FRS and sysvol not sync'd

Discussion in 'Windows Server' started by stiitwok, May 12, 2006.

  1. stiitwok

    stiitwok Guest

    My environment is a little weird. Most of the infrastructure is on
    Linux/Unix platforms including DNS (BIND 8).
    :Digression
    The domain name for the Windows AD is the same as the hosted web
    services. This eliminates the possibility of non-srv aware clients
    resolving the domain name to a DC so we'll see things like non-srv aware
    clients not being able to find DFS roots. I'm mentioning this because I
    suspect that plays a small part in the weirdness we're experiencing with
    FRS sysvol replication. Particularly because we have two DCs for the
    root Domain in the forest that do not have identical sysvols,
    specifically the policies for GPOs. Timestamps are different, last
    modify dates are different. This is clearly seen when using the gpotool
    to view a comparison of the two DCs contents.
    :End Digression
    My question is, what is the best way to get these two sysvols to sync
    normally. Reg burflags and an ntfrs recovery seems to be in order but
    the event logs for ntfrs seem to indicate that everything is fine. That
    is, when replication happens (see caveat below).

    Bizarre things will happen such as Windows XP clients will have all of
    their software reinstalled via GPOs. Probably because the software
    installation extensions are seeing different timestamps on the GPOs and
    think they need to repair.

    One more caveat - one of the DCs every couple of days needs to be
    rebooted because lsass.exe is pegged. Non-paged memory is fine but the
    processor chokes. This causes RPC to become unavailable, then
    replication fails (obviously), clients begin to contact the other DC
    with the *different* GPO modify times in sysvol, and voila - clients
    reinstall their GPO software. Have you ever seen anything so screwed up
    in the history of man? I don't expect anyone to answer that.

    Aside from all of this mess, one would think that if ntfrs is reporting
    normal replication between two DC sysvols, and dcdiag is reporting no
    anomalies, and netdiag gives a green light, that the sysvols would be
    identical. Any clues? Where's that 'easy button' when you need it?
     
    stiitwok, May 12, 2006
    #1
    1. Advertisements

  2. stiitwok

    Don Wilwol Guest

    Are these 2000 or 2003 DC's
    How's your time synchronization?
    What does replmon say?
    What does replmon say when you force a replication.
    DCdiag and netdiag gives NO errors from either DC?

    You said - > The domain name for the Windows AD is the same as the hosted
    web
    huh!


    --
    --------
    Hope It Helps!

    dw
    _______________________________
    Don Wilwol
    Distributed Application Technologies.
    dwilwol(DELETE)@datbusiness.com
    www.AtTheDataCenter.com (personal website)
    www.skysphere.com (hosting available)
     
    Don Wilwol, May 13, 2006
    #2
    1. Advertisements

  3. stiitwok

    stiitwok Guest

    - They're 2003 SP1 DCs
    - Time sync is perfect
    - Replmon indicates all partions have replicated successfully and are
    current
    - Replmon states replication occurred and completed with no errors
    Netdiag reports no errors at all.

    DCDiag currently reports the following errors (see end of reply for full
    output

    Testing server: campus\DC3.mydomain.org
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Starting test: RidManager
    * Available RID Pool for the Domain is 9891 to 1073741823
    * dc3.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC3.mydomain.org failed test RidManager

    Starting test: MachineAccount
    Checking machine account for DC DC3.mydomain.org on DC
    DC3.mydomain.org.
    * The current DC is not in the domain controller's OU
    ......................... DC3.mydomain.org failed test
    MachineAccount

    Starting test: kccevent
    * The KCC Event log test
    An Warning Event occured. EventID: 0x80000438
    Time Generated: 05/15/2006 10:21:52
    (Event String could not be retrieved)
    ......................... DC3.mydomain.org failed test kccevent
    Error Source: Kerberos
    Error Code: 0xd KDC_ERR_BADOPTION
    Extended Error: 0xc00000bb KLIN(0)


