Repair DNS 4010 events...

Discussion in 'Windows Server' started by Jake, Nov 4, 2009.

  1. Jake

    Jake Guest

    Hi,

    About four weeks ago I had a post here with about the same subject. Due
    to heavy workload I hadn't time to follow up the last suggestions but I
    continue by posting the requested ipconfigs and dcdiags from both domain
    controllers. Se at the en of this post. DC1 is the main DC and DC2 is
    a secondary. I also want to mention that we run a separate Linux DHCP
    server (if that may influence anything here) and it points of course the
    clients' DNS to DC1 and DC2 in that order.

    Every time we restart the domain controllers we get a couple of 4010
    events, also some clients complain about long login times, and in their
    event logs there are entries about not finding the domain controller.

    My predecessor talked about a corrupted dns which he had had tried to
    repair / recreate. Also the domain has been renamed from single label
    to dotted domain name a long time ago. All this might be partially
    causes to the problems I now want to try to clean up.

    Anyway, I start with the ipconfigs and dcdiags and I hope we can proceed
    from there in chasing this error away.

    regards jake

    ******IPCONFIG /ALL for DC1
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : DC1
    Primary Dns Suffix . . . . . . . : LocalDomain.LAN
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : LocalDomain.LAN

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection
    Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 172.22.100.1
    DNS Servers . . . . . . . . . . . : 172.22.100.10
    172.22.100.11
    Primary WINS Server . . . . . . . : 172.22.100.13
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . :
    isatap.{53E1D6EF-858C-4F37-A103-B28155E8BDE3}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    ********* IPCONFIG /ALL for DC2
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : DC2
    Primary Dns Suffix . . . . . . . : LocalDomain.LAN
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : LocalDomain.LAN

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    Connection
    Physical Address. . . . . . . . . : 00-0C-29-8F-7A-80
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 172.22.100.11(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 172.22.100.1
    DNS Servers . . . . . . . . . . . : 172.22.100.11
    172.22.100.10
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter Local Area Connection* 8:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . :
    isatap.{BDAEFF9E-413C-4779-BD0C-532E325CB9FE}
    Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Local Area Connection* 9:

    Media State . . . . . . . . . . . : Media disconnected
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
    Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes

    ************** DCDIAG /v for DC1
    Directory Server Diagnosis
    Performing initial setup:
    Trying to find home server...

    * Verifying that the local machine DC1, is a Directory Server.
    Home Server = DC1

    * Connecting to directory service on server DC1.

    * Identified AD Forest.
    Collecting AD specific global data
    * Collecting site info.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    The previous call succeeded
    Iterating through the sites
    Looking at base site object: CN=NTDS Site
    Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Getting ISTG and options for the site
    * Identifying all servers.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    The previous call succeeded....
    The previous call succeeded
    Iterating through the list of servers
    Getting information for the server CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    Getting information for the server CN=NTDS
    Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    * Identifying all NC cross-refs.

    * Found 2 DC(s). Testing 1 of them.

    Done gathering initial info.


    Doing initial required tests


    Testing server: Default-First-Site\DC1

    Starting test: Connectivity

    * Active Directory LDAP Services Check
    Determining IP4 connectivity
    Determining IP6 connectivity
    * Active Directory RPC Services Check
    ......................... DC1 passed test Connectivity



    Doing primary tests


    Testing server: Default-First-Site\DC1

    Starting test: Advertising

    The DC DC1 is advertising itself as a DC and having a DS.
    The DC DC1 is advertising as an LDAP server
    The DC DC1 is advertising as having a writeable directory
    The DC DC1 is advertising as a Key Distribution Center
    The DC DC1 is advertising as a time server
    The DS DC1 is advertising as a GC.
    ......................... DC1 passed test Advertising

    Test omitted by user request: CheckSecurityError

    Test omitted by user request: CutoffServers

    Starting test: FrsEvent

    * The File Replication Service Event log test
    ......................... DC1 passed test FrsEvent

    Starting test: DFSREvent

    The DFS Replication Event Log.
    ......................... DC1 passed test DFSREvent

    Starting test: SysVolCheck

    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC1 passed test SysVolCheck

    Starting test: KccEvent

    * The KCC Event log test
    Found no KCC errors in "Directory Service" Event log in the
    last 15 minutes.
    ......................... DC1 passed test KccEvent

    Starting test: KnowsOfRoleHolders

    Role Schema Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Domain Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role PDC Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Rid Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    ......................... DC1 passed test KnowsOfRoleHolders

    Starting test: MachineAccount

    Checking machine account for DC DC1 on DC DC1.
    * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain.LAN
    * SPN found :LDAP/DC1.LocalDomain.LAN
    * SPN found :LDAP/DC1
    * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain
    * SPN found
    :LDAP/ad7d47f5-c84a-4622-ad2b-c885b7f675b2._msdcs.LocalDomain.LAN
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ad7d47f5-c84a-4622-ad2b-c885b7f675b2/LocalDomain.LAN
    * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain.LAN
    * SPN found :HOST/DC1.LocalDomain.LAN
    * SPN found :HOST/DC1
    * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain
    * SPN found :GC/DC1.LocalDomain.LAN/LocalDomain.LAN
    ......................... DC1 passed test MachineAccount

    Starting test: NCSecDesc

    * Security Permissions check for all NC's on DC DC1.
    * Security Permissions Check for

    DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    (NDNC,Version 3)
    * Security Permissions Check for

    DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    (NDNC,Version 3)
    * Security Permissions Check for

    CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    (Schema,Version 3)
    * Security Permissions Check for

    CN=Configuration,DC=LocalDomain,DC=LAN
    (Configuration,Version 3)
    * Security Permissions Check for

    DC=LocalDomain,DC=LAN
    (Domain,Version 3)
    ......................... DC1 passed test NCSecDesc

    Starting test: NetLogons

    * Network Logons Privileges Check
    Verified share \\DC1\netlogon
    Verified share \\DC1\sysvol
    ......................... DC1 passed test NetLogons

    Starting test: ObjectsReplicated

    DC1 is in domain DC=LocalDomain,DC=LAN
    Checking for CN=DC1,OU=Domain
    Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1
    servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers
    Object is up-to-date on all servers.
    ......................... DC1 passed test ObjectsReplicated

    Test omitted by user request: OutboundSecureChannels

    Starting test: Replications

    * Replications Check
    * Replication Latency Check
    DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    ......................... DC1 passed test Replications

    Starting test: RidManager

    * Available RID Pool for the Domain is 6105 to 1073741823
    * DC1.LocalDomain.LAN is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 5105 to 5604
    * rIDPreviousAllocationPool is 5105 to 5604
    * rIDNextRID: 5106
    ......................... DC1 passed test RidManager

    Starting test: Services

    * Checking Service: EventSystem
    * Checking Service: RpcSs
    * Checking Service: NTDS
    * Checking Service: DnsCache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC1 passed test Services

    Starting test: SystemLog

    * The System Event log test
    Found no errors in "System" Event log in the last 60 minutes.
    ......................... DC1 passed test SystemLog

    Test omitted by user request: Topology

    Test omitted by user request: VerifyEnterpriseReferences

    Starting test: VerifyReferences

    The system object reference (serverReference)

    CN=DC1,OU=Domain Controllers,DC=LocalDomain,DC=LAN and backlink on


    CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    are correct.
    The system object reference (serverReferenceBL)

    CN=DC1-2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=LocalDomain,DC=LAN

    and backlink on

    CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    are correct.
    ......................... DC1 passed test VerifyReferences

    Test omitted by user request: VerifyReplicas


    Test omitted by user request: DNS

    Test omitted by user request: DNS


    Running partition tests on : DomainDnsZones

    Starting test: CheckSDRefDom

    ......................... DomainDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... DomainDnsZones passed test

    CrossRefValidation


    Running partition tests on : ForestDnsZones

    Starting test: CheckSDRefDom

    ......................... ForestDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... ForestDnsZones passed test

    CrossRefValidation


    Running partition tests on : Schema

    Starting test: CheckSDRefDom

    ......................... Schema passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Schema passed test CrossRefValidation


    Running partition tests on : Configuration

    Starting test: CheckSDRefDom

    ......................... Configuration passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Configuration passed test
    CrossRefValidation


    Running partition tests on : LocalDomain

    Starting test: CheckSDRefDom

    ......................... LocalDomain passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... LocalDomain passed test
    CrossRefValidation


    Running enterprise tests on : LocalDomain.LAN

    Test omitted by user request: DNS

    Test omitted by user request: DNS

    Starting test: LocatorCheck

    GC Name: \\DC1.LocalDomain.LAN

    Locator Flags: 0xe00013fd
    PDC Name: \\DC1.LocalDomain.LAN
    Locator Flags: 0xe00013fd
    Time Server Name: \\DC1.LocalDomain.LAN
    Locator Flags: 0xe00013fd
    Preferred Time Server Name: \\DC1.LocalDomain.LAN
    Locator Flags: 0xe00013fd
    KDC Name: \\DC1.LocalDomain.LAN
    Locator Flags: 0xe00013fd
    ......................... LocalDomain.LAN passed test LocatorCheck

    Starting test: Intersite

    Skipping site Default-First-Site, this site is outside the scope

    provided by the command line arguments provided.
    ......................... LocalDomain.LAN passed test Intersite


    ************** DCDIAG /v for DC2
    Directory Server Diagnosis
    Performing initial setup:
    Trying to find home server...

    * Verifying that the local machine DC2, is a Directory Server.
    Home Server = DC2

    * Connecting to directory service on server DC2.

    * Identified AD Forest.
    Collecting AD specific global data
    * Collecting site info.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    The previous call succeeded
    Iterating through the sites
    Looking at base site object: CN=NTDS Site
    Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Getting ISTG and options for the site
    * Identifying all servers.

    Calling
    ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    The previous call succeeded....
    The previous call succeeded
    Iterating through the list of servers
    Getting information for the server CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    Getting information for the server CN=NTDS
    Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    objectGuid obtained
    InvocationID obtained
    dnsHostname obtained
    site info obtained
    All the info for the server collected
    * Identifying all NC cross-refs.

    * Found 2 DC(s). Testing 1 of them.

    Done gathering initial info.


