
Network Adapter [00000006] Intel(R) PRO/1000 PT Dual Port
Server Adapter:
Matching A record found at DNS server 192.168.20.12:
DC1.MYDOMAIN.org

Matching CNAME record found at DNS server
192.168.20.12:
71d9def7-ea4b-4836-9016-ace5ca9c8a4d._msdcs.MYDOMAIN.org

Matching DC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.dc._msdcs.MYDOMAIN.org

Matching GC SRV record found at DNS server
192.168.20.12:
_ldap._tcp.gc._msdcs.MYDOMAIN.org

Total query time:0 min. 29 sec.. Total RPC connection time:0
min. 0 sec.
Total WMI connection time:0 min. 47 sec. Total Netuse
connection time:0 min. 0 sec.

Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 1.1.1.1 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS

server 1.1.1.1
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period

expired.)]
Name resolution is not functional. _ldap._tcp.MYDOMAIN.org.
failed on the DNS server 1.1.1.1
[Error details: 1460 (Type: Win32 - Description: This
operation returned because the timeout period

expired.)]
Total query time:0 min. 24 sec., Total WMI connection time:0
min. 46 sec.

DNS server: 192.168.20.12 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
Total query time:0 min. 0 sec., Total WMI connection time:0
min. 0 sec.

DNS server: 192.168.20.13 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
Total query time:0 min. 0 sec., Total WMI connection time:0
min. 0 sec.

DNS server: 192.168.20.43 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Name resolution is funtional. _ldap._tcp SRV record for the
forest root domain is registered
Total query time:0 min. 5 sec., Total WMI connection time:0
min. 0 sec.

DNS server: 65.106.1.196 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Total query time:0 min. 1 sec., Total WMI connection time:0
min. 42 sec.

DNS server: 65.106.7.196 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server
Total query time:0 min. 0 sec., Total WMI connection time:0
min. 42 sec.

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg
Ext
__________________________________________________ ______________
Domain: MYDOMAIN.org
DC2 PASS PASS PASS PASS PASS PASS
n/a
dc1a PASS PASS PASS PASS PASS PASS
n/a
DC1 PASS WARN PASS PASS PASS PASS
n/a

Total Time taken to test all the DCs:2 min. 43 sec.
......................... MYDOMAIN.org passed test DNS