    Testing server: campus\DC1.ECE-EDU.mydomain.org
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Starting test: RidManager
    * Available RID Pool for the Domain is 4103 to 1073741823
    * dc1.ece-edu.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC1.ECE-EDU.mydomain.org failed test
    RidManager

    Starting test: MachineAccount
    Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC
    DC1.ECE-EDU.mydomain.org.
    * The current DC is not in the domain controller's OU
    ......................... DC1.ECE-EDU.mydomain.org failed test
    MachineAccount

    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:04:45
    (Event String could not be retrieved)
    ......................... DC1.ECE-EDU.mydomain.org failed test
    systemlog
    Error Source: Kerberos
    Error Code: 0xd KDC_ERR_BADOPTION
    Extended Error: 0xc00000bb KLIN(0)



    Testing server: campus\DC4.ECE-EDU.mydomain.org
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Starting test: RidManager
    * Available RID Pool for the Domain is 4103 to 1073741823
    * dc1.ece-edu.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC4.ECE-EDU.mydomain.org failed test
    RidManager

    Starting test: MachineAccount
    Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC
    DC4.ECE-EDU.mydomain.org.
    * The current DC is not in the domain controller's OU
    ......................... DC4.ECE-EDU.mydomain.org failed test
    MachineAccount

    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:00:38
    (Event String could not be retrieved)
    ......................... DC4.ECE-EDU.mydomain.org failed test
    systemlog
    Error Source: Kerberos
    Error Code: 0xd KDC_ERR_BADOPTION
    Extended Error: 0xc00000bb KLIN(0)




    Testing server: campus\DC2.mydomain.org
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Test omitted by user request: OutboundSecureChannels
    Test omitted by user request: VerifyReplicas
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Starting test: RidManager
    * Available RID Pool for the Domain is 9891 to 1073741823
    * dc3.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC2.mydomain.org failed test RidManager

    Starting test: MachineAccount
    Checking machine account for DC DC2.mydomain.org on DC
    DC2.mydomain.org.
    ***Error: The server DC2.mydomain.org is missing its machine
    account.

    Try running with the /repairmachineaccount option.
    * The current DC is not in the domain controller's OU
    ......................... DC2.mydomain.org failed test
    MachineAccount

    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:02:51
    (Event String could not be retrieved)
    ......................... DC2.mydomain.org failed test systemlog



    Running enterprise tests on : mydomain.org

    Test omitted by user request: DNS
    Test omitted by user request: DNS

    Starting test: Intersite
    Skipping site campus, this site is outside the scope provided
    by the

    command line arguments provided.
    ......................... mydomain.org passed test Intersite
    Right - so this means that non-domain member systems (ones that don't
    look for srv dns records) must rely on a shot in the dark when it comes
    to resolving things like DFS roots. A client will attempt to contact
    the domain in the DFS UNC path (\\na.world.com\dfs_root for example) on
    the chance that a DC will respond and provide the proper reference from
    AD. Essentially the main domain entry in Windows DNS that you would
    typically see resolving to a domain controller (the pdc in most cases)
    does not behave this way in my environment. This entry resolves to the
    site's web server.

    I know it sounds pretty screwed up but this domain has been upgraded for
    years from the original NT4 domain and beyond. Most of the
    infrastructure is on Linux/Unix systems. To further complicate things,
    there is a kerberos realm infrastructure existing in parallel with the
    AD kerberos realm. And they both have the same name! Which is why I'm
    in the middle of migrating the domain to a child DNS zone with all of
    the trimmings - a full domain migration to a new domain name.
    Begin dcdiag /debug output
    ------------

    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine dc2, is a DC.
    * Connecting to directory service on server dc2.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 4 DC(s). Testing 4 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: campus\DC3.mydomain.org
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... DC3.mydomain.org passed test
    Connectivity

    Testing server: campus\DC1.ECE-EDU.mydomain.org
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... DC1.ECE-EDU.mydomain.org passed test
    Connectivity