    Doing initial required tests


    Testing server: Default-First-Site\DC2

    Starting test: Connectivity

    * Active Directory LDAP Services Check
    Determining IP4 connectivity
    Determining IP6 connectivity
    * Active Directory RPC Services Check
    ......................... DC2 passed test Connectivity



    Doing primary tests


    Testing server: Default-First-Site\DC2

    Starting test: Advertising

    The DC DC2 is advertising itself as a DC and having a DS.
    The DC DC2 is advertising as an LDAP server
    The DC DC2 is advertising as having a writeable directory
    The DC DC2 is advertising as a Key Distribution Center
    The DC DC2 is advertising as a time server
    The DS DC2 is advertising as a GC.
    ......................... DC2 passed test Advertising

    Test omitted by user request: CheckSecurityError

    Test omitted by user request: CutoffServers

    Starting test: FrsEvent

    * The File Replication Service Event log test
    ......................... DC2 passed test FrsEvent

    Starting test: DFSREvent

    The DFS Replication Event Log.
    ......................... DC2 passed test DFSREvent

    Starting test: SysVolCheck

    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC2 passed test SysVolCheck

    Starting test: KccEvent

    * The KCC Event log test
    Found no KCC errors in "Directory Service" Event log in the
    last 15 minutes.
    ......................... DC2 passed test KccEvent

    Starting test: KnowsOfRoleHolders

    Role Schema Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Domain Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role PDC Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Rid Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    ......................... DC2 passed test KnowsOfRoleHolders

    Starting test: MachineAccount

    Checking machine account for DC DC2 on DC DC2.
    * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain.LAN
    * SPN found :LDAP/DC2.LocalDomain.LAN
    * SPN found :LDAP/DC2
    * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain
    * SPN found
    :LDAP/1799c6b1-0369-4d37-89ae-f2387dc63968._msdcs.LocalDomain.LAN
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1799c6b1-0369-4d37-89ae-f2387dc63968/LocalDomain.LAN
    * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain.LAN
    * SPN found :HOST/DC2.LocalDomain.LAN
    * SPN found :HOST/DC2
    * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain
    * SPN found :GC/DC2.LocalDomain.LAN/LocalDomain.LAN
    ......................... DC2 passed test MachineAccount

    Starting test: NCSecDesc

    * Security Permissions check for all NC's on DC DC2.
    * Security Permissions Check for

    DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    (NDNC,Version 3)
    * Security Permissions Check for

    DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    (NDNC,Version 3)
    * Security Permissions Check for

    CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    (Schema,Version 3)
    * Security Permissions Check for

    CN=Configuration,DC=LocalDomain,DC=LAN
    (Configuration,Version 3)
    * Security Permissions Check for

    DC=LocalDomain,DC=LAN
    (Domain,Version 3)
    ......................... DC2 passed test NCSecDesc

    Starting test: NetLogons

    * Network Logons Privileges Check
    Verified share \\DC2\netlogon
    Verified share \\DC2\sysvol
    ......................... DC2 passed test NetLogons

    Starting test: ObjectsReplicated

    DC2 is in domain DC=LocalDomain,DC=LAN
    Checking for CN=DC2,OU=Domain
    Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1
    servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN
    in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers
    Object is up-to-date on all servers.
    ......................... DC2 passed test ObjectsReplicated

    Test omitted by user request: OutboundSecureChannels

    Starting test: Replications

    * Replications Check
    * Replication Latency Check
    DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=LocalDomain,DC=LAN
    Latency information for 7 entries in the vector were
    ignored.
    7 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    ......................... DC2 passed test Replications

    Starting test: RidManager

    * Available RID Pool for the Domain is 6105 to 1073741823
    * DC1.LocalDomain.LAN is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 5605 to 6104
    * rIDPreviousAllocationPool is 5605 to 6104
    * rIDNextRID: 5609
    ......................... DC2 passed test RidManager

    Starting test: Services

    * Checking Service: EventSystem
    * Checking Service: RpcSs
    * Checking Service: NTDS
    * Checking Service: DnsCache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC2 passed test Services

    Starting test: SystemLog

    * The System Event log test
    An Warning Event occurred. EventID: 0x00001695

    Time Generated: 11/04/2009 09:52:07

    EvtFormatMessage failed, error 15100 Win32 Error 15100.
    (Event String (event log = System) could not be retrieved,
    error

    0x3afc)

    Found no errors in "System" Event log in the last 60 minutes.
    ......................... DC2 passed test SystemLog

    Test omitted by user request: Topology

    Test omitted by user request: VerifyEnterpriseReferences

    Starting test: VerifyReferences

    The system object reference (serverReference)

    CN=DC2,OU=Domain Controllers,DC=LocalDomain,DC=LAN and backlink on


    CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    are correct.
    The system object reference (serverReferenceBL)

    CN=DC2-2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=LocalDomain,DC=LAN

    and backlink on

    CN=NTDS
    Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomain,DC=LAN

    are correct.
    ......................... DC2 passed test VerifyReferences

    Test omitted by user request: VerifyReplicas


    Test omitted by user request: DNS

    Test omitted by user request: DNS


    Running partition tests on : DomainDnsZones

    Starting test: CheckSDRefDom

    ......................... DomainDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... DomainDnsZones passed test

    CrossRefValidation


    Running partition tests on : ForestDnsZones

    Starting test: CheckSDRefDom

    ......................... ForestDnsZones passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... ForestDnsZones passed test

    CrossRefValidation


    Running partition tests on : Schema

    Starting test: CheckSDRefDom

    ......................... Schema passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Schema passed test CrossRefValidation


