Dcdiag fails on domain member ?

Discussion in 'Server Networking' started by Tony B, Mar 9, 2009.

  1. Tony B

    Tony B Guest

    On of my colleagues is trying to install windows deployment server, and
    having some possible AD problems. So we decided to use dcdiag and make sure
    the DC seemd ok. I ran Dcdiag on the DC and it passes fine, no errors. I
    then ran it on a XP machine which is a member of the domain, and there is
    one failure which states
    ......
    Starting test: RidManager
    ......................... ORAC passed test RidManager
    Starting test: MachineAccount
    Could not get NetBIOSDomainName
    Failed can not test for HOST SPN
    Failed can not test for HOST SPN
    * Missing SPN :(null)
    * Missing SPN :(null)
    ......................... ORAC failed test MachineAccount
    Starting test: Services
    ......................... ORAC passed test Services
    ....
    What does this mean ? How can I fix it ? (I made sure netbios over tcpip is
    enabled in tcpip advanced properties.)

    Tony
     
    Tony B, Mar 9, 2009
    #1
    1. Advertisements

  2. ....
    It means you are supposed to run DCDiag on the DC,...not the workstations.

    You run NetDiag on the Workstations.


    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 9, 2009
    #2
    1. Advertisements

  3. Tony B

    Tony B Guest


    Dcdiag has an option /s:domaincontrollername, so you can run it on xp
    machine and tell it to connect to the dc ? It seems to me it can be run on a
    non DC otherwise why have this option ?
     
    Tony B, Mar 9, 2009
    #3
  4. Hello Tony,

    If the support tools are installed on the client OS it works also with "dcdiag
    /s:DCName", thats correct.

    So running on the DC itself and from the client machine has different results,
    if i got you correct? Please post both output's here.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 9, 2009
    #4
  5. Tony B

    Tony B Guest

    All tests pass ok on the DC and on a machine that is on the domain.
    On the XP machine (which is a member of the domain) dcdiag /s:eek:rac
    /u:imageproc\admin /p:*
    produces (admin is an domain administrator account)
    .......
    Starting test: RidManager
    ......................... ORAC passed test RidManager
    Starting test: MachineAccount
    Could not get NetBIOSDomainName
    Failed can not test for HOST SPN
    Failed can not test for HOST SPN
    * Missing SPN :(null)
    * Missing SPN :(null)
    ......................... ORAC failed test MachineAccount
    Starting test: Services
    ......................... ORAC passed test Services
    .......

    On the DC I get
    Starting test: RidManager
    ......................... ORAC passed test RidManager
    Starting test: MachineAccount
    ......................... ORAC passed test MachineAccount
    Starting test: Services
    ......................... ORAC passed test Services

    Tony
     
    Tony B, Mar 10, 2009
    #5
  6. Hello Tony,

    The machineaccount test should be the same, if i test in my environment it
    is correct. Please post the unedited ipconfig /all from the DC and the client
    machine.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 10, 2009
    #6
  7. Tony B

    Tony B Guest

    Here is output on the domain machine
    ipconfig /all
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : tonyb-pc
    Primary Dns Suffix . . . . . . . :
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : imageproc.imageproc.com
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . : imageproc.imageproc.com
    Description . . . . . . . . . . . : NVIDIA nForce Networking
    Controller
    Physical Address. . . . . . . . . : 00-05-5D-06-DB-6A
    Dhcp Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    IP Address. . . . . . . . . . . . : 192.92.109.141
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.92.109.4
    DHCP Server . . . . . . . . . . . : 192.92.109.6
    DNS Servers . . . . . . . . . . . : 192.92.109.6
    Primary WINS Server . . . . . . . : 192.92.109.6
    Lease Obtained. . . . . . . . . . : 06 March 2009 13:19:30
    Lease Expires . . . . . . . . . . : 14 March 2009 13:19:30

    Here is output on the DC
    ipconfig /all
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : ORAC
    Primary Dns Suffix . . . . . . . : imageproc.imageproc.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : imageproc.imageproc.com
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-13-72-34-BF-A4
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.92.109.6
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.92.109.4
    DNS Servers . . . . . . . . . . . : 192.92.109.6
    Primary WINS Server . . . . . . . : 192.92.109.6

    Regards
    Tony
     
    Tony B, Mar 10, 2009
    #7
  8. Hello Tony,

    Your domain name is imageproc.imageproc.com? Is that listed in DNS and also
    as AD domain name when you have open AD UC?

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 10, 2009
    #8
  9. Tony B

    Tony B Guest

    Hi Meinolf,
    My domain is imageproc.imageproc.com. If I open AD management on the DC,
    this is the domain shown under AD UC, AD DT & AD SS.
    Also listed under DNS shown in the AD management view. If I open the DNS
    server or the DNS under AD management I have 2 foward lookup zones,
    imageproc.imageproc.com & _msdcs.imageproc.imageproc.com, and a reverse
    lookup zone 192.92.109.x which looks correct. The imageproc.imageproc.com
    forward zone shows all the computers in the domain, and the
    _msdcs.imageproc.imageproc.com shows values for dc/gc/domains/pdc tcp which
    seem to give _ldap info.
    If I open AD Management on another machine, it fails with message Naming
    information cannot be located because: The specified domain either does not
    exist or could not be contacted.....
    When it opens the AD UC and AD SS have red crosses, but the DNS section
    displays same info as on DC. If I right click AD UC "Connect to Domain" and
    browse for domains none are found. If I right click AD UC "Connect To Domain
    Controller" then no DC is listed but if I enter orac it connects ok and
    displays the computers/users in the domain.
    It seems that the domain and DC seem not to be visible to any of the AD
    management tools unless I tell them the DC is orac (except on the DC itself
    where it works ok) ?

    Regards
    Tony
     
    Tony B, Mar 10, 2009
    #9
  10. But I believe it is still for the purpose of testing the DC isn't it? I
    don't think it is for testing the Workstation. If you are wanting to
    troubleshoot the workstation then DCDiag would not be the right tool?

    --
    Phillip Windell
    www.wandtv.com

    The views expressed, are my own and not those of my employer, or Microsoft,
    or anyone else associated with me, including my cats.
    -----------------------------------------------------
     
    Phillip Windell, Mar 10, 2009
    #10
  11. Tony B

    Tony B Guest

    Which is what I'm trying to do. I can login to the domain from other
    machines but tools like gpedit and AD management cannot seem to find the
    domain or DC when run on any machines other than the DC.

    Tony
     
    Tony B, Mar 11, 2009
    #11
  12. Hello Tony,

    I will stick from now on to the posting in m.p.w.s.ad

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 11, 2009
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.