    Testing server: campus\DC4.ECE-EDU.mydomain.org
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... DC4.ECE-EDU.mydomain.org passed test
    Connectivity

    Testing server: campus\DC2.mydomain.org
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... DC2.mydomain.org passed test
    Connectivity

    Doing primary tests

    Testing server: campus\DC3.mydomain.org
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    Latency information for 2 entries in the vector were
    ignored.
    2 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    * Replication Site Latency Check
    ......................... DC3.mydomain.org passed test
    Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC DC3.mydomain.org.
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    * Security Permissions Check for
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    ......................... DC3.mydomain.org passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\DC3.mydomain.org\netlogon
    Verified share \\DC3.mydomain.org\sysvol
    ......................... DC3.mydomain.org passed test NetLogons
    Starting test: Advertising
    The DC DC3.mydomain.org is advertising itself as a DC and
    having a DS.
    The DC DC3.mydomain.org is advertising as an LDAP server
    The DC DC3.mydomain.org is advertising as having a writeable
    directory
    The DC DC3.mydomain.org is advertising as a Key Distribution
    Center
    The DC DC3.mydomain.org is advertising as a time server
    The DS DC3.mydomain.org is advertising as a GC.
    ......................... DC3.mydomain.org passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Domain Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role PDC Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Rid Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    ......................... DC3.mydomain.org passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 9891 to 1073741823
    * dc3.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC3.mydomain.org failed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC DC3.mydomain.org on DC
    DC3.mydomain.org.
    * The current DC is not in the domain controller's OU
    * SPN found :LDAP/dc3.mydomain.org/mydomain.org
    * SPN found :LDAP/dc3.mydomain.org
    * SPN found :LDAP/DC3.mydomain.org
    * SPN found :LDAP/dc3.mydomain.org/ECE
    * SPN found
    :LDAP/a7d794c9-f558-4df6-87c0-1229e5c56cc8._msdcs.mydomain.org
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/a7d794c9-f558-4df6-87c0-1229e5c56cc8/mydomain.org
    * SPN found :HOST/dc3.mydomain.org/mydomain.org
    * SPN found :HOST/dc3.mydomain.org
    * SPN found :HOST/DC3.mydomain.org
    * SPN found :HOST/dc3.mydomain.org/ECE
    * SPN found :GC/dc3.mydomain.org/mydomain.org
    ......................... DC3.mydomain.org failed test
    MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC3.mydomain.org passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    DC3.mydomain.org is in domain DC=ece,DC=cmu,DC=edu
    Checking for CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu
    in domain DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    ......................... DC3.mydomain.org passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC3.mydomain.org passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... DC3.mydomain.org passed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last
    15 minutes.
    ......................... DC3.mydomain.org passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:07:35
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:22:43
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:37:44
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:52:46
    (Event String could not be retrieved)
    ......................... DC3.mydomain.org failed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=DC3,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on


    CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece,DC=cmu,DC=edu

    and backlink on CN=DC3,OU=Domain
    Controllers,DC=ece,DC=cmu,DC=edu are

    correct.
    The system object reference (serverReferenceBL)