    Running partition tests on : Configuration

    Starting test: CheckSDRefDom

    ......................... Configuration passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... Configuration passed test
    CrossRefValidation


    Running partition tests on : LocalDomain

    Starting test: CheckSDRefDom

    ......................... LocalDomain passed test CheckSDRefDom

    Starting test: CrossRefValidation

    ......................... LocalDomain passed test
    CrossRefValidation


    Running enterprise tests on : LocalDomain.LAN

    Test omitted by user request: DNS

    Test omitted by user request: DNS

    Starting test: LocatorCheck

    GC Name: \\DC2.LocalDomain.LAN

    Locator Flags: 0xe00013fc
    PDC Name: \\DC1.LocalDomain.LAN
    Locator Flags: 0xe00013fd
    Time Server Name: \\DC2.LocalDomain.LAN
    Locator Flags: 0xe00013fc
    Preferred Time Server Name: \\DC2.LocalDomain.LAN
    Locator Flags: 0xe00013fc
    KDC Name: \\DC2.LocalDomain.LAN
    Locator Flags: 0xe00013fc
    ......................... LocalDomain.LAN passed test LocatorCheck

    Starting test: Intersite

    Skipping site Default-First-Site, this site is outside the scope

    provided by the command line arguments provided.
    ......................... LocalDomain.LAN passed test Intersite
     
    Jake, Nov 4, 2009
    #1
    1. Advertising

  2. Hello Jake,

    The ipconfig's look ok, also the dcdiag output. As the OS is 2008 i suggest
    to disable IPv6 on the DC according to:
    http://blogs.dirteam.com/blogs/paulbergson/archive/2009/03/19/disabling-ipv6-on-windows-2008.aspx

    Did you also check the reply from Ace?
    -------------------------------------------
    Jake,

    Sounds like you may possibly have a dupe zone. Read the following to find
    out or at least eliminate this possibility.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones

    http://msmvps.com/blogs/acefekay/ar...ing-or-duplicate-ad-integrated-dns-zones.aspx

    Ace
    -------------------------------------------

    Best regards

    Meinolf Weber
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
    ** Please do NOT email, only reply to Newsgroups
    ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


    > Hi,
    >
    > About four weeks ago I had a post here with about the same subject.
    > Due to heavy workload I hadn't time to follow up the last suggestions
    > but I continue by posting the requested ipconfigs and dcdiags from
    > both domain controllers. Se at the en of this post. DC1 is the main
    > DC and DC2 is a secondary. I also want to mention that we run a
    > separate Linux DHCP server (if that may influence anything here) and
    > it points of course the clients' DNS to DC1 and DC2 in that order.
    >
    > Every time we restart the domain controllers we get a couple of 4010
    > events, also some clients complain about long login times, and in
    > their event logs there are entries about not finding the domain
    > controller.
    >
    > My predecessor talked about a corrupted dns which he had had tried to
    > repair / recreate. Also the domain has been renamed from single label
    > to dotted domain name a long time ago. All this might be partially
    > causes to the problems I now want to try to clean up.
    >
    > Anyway, I start with the ipconfigs and dcdiags and I hope we can
    > proceed from there in chasing this error away.
    >
    > regards jake
    >
    > ******IPCONFIG /ALL for DC1
    > Windows IP Configuration
    > Host Name . . . . . . . . . . . . : DC1
    > Primary Dns Suffix . . . . . . . : LocalDomain.LAN
    > Node Type . . . . . . . . . . . . : Hybrid
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : LocalDomain.LAN
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    > Connection
    > Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred)
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 172.22.100.1
    > DNS Servers . . . . . . . . . . . : 172.22.100.10
    > 172.22.100.11
    > Primary WINS Server . . . . . . . : 172.22.100.13
    > NetBIOS over Tcpip. . . . . . . . : Enabled
    > Tunnel adapter Local Area Connection* 8:
    >
    > Media State . . . . . . . . . . . : Media disconnected
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . :
    > isatap.{53E1D6EF-858C-4F37-A103-B28155E8BDE3}
    > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > Tunnel adapter Local Area Connection* 9:
    >
    > Media State . . . . . . . . . . . : Media disconnected
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Teredo Tunneling
    > Pseudo-Interface
    > Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > ********* IPCONFIG /ALL for DC2
    > Windows IP Configuration
    > Host Name . . . . . . . . . . . . : DC2
    > Primary Dns Suffix . . . . . . . : LocalDomain.LAN
    > Node Type . . . . . . . . . . . . : Hybrid
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : LocalDomain.LAN
    > Ethernet adapter Local Area Connection:
    >
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
    > Connection
    > Physical Address. . . . . . . . . : 00-0C-29-8F-7A-80
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > IPv4 Address. . . . . . . . . . . : 172.22.100.11(Preferred)
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 172.22.100.1
    > DNS Servers . . . . . . . . . . . : 172.22.100.11
    > 172.22.100.10
    > NetBIOS over Tcpip. . . . . . . . : Enabled
    > Tunnel adapter Local Area Connection* 8:
    >
    > Media State . . . . . . . . . . . : Media disconnected
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . :
    > isatap.{BDAEFF9E-413C-4779-BD0C-532E325CB9FE}
    > Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > Tunnel adapter Local Area Connection* 9:
    >
    > Media State . . . . . . . . . . . : Media disconnected
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Teredo Tunneling
    > Pseudo-Interface
    > Physical Address. . . . . . . . . : 02-00-54-55-4E-01
    > DHCP Enabled. . . . . . . . . . . : No
    > Autoconfiguration Enabled . . . . : Yes
    > ************** DCDIAG /v for DC1
    > Directory Server Diagnosis
    > Performing initial setup:
    > Trying to find home server...
    > * Verifying that the local machine DC1, is a Directory Server.
    > Home Server = DC1
    > * Connecting to directory service on server DC1.
    >
    > * Identified AD Forest.
    > Collecting AD specific global data
    > * Collecting site info.
    > Calling
    > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=
    > LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    > The previous call succeeded
    > Iterating through the sites
    > Looking at base site object: CN=NTDS Site
    > Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomai
    > n,DC=LAN
    > Getting ISTG and options for the site
    > * Identifying all servers.
    > Calling
    > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=
    > LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    > The previous call succeeded....
    > The previous call succeeded
    > Iterating through the list of servers
    > Getting information for the server CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > objectGuid obtained
    > InvocationID obtained
    > dnsHostname obtained
    > site info obtained
    > All the info for the server collected
    > Getting information for the server CN=NTDS
    > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > objectGuid obtained
    > InvocationID obtained
    > dnsHostname obtained
    > site info obtained
    > All the info for the server collected
    > * Identifying all NC cross-refs.
    > * Found 2 DC(s). Testing 1 of them.
    >
    > Done gathering initial info.
    >
    > Doing initial required tests
    >
    > Testing server: Default-First-Site\DC1
    >
    > Starting test: Connectivity
    >
    > * Active Directory LDAP Services Check
    > Determining IP4 connectivity
    > Determining IP6 connectivity
    > * Active Directory RPC Services Check
    > ......................... DC1 passed test Connectivity
    > Doing primary tests
    >
    > Testing server: Default-First-Site\DC1
    >
    > Starting test: Advertising
    >
    > The DC DC1 is advertising itself as a DC and having a DS.
    > The DC DC1 is advertising as an LDAP server
    > The DC DC1 is advertising as having a writeable directory
    > The DC DC1 is advertising as a Key Distribution Center
    > The DC DC1 is advertising as a time server
    > The DS DC1 is advertising as a GC.
    > ......................... DC1 passed test Advertising
    > Test omitted by user request: CheckSecurityError
    >
    > Test omitted by user request: CutoffServers
    >
    > Starting test: FrsEvent
    >
    > * The File Replication Service Event log test
    > ......................... DC1 passed test FrsEvent
    > Starting test: DFSREvent
    >