    CN=DC3,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    ......................... DC3.mydomain.org passed test
    VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Testing server: campus\DC1.ECE-EDU.mydomain.org
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ece,DC=cmu,DC=edu
    Latency information for 6 entries in the vector were
    ignored.
    5 were retired Invocations. 1 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    * Replication Site Latency Check
    ......................... DC1.ECE-EDU.mydomain.org passed test
    Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC
    DC1.ECE-EDU.mydomain.org.
    * Security Permissions Check for
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    ......................... DC1.ECE-EDU.mydomain.org passed test
    NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\DC1.ECE-EDU.mydomain.org\netlogon
    Verified share \\DC1.ECE-EDU.mydomain.org\sysvol
    ......................... DC1.ECE-EDU.mydomain.org passed test
    NetLogons
    Starting test: Advertising
    The DC DC1.ECE-EDU.mydomain.org is advertising itself as a DC
    and having a DS.
    The DC DC1.ECE-EDU.mydomain.org is advertising as an LDAP server
    The DC DC1.ECE-EDU.mydomain.org is advertising as having a
    writeable directory
    The DC DC1.ECE-EDU.mydomain.org is advertising as a Key
    Distribution Center
    The DC DC1.ECE-EDU.mydomain.org is advertising as a time server
    The DS DC1.ECE-EDU.mydomain.org is advertising as a GC.
    ......................... DC1.ECE-EDU.mydomain.org passed test
    Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Domain Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role PDC Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Rid Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    ......................... DC1.ECE-EDU.mydomain.org passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 4103 to 1073741823
    * dc1.ece-edu.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC1.ECE-EDU.mydomain.org failed test
    RidManager
    Starting test: MachineAccount
    Checking machine account for DC DC1.ECE-EDU.mydomain.org on DC
    DC1.ECE-EDU.mydomain.org.
    * The current DC is not in the domain controller's OU
    * SPN found :LDAP/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org
    * SPN found :LDAP/dc1.ece-edu.mydomain.org
    * SPN found :LDAP/DC1.ECE-EDU.mydomain.org
    * SPN found :LDAP/dc1.ece-edu.mydomain.org/ECE-EDU
    * SPN found
    :LDAP/e85eca0a-8d03-4cbe-a880-68a77931606e._msdcs.mydomain.org
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e85eca0a-8d03-4cbe-a880-68a77931606e/ece-edu.mydomain.org
    * SPN found :HOST/dc1.ece-edu.mydomain.org/ece-edu.mydomain.org
    * SPN found :HOST/dc1.ece-edu.mydomain.org
    * SPN found :HOST/DC1.ECE-EDU.mydomain.org
    * SPN found :HOST/dc1.ece-edu.mydomain.org/ECE-EDU
    * SPN found :GC/dc1.ece-edu.mydomain.org/mydomain.org
    ......................... DC1.ECE-EDU.mydomain.org failed test
    MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC1.ECE-EDU.mydomain.org passed test
    Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    DC1.ECE-EDU.mydomain.org is in domain
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    Checking for CN=DC1,OU=Domain
    Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain
    DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    ......................... DC1.ECE-EDU.mydomain.org passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC1.ECE-EDU.mydomain.org passed test
    frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... DC1.ECE-EDU.mydomain.org passed test
    frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last
    15 minutes.
    ......................... DC1.ECE-EDU.mydomain.org passed test
    kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:04:45
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:19:45
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:34:46
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:49:46
    (Event String could not be retrieved)
    ......................... DC1.ECE-EDU.mydomain.org failed test
    systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and

    backlink on


    CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=DC1,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are

    correct.
    The system object reference (serverReferenceBL)

    CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    ......................... DC1.ECE-EDU.mydomain.org passed test
    VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Testing server: campus\DC4.ECE-EDU.mydomain.org
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ece,DC=cmu,DC=edu
    Latency information for 6 entries in the vector were
    ignored.
    5 were retired Invocations. 1 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    * Replication Site Latency Check
    ......................... DC4.ECE-EDU.mydomain.org passed test
    Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC
    DC4.ECE-EDU.mydomain.org.
    * Security Permissions Check for
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    ......................... DC4.ECE-EDU.mydomain.org passed test
    NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\DC4.ECE-EDU.mydomain.org\netlogon
    Verified share \\DC4.ECE-EDU.mydomain.org\sysvol
    ......................... DC4.ECE-EDU.mydomain.org passed test
    NetLogons
    Starting test: Advertising
    The DC DC4.ECE-EDU.mydomain.org is advertising itself as a DC
    and having a DS.
    The DC DC4.ECE-EDU.mydomain.org is advertising as an LDAP server
    The DC DC4.ECE-EDU.mydomain.org is advertising as having a
    writeable directory
    The DC DC4.ECE-EDU.mydomain.org is advertising as a Key
    Distribution Center
    The DC DC4.ECE-EDU.mydomain.org is advertising as a time server
    The DS DC4.ECE-EDU.mydomain.org is advertising as a GC.
    ......................... DC4.ECE-EDU.mydomain.org passed test
    Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Domain Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role PDC Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Rid Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    ......................... DC4.ECE-EDU.mydomain.org passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 4103 to 1073741823
    * dc1.ece-edu.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC4.ECE-EDU.mydomain.org failed test
    RidManager
    Starting test: MachineAccount
    Checking machine account for DC DC4.ECE-EDU.mydomain.org on DC
    DC4.ECE-EDU.mydomain.org.
    * The current DC is not in the domain controller's OU
    * SPN found :LDAP/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org
    * SPN found :LDAP/dc4.ece-edu.mydomain.org
    * SPN found :LDAP/DC4.ECE-EDU.mydomain.org
    * SPN found :LDAP/dc4.ece-edu.mydomain.org/ECE-EDU
    * SPN found
    :LDAP/500f9c2c-5994-4da6-a2ce-07a009a23870._msdcs.mydomain.org
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/500f9c2c-5994-4da6-a2ce-07a009a23870/ece-edu.mydomain.org
    * SPN found :HOST/dc4.ece-edu.mydomain.org/ece-edu.mydomain.org
    * SPN found :HOST/dc4.ece-edu.mydomain.org
    * SPN found :HOST/DC4.ECE-EDU.mydomain.org
    * SPN found :HOST/dc4.ece-edu.mydomain.org/ECE-EDU
    * SPN found :GC/dc4.ece-edu.mydomain.org/mydomain.org
    ......................... DC4.ECE-EDU.mydomain.org failed test
    MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC4.ECE-EDU.mydomain.org passed test
    Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    DC4.ECE-EDU.mydomain.org is in domain
    DC=ece-edu,DC=ece,DC=cmu,DC=edu
    Checking for CN=DC4,OU=Domain
    Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu in domain
    DC=ece-edu,DC=ece,DC=cmu,DC=edu on 3 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    ......................... DC4.ECE-EDU.mydomain.org passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC4.ECE-EDU.mydomain.org passed test
    frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... DC4.ECE-EDU.mydomain.org passed test
    frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last
    15 minutes.
    ......................... DC4.ECE-EDU.mydomain.org passed test
    kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:00:38
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:15:38
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:30:39
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:45:39
    (Event String could not be retrieved)
    ......................... DC4.ECE-EDU.mydomain.org failed test
    systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu and

    backlink on


    CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=DC4,OU=Domain Controllers,DC=ece-edu,DC=ece,DC=cmu,DC=edu are

    correct.
    The system object reference (serverReferenceBL)

    CN=DC4,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece-edu,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=NTDS
    Settings,CN=DC4.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    ......................... DC4.ECE-EDU.mydomain.org passed test
    VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Testing server: campus\DC2.mydomain.org
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    DC=ece,DC=cmu,DC=edu
    Latency information for 5 entries in the vector were
    ignored.
    5 were retired Invocations. 0 were either: read-only
    replicas and are not verifiably latent, or dc's no longer replicating
    this nc. 0 had no latency information (Win2K DC).
    * Replication Site Latency Check
    ......................... DC2.mydomain.org passed test
    Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions check for all NC's on DC DC2.mydomain.org.
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=ece,DC=cmu,DC=edu
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=ece,DC=cmu,DC=edu
    (Domain,Version 2)
    ......................... DC2.mydomain.org passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    Verified share \\DC2.mydomain.org\netlogon
    Verified share \\DC2.mydomain.org\sysvol
    ......................... DC2.mydomain.org passed test NetLogons
    Starting test: Advertising
    The DC DC2.mydomain.org is advertising itself as a DC and
    having a DS.
    The DC DC2.mydomain.org is advertising as an LDAP server
    The DC DC2.mydomain.org is advertising as having a writeable
    directory
    The DC DC2.mydomain.org is advertising as a Key Distribution
    Center
    The DC DC2.mydomain.org is advertising as a time server
    ......................... DC2.mydomain.org passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Domain Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role PDC Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Rid Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    ......................... DC2.mydomain.org passed test
    KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 9891 to 1073741823
    * dc3.mydomain.org is the RID Master
    * DsBind with RID Master was successful
    Failed with 8481: The search failed to retrieve attributes
    from the database.
    Could not get Rid set Reference :failed with 8481: The search
    failed to retrieve attributes from the database.
    ......................... DC2.mydomain.org failed test RidManager
    Starting test: MachineAccount
    Checking machine account for DC DC2.mydomain.org on DC
    DC2.mydomain.org.
    ***Error: The server DC2.mydomain.org is missing its machine
    account.