    > The DFS Replication Event Log.
    > ......................... DC1 passed test DFSREvent
    > Starting test: SysVolCheck
    >
    > * The File Replication Service SYSVOL ready test
    > File Replication Service's SYSVOL is ready
    > ......................... DC1 passed test SysVolCheck
    > Starting test: KccEvent
    >
    > * The KCC Event log test
    > Found no KCC errors in "Directory Service" Event log in the
    > last 15 minutes.
    > ......................... DC1 passed test KccEvent
    > Starting test: KnowsOfRoleHolders
    >
    > Role Schema Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Domain Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role PDC Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Rid Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Infrastructure Update Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > ......................... DC1 passed test KnowsOfRoleHolders
    > Starting test: MachineAccount
    >
    > Checking machine account for DC DC1 on DC DC1.
    > * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain.LAN
    > * SPN found :LDAP/DC1.LocalDomain.LAN
    > * SPN found :LDAP/DC1
    > * SPN found :LDAP/DC1.LocalDomain.LAN/LocalDomain
    > * SPN found
    > :LDAP/ad7d47f5-c84a-4622-ad2b-c885b7f675b2._msdcs.LocalDomain.LAN
    > * SPN found
    > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ad7d47f5-c84a-4622-ad2b-c885b7f6
    > 75b2/LocalDomain.LAN
    > * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain.LAN
    > * SPN found :HOST/DC1.LocalDomain.LAN
    > * SPN found :HOST/DC1
    > * SPN found :HOST/DC1.LocalDomain.LAN/LocalDomain
    > * SPN found :GC/DC1.LocalDomain.LAN/LocalDomain.LAN
    > ......................... DC1 passed test MachineAccount
    > Starting test: NCSecDesc
    >
    > * Security Permissions check for all NC's on DC DC1.
    > * Security Permissions Check for
    > DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    > (NDNC,Version 3)
    > * Security Permissions Check for
    > DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    > (NDNC,Version 3)
    > * Security Permissions Check for
    > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    > (Schema,Version 3)
    > * Security Permissions Check for
    > CN=Configuration,DC=LocalDomain,DC=LAN
    > (Configuration,Version 3)
    > * Security Permissions Check for
    > DC=LocalDomain,DC=LAN
    > (Domain,Version 3)
    > ......................... DC1 passed test NCSecDesc
    > Starting test: NetLogons
    >
    > * Network Logons Privileges Check
    > Verified share \\DC1\netlogon
    > Verified share \\DC1\sysvol
    > ......................... DC1 passed test NetLogons
    > Starting test: ObjectsReplicated
    >
    > DC1 is in domain DC=LocalDomain,DC=LAN
    > Checking for CN=DC1,OU=Domain
    > Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1
    > servers
    > Object is up-to-date on all servers.
    > Checking for CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers
    > Object is up-to-date on all servers.
    > ......................... DC1 passed test ObjectsReplicated
    > Test omitted by user request: OutboundSecureChannels
    >
    > Starting test: Replications
    >
    > * Replications Check
    > * Replication Latency Check
    > DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > CN=Configuration,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > ......................... DC1 passed test Replications
    > Starting test: RidManager
    >
    > * Available RID Pool for the Domain is 6105 to 1073741823
    > * DC1.LocalDomain.LAN is the RID Master
    > * DsBind with RID Master was successful
    > * rIDAllocationPool is 5105 to 5604
    > * rIDPreviousAllocationPool is 5105 to 5604
    > * rIDNextRID: 5106
    > ......................... DC1 passed test RidManager
    > Starting test: Services
    >
    > * Checking Service: EventSystem
    > * Checking Service: RpcSs
    > * Checking Service: NTDS
    > * Checking Service: DnsCache
    > * Checking Service: NtFrs
    > * Checking Service: IsmServ
    > * Checking Service: kdc
    > * Checking Service: SamSs
    > * Checking Service: LanmanServer
    > * Checking Service: LanmanWorkstation
    > * Checking Service: w32time
    > * Checking Service: NETLOGON
    > ......................... DC1 passed test Services
    > Starting test: SystemLog
    >
    > * The System Event log test
    > Found no errors in "System" Event log in the last 60
    > minutes.
    > ......................... DC1 passed test SystemLog
    > Test omitted by user request: Topology
    >
    > Test omitted by user request: VerifyEnterpriseReferences
    >
    > Starting test: VerifyReferences
    >
    > The system object reference (serverReference)
    >
    > CN=DC1,OU=Domain Controllers,DC=LocalDomain,DC=LAN and
    > backlink on
    >
    > CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=L
    > ocalDomain,DC=LAN
    >
    > are correct.
    > The system object reference (serverReferenceBL)
    > CN=DC1-2,CN=Domain System Volume (SYSVOL share),CN=File
    > Replication Service,CN=System,DC=LocalDomain,DC=LAN
    >
    > and backlink on
    >
    > CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    >
    > are correct.
    > ......................... DC1 passed test VerifyReferences
    > Test omitted by user request: VerifyReplicas
    >
    > Test omitted by user request: DNS
    >
    > Test omitted by user request: DNS
    >
    > Running partition tests on : DomainDnsZones
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... DomainDnsZones passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... DomainDnsZones passed test
    >
    > CrossRefValidation
    >
    > Running partition tests on : ForestDnsZones
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... ForestDnsZones passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... ForestDnsZones passed test
    >
    > CrossRefValidation
    >
    > Running partition tests on : Schema
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... Schema passed test CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... Schema passed test
    > CrossRefValidation
    >
    > Running partition tests on : Configuration
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... Configuration passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... Configuration passed test
    > CrossRefValidation
    >
    > Running partition tests on : LocalDomain
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... LocalDomain passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... LocalDomain passed test
    > CrossRefValidation
    >
    > Running enterprise tests on : LocalDomain.LAN
    >
    > Test omitted by user request: DNS
    >
    > Test omitted by user request: DNS
    >
    > Starting test: LocatorCheck
    >
    > GC Name: \\DC1.LocalDomain.LAN
    >
    > Locator Flags: 0xe00013fd
    > PDC Name: \\DC1.LocalDomain.LAN
    > Locator Flags: 0xe00013fd
    > Time Server Name: \\DC1.LocalDomain.LAN
    > Locator Flags: 0xe00013fd
    > Preferred Time Server Name: \\DC1.LocalDomain.LAN
    > Locator Flags: 0xe00013fd
    > KDC Name: \\DC1.LocalDomain.LAN
    > Locator Flags: 0xe00013fd
    > ......................... LocalDomain.LAN passed test
    > LocatorCheck
    > Starting test: Intersite
    >
    > Skipping site Default-First-Site, this site is outside the
    > scope
    >
    > provided by the command line arguments provided.
    > ......................... LocalDomain.LAN passed test
    > Intersite
    > ************** DCDIAG /v for DC2
    > Directory Server Diagnosis
    > Performing initial setup:
    > Trying to find home server...
    > * Verifying that the local machine DC2, is a Directory Server.
    > Home Server = DC2
    > * Connecting to directory service on server DC2.
    >
    > * Identified AD Forest.
    > Collecting AD specific global data
    > * Collecting site info.
    > Calling
    > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=
    > LAN,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
    > The previous call succeeded
    > Iterating through the sites
    > Looking at base site object: CN=NTDS Site
    > Settings,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=LocalDomai
    > n,DC=LAN
    > Getting ISTG and options for the site
    > * Identifying all servers.
    > Calling
    > ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=LocalDomain,DC=
    > LAN,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
    > The previous call succeeded....
    > The previous call succeeded
    > Iterating through the list of servers
    > Getting information for the server CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > objectGuid obtained
    > InvocationID obtained
    > dnsHostname obtained
    > site info obtained
    > All the info for the server collected
    > Getting information for the server CN=NTDS
    > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > objectGuid obtained
    > InvocationID obtained
    > dnsHostname obtained
    > site info obtained
    > All the info for the server collected
    > * Identifying all NC cross-refs.
    > * Found 2 DC(s). Testing 1 of them.
    >
    > Done gathering initial info.
    >
    > Doing initial required tests
    >
    > Testing server: Default-First-Site\DC2
    >
    > Starting test: Connectivity
    >
    > * Active Directory LDAP Services Check
    > Determining IP4 connectivity
    > Determining IP6 connectivity
    > * Active Directory RPC Services Check
    > ......................... DC2 passed test Connectivity
    > Doing primary tests
    >
    > Testing server: Default-First-Site\DC2
    >
    > Starting test: Advertising
    >
    > The DC DC2 is advertising itself as a DC and having a DS.
    > The DC DC2 is advertising as an LDAP server
    > The DC DC2 is advertising as having a writeable directory
    > The DC DC2 is advertising as a Key Distribution Center
    > The DC DC2 is advertising as a time server
    > The DS DC2 is advertising as a GC.
    > ......................... DC2 passed test Advertising
    > Test omitted by user request: CheckSecurityError
    >
    > Test omitted by user request: CutoffServers
    >
    > Starting test: FrsEvent
    >
    > * The File Replication Service Event log test
    > ......................... DC2 passed test FrsEvent
    > Starting test: DFSREvent
    >
    > The DFS Replication Event Log.
    > ......................... DC2 passed test DFSREvent
    > Starting test: SysVolCheck
    >
    > * The File Replication Service SYSVOL ready test
    > File Replication Service's SYSVOL is ready
    > ......................... DC2 passed test SysVolCheck
    > Starting test: KccEvent
    >
    > * The KCC Event log test
    > Found no KCC errors in "Directory Service" Event log in the
    > last 15 minutes.
    > ......................... DC2 passed test KccEvent
    > Starting test: KnowsOfRoleHolders
    >
    > Role Schema Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Domain Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role PDC Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Rid Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > Role Infrastructure Update Owner = CN=NTDS
    > Settings,CN=DC1,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > ......................... DC2 passed test KnowsOfRoleHolders
    > Starting test: MachineAccount
    >
    > Checking machine account for DC DC2 on DC DC2.
    > * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain.LAN
    > * SPN found :LDAP/DC2.LocalDomain.LAN
    > * SPN found :LDAP/DC2
    > * SPN found :LDAP/DC2.LocalDomain.LAN/LocalDomain
    > * SPN found
    > :LDAP/1799c6b1-0369-4d37-89ae-f2387dc63968._msdcs.LocalDomain.LAN
    > * SPN found
    > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1799c6b1-0369-4d37-89ae-f2387dc6
    > 3968/LocalDomain.LAN
    > * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain.LAN
    > * SPN found :HOST/DC2.LocalDomain.LAN
    > * SPN found :HOST/DC2
    > * SPN found :HOST/DC2.LocalDomain.LAN/LocalDomain
    > * SPN found :GC/DC2.LocalDomain.LAN/LocalDomain.LAN
    > ......................... DC2 passed test MachineAccount
    > Starting test: NCSecDesc
    >
    > * Security Permissions check for all NC's on DC DC2.
    > * Security Permissions Check for
    > DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    > (NDNC,Version 3)
    > * Security Permissions Check for
    > DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    > (NDNC,Version 3)
    > * Security Permissions Check for
    > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    > (Schema,Version 3)
    > * Security Permissions Check for
    > CN=Configuration,DC=LocalDomain,DC=LAN
    > (Configuration,Version 3)
    > * Security Permissions Check for
    > DC=LocalDomain,DC=LAN
    > (Domain,Version 3)
    > ......................... DC2 passed test NCSecDesc
    > Starting test: NetLogons
    >
    > * Network Logons Privileges Check
    > Verified share \\DC2\netlogon
    > Verified share \\DC2\sysvol
    > ......................... DC2 passed test NetLogons
    > Starting test: ObjectsReplicated
    >
    > DC2 is in domain DC=LocalDomain,DC=LAN
    > Checking for CN=DC2,OU=Domain
    > Controllers,DC=LocalDomain,DC=LAN in domain DC=LocalDomain,DC=LAN on 1