    Try running with the /repairmachineaccount option.
    * The current DC is not in the domain controller's OU
    * SPN found :LDAP/dc2.mydomain.org/mydomain.org
    * SPN found :LDAP/dc2.mydomain.org
    * SPN found :LDAP/DC2.mydomain.org
    * SPN found :LDAP/dc2.mydomain.org/ECE
    * SPN found
    :LDAP/b4483822-0d6a-4821-af5f-7f2a15534c6b._msdcs.mydomain.org
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/b4483822-0d6a-4821-af5f-7f2a15534c6b/mydomain.org
    * SPN found :HOST/dc2.mydomain.org/mydomain.org
    * SPN found :HOST/dc2.mydomain.org
    * SPN found :HOST/DC2.mydomain.org
    * SPN found :HOST/dc2.mydomain.org/ECE
    * SPN found :GC/dc2.mydomain.org/mydomain.org
    ......................... DC2.mydomain.org failed test
    MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... DC2.mydomain.org passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    DC2.mydomain.org is in domain DC=ece,DC=cmu,DC=edu
    Checking for CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu
    in domain DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu
    in domain CN=Configuration,DC=ece,DC=cmu,DC=edu on 4 servers
    Object is up-to-date on all servers.
    ......................... DC2.mydomain.org passed test
    ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... DC2.mydomain.org passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    ......................... DC2.mydomain.org passed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last
    15 minutes.
    ......................... DC2.mydomain.org passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:02:51
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x0000165B
    Time Generated: 05/16/2006 08:12:06
    Event String: The session setup from computer 'RIESLING' failed

    because the security database does not contain a

    trust account 'RIESLING$' referenced by the

    specified computer.



    USER ACTION

    If this is the first occurrence of this event for

    the specified computer and account, this may be a

    transient issue that doesn't require any action

    at this time. Otherwise, the following steps may

    be taken to resolve this problem:



    If 'RIESLING$' is a legitimate machine account

    for the computer 'RIESLING', then 'RIESLING'

    should be rejoined to the domain.



    If 'RIESLING$' is a legitimate interdomain trust

    account, then the trust should be recreated.



    Otherwise, assuming that 'RIESLING$' is not a

    legitimate account, the following action should

    be taken on 'RIESLING':



    If 'RIESLING' is a Domain Controller, then the

    trust associated with 'RIESLING$' should be

    deleted.



    If 'RIESLING' is not a Domain Controller, it

    should be disjoined from the domain.
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:17:52
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:32:55
    (Event String could not be retrieved)
    An Error Event occured. EventID: 0x80000003
    Time Generated: 05/16/2006 08:47:58
    (Event String could not be retrieved)
    ......................... DC2.mydomain.org failed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=DC2,OU=Domain Controllers,DC=ece,DC=cmu,DC=edu and backlink on


    CN=DC2.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece,DC=cmu,DC=edu

    and backlink on CN=DC2,OU=Domain
    Controllers,DC=ece,DC=cmu,DC=edu are

    correct.
    The system object reference (serverReferenceBL)

    CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=ece,DC=cmu,DC=edu

    and backlink on

    CN=NTDS
    Settings,CN=DC2.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=ece,DC=cmu,DC=edu

    are correct.
    ......................... DC2.mydomain.org passed test
    VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences
    Test omitted by user request: CheckSecurityError

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : ece
    Starting test: CrossRefValidation
    ......................... ece passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ece passed test CheckSDRefDom

    Running partition tests on : ece-edu
    Starting test: CrossRefValidation
    ......................... ece-edu passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ece-edu passed test CheckSDRefDom

    Running enterprise tests on : mydomain.org
    Starting test: Intersite
    Skipping site campus, this site is outside the scope provided
    by the

    command line arguments provided.
    ......................... mydomain.org passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\dc4.ece-edu.mydomain.org
    Locator Flags: 0xe00001fc
    PDC Name: \\dc3.mydomain.org
    Locator Flags: 0xe00003fd
    Time Server Name: \\dc2.mydomain.org
    Locator Flags: 0xe00003f8
    Preferred Time Server Name: \\dc2.mydomain.org
    Locator Flags: 0xe00003f8
    KDC Name: \\dc2.mydomain.org
    Locator Flags: 0xe00003f8
    ......................... mydomain.org passed test FsmoCheck
    Test omitted by user request: DNS
    Test omitted by user request: DNS
     
    stiitwok, May 16, 2006
    #3
  4. stiitwok

    Don Wilwol Guest

    run ntdsutil and verify the fsmo rolls in both mydomain.org and
    ECE-EDU.mydomain.org. Then verify DNS is working between the domains. Make
    sure all DNS zones are replicated throughout all DNS servers. Let us know
    what you find.

    --
    --------
    Hope It Helps!

    dw
    _______________________________
    Don Wilwol
    Distributed Application Technologies.
    dwilwol(DELETE)@datbusiness.com
    www.AtTheDataCenter.com (personal website)
    www.skysphere.com (hosting available)
     
    Don Wilwol, May 16, 2006
    #4
  5. stiitwok

    stiitwok Guest

    netdiag finds that all dns data for both zones is consistent. Both
    zones are housed in the same server pairs.

    Here's what ntdsutil returns

    select operation target: list roles for connected server
    Server "dc2.mydomain.org" knows about 5 roles
    Schema - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Domain - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    PDC - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    RID - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Infrastructure - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org

    Server "dc3.mydomain.org" knows about 5 roles
    Schema - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Domain - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    PDC - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    RID - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Infrastructure - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org

    Server "dc1.ece-edu.mydomain.org" knows about 5 roles
    Schema - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Domain - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    PDC - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    RID - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Infrastructure - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org

    Server "dc4.ece-edu.mydomain.org" knows about 5 roles
    Schema - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Domain - CN=NTDS
    Settings,CN=DC3.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    PDC - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    RID - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Infrastructure - CN=NTDS
    Settings,CN=DC1.ECE-EDU.mydomain.org,CN=Servers,CN=campus,CN=Sites,CN=Configuration,DC=mydomain,DC=org
     
    stiitwok, May 17, 2006
    #5
  6. stiitwok

    stiitwok Guest

    Part of the problem was that one DC's sysvol junction points were
    missing. Regardless, the target of the juntion points were not sync'd.
    I still haven't figured out why replication was failing between the
    systems. I performed a non-authoritative restore for the ill DC and
    replication has been fully restored. Perhaps a journal wrap occured
    when the rpc/lsass issue arose? I've increase the NTFS journal size on
    all DC's to avoid that problem again just in case servers go down. This
    is just another problem in a long line from this hand-me-down domain.
    When the rebuilds and domain migration occur, all DC's will have their
    sysvols on a separate partition with no other services hosted from that
    volume.
     
    stiitwok, May 25, 2006
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.