    > servers
    > Object is up-to-date on all servers.
    > Checking for CN=NTDS
    > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    > in domain CN=Configuration,DC=LocalDomain,DC=LAN on 1 servers
    > Object is up-to-date on all servers.
    > ......................... DC2 passed test ObjectsReplicated
    > Test omitted by user request: OutboundSecureChannels
    >
    > Starting test: Replications
    >
    > * Replications Check
    > * Replication Latency Check
    > DC=DomainDnsZones,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > DC=ForestDnsZones,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > CN=Schema,CN=Configuration,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > CN=Configuration,DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > DC=LocalDomain,DC=LAN
    > Latency information for 7 entries in the vector were
    > ignored.
    > 7 were retired Invocations. 0 were either:
    > read-only
    > replicas and are not verifiably latent, or dc's no longer replicating
    > this nc. 0 had no latency information (Win2K DC).
    > ......................... DC2 passed test Replications
    > Starting test: RidManager
    >
    > * Available RID Pool for the Domain is 6105 to 1073741823
    > * DC1.LocalDomain.LAN is the RID Master
    > * DsBind with RID Master was successful
    > * rIDAllocationPool is 5605 to 6104
    > * rIDPreviousAllocationPool is 5605 to 6104
    > * rIDNextRID: 5609
    > ......................... DC2 passed test RidManager
    > Starting test: Services
    >
    > * Checking Service: EventSystem
    > * Checking Service: RpcSs
    > * Checking Service: NTDS
    > * Checking Service: DnsCache
    > * Checking Service: NtFrs
    > * Checking Service: IsmServ
    > * Checking Service: kdc
    > * Checking Service: SamSs
    > * Checking Service: LanmanServer
    > * Checking Service: LanmanWorkstation
    > * Checking Service: w32time
    > * Checking Service: NETLOGON
    > ......................... DC2 passed test Services
    > Starting test: SystemLog
    >
    > * The System Event log test
    > An Warning Event occurred. EventID: 0x00001695
    > Time Generated: 11/04/2009 09:52:07
    >
    > EvtFormatMessage failed, error 15100 Win32 Error 15100.
    > (Event String (event log = System) could not be
    > retrieved,
    > error
    > 0x3afc)
    >
    > Found no errors in "System" Event log in the last 60
    > minutes.
    > ......................... DC2 passed test SystemLog
    > Test omitted by user request: Topology
    >
    > Test omitted by user request: VerifyEnterpriseReferences
    >
    > Starting test: VerifyReferences
    >
    > The system object reference (serverReference)
    >
    > CN=DC2,OU=Domain Controllers,DC=LocalDomain,DC=LAN and
    > backlink on
    >
    > CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configuration,DC=L
    > ocalDomain,DC=LAN
    >
    > are correct.
    > The system object reference (serverReferenceBL)
    > CN=DC2-2,CN=Domain System Volume (SYSVOL share),CN=File
    > Replication Service,CN=System,DC=LocalDomain,DC=LAN
    >
    > and backlink on
    >
    > CN=NTDS
    > Settings,CN=DC2,CN=Servers,CN=Default-First-Site,CN=Sites,CN=Configura
    > tion,DC=LocalDomain,DC=LAN
    >
    > are correct.
    > ......................... DC2 passed test VerifyReferences
    > Test omitted by user request: VerifyReplicas
    >
    > Test omitted by user request: DNS
    >
    > Test omitted by user request: DNS
    >
    > Running partition tests on : DomainDnsZones
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... DomainDnsZones passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... DomainDnsZones passed test
    >
    > CrossRefValidation
    >
    > Running partition tests on : ForestDnsZones
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... ForestDnsZones passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... ForestDnsZones passed test
    >
    > CrossRefValidation
    >
    > Running partition tests on : Schema
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... Schema passed test CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... Schema passed test
    > CrossRefValidation
    >
    > Running partition tests on : Configuration
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... Configuration passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... Configuration passed test
    > CrossRefValidation
    >
    > Running partition tests on : LocalDomain
    >
    > Starting test: CheckSDRefDom
    >
    > ......................... LocalDomain passed test
    > CheckSDRefDom
    >
    > Starting test: CrossRefValidation
    >
    > ......................... LocalDomain passed test
    > CrossRefValidation
    >
    > Running enterprise tests on : LocalDomain.LAN
    >
    > Test omitted by user request: DNS
    >
    > Test omitted by user request: DNS
    >
    > Starting test: LocatorCheck
    >
    > GC Name: \\DC2.LocalDomain.LAN
    >
    > Locator Flags: 0xe00013fc
    > PDC Name: \\DC1.LocalDomain.LAN
    > Locator Flags: 0xe00013fd
    > Time Server Name: \\DC2.LocalDomain.LAN
    > Locator Flags: 0xe00013fc
    > Preferred Time Server Name: \\DC2.LocalDomain.LAN
    > Locator Flags: 0xe00013fc
    > KDC Name: \\DC2.LocalDomain.LAN
    > Locator Flags: 0xe00013fc
    > ......................... LocalDomain.LAN passed test
    > LocatorCheck
    > Starting test: Intersite
    >
    > Skipping site Default-First-Site, this site is outside the
    > scope
    >
    > provided by the command line arguments provided.
    > ......................... LocalDomain.LAN passed test
    > Intersite
     
    Meinolf Weber [MVP-DS], Nov 4, 2009
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. James

    DNS Error ID 4010, 4015, 4004

    James, Mar 26, 2006, in forum: Windows Small Business Server
    Replies:
    1
    Views:
    847
    Brandy Nee [MSFT]
    Mar 27, 2006
  2. Jake

    Get rid of DNS 4010 events...

    Jake, Oct 5, 2009, in forum: Windows Server
    Replies:
    16
    Views:
    976
    Ace Fekay [MCT]
    Oct 6, 2009
  3. sherwood

    dns error 4010

    sherwood, Jun 1, 2004, in forum: DNS Server
    Replies:
    5
    Views:
    383
    Kevin D. Goodknecht [MVP]
    Jun 2, 2004
  4. Damir Kh. Shakirov

    DNS 4010

    Damir Kh. Shakirov, Jan 12, 2006, in forum: DNS Server
    Replies:
    4
    Views:
    500
    Damir Kh. Shakirov
    Jan 16, 2006
  5. Eric Guzman

    DNS Severs giving out Event ID 4010

    Eric Guzman, May 12, 2008, in forum: DNS Server
    Replies:
    2
    Views:
    812
    Eric Guzman
    May 12, 2008
Loading...

Share This Page