FSMO schema, naming, infrastructure, PDC, RID show ERROR instead of DC name ?

Discussion in 'Windows Server' started by scott, Sep 12, 2005.

  1. scott

    scott Guest

    sorry to post again but this problem seems to be getting worse.

    I have 2 servers:
    dserver (windows 2000 DC with AD)
    bserver (2003 member server)

    1. i ran adprep forrestprep + domainprep on dserver
    2. i ran dcpromo on bserver selecting additional dc option
    3. changed FSMO roles schema, naming, infrastructure, PDC, RID to bserver
    4. changed global cat to bserver
    5. installed DNS and on bserver and made sure its DNS settings looked at
    itself

    after all this and when dserver (old dc) was powered down users could not
    authenticate (although net access was ok). i discovered that sysvol did not
    create on new DC and netlogon was missing.

    next i noticed that FSMO roles schema, naming, infrastructure, PDC, RID
    showed ERROR where they previsuly showed BSERVER.

    At this stage i dont know where to go ? i understand i can use "ntdsutil"
    to seize roles but currently BSERVER should be the holder of all 5 at the
    moment so why seize for itelf. Initially all 5 roles showed BSERVER for a
    day !

    For example: When attempting to use ntdsutil to transfer schema master all
    seems to go through ok. However after rebooting server the SCHEMA master
    still shows error instead of bserver.

    Can anyone help clear this up ?

    (im pretty sure the new DC was brought online following the book step by
    step, cant understand what has gone wrong).

    Thanks for any help
    Scott
     
    scott, Sep 12, 2005
    #1
    1. Advertisements

  2. scott

    scott Guest

    I should probably mention also that when using GUI to examing any of the 5
    roles they all show ERROR instead of BSERVER (as shown before). In addition
    it also says "The current operations master is offline. The role cannot be
    transfered"
     
    scott, Sep 12, 2005
    #2
    1. Advertisements

  3. scott

    scott Guest

    dxdiag /v shows bserver holding all roles. mind you , looks like dserver
    still holds global catalog.



    -------------------------------------------------------------
    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine bserver, is a DC.
    * Connecting to directory service on server bserver.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\BSERVER
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... BSERVER passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\BSERVER
    Starting test: Replications
    * Replications Check
    * Replication Latency Check
    * Replication Site Latency Check
    ......................... BSERVER passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    DC=ForestDnsZones,DC=domain,DC=com
    (NDNC,Version 2)
    * Security Permissions Check for
    DC=DomainDnsZones,DC=domain,DC=com
    (NDNC,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=domain,DC=com
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=domain,DC=com
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=domain,DC=com
    (Domain,Version 2)
    ......................... BSERVER passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... BSERVER passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\dserver.domain.COM,
    when we were trying to reach BSERVER.
    Server is not responding or is not considered suitable.
    The DC BSERVER is advertising itself as a DC and having a DS.
    The DC BSERVER is advertising as an LDAP server
    The DC BSERVER is advertising as having a writeable directory
    The DC BSERVER is advertising as a Key Distribution Center
    The DC BSERVER is advertising as a time server
    The DS BSERVER is advertising as a GC.
    ......................... BSERVER failed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Domain Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role PDC Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Rid Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    ......................... BSERVER passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 2101 to 1073741823
    * bserver.domain.COM is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1601 to 2100
    * rIDPreviousAllocationPool is 1601 to 2100
    * rIDNextRID: 1601
    ......................... BSERVER passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/bserver.domain.COM/domain.com
    * SPN found :LDAP/bserver.domain.COM
    * SPN found :LDAP/BSERVER
    * SPN found :LDAP/bserver.domain.COM/domain
    * SPN found
    :LDAP/41a036d2-d434-4d3d-aa0b-3fb95a176fd4._msdcs.domain.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/41a036d2-d434-4d3d-aa0b-3fb95a176fd4/domain.com
    * SPN found :HOST/bserver.domain.COM/domain.com
    * SPN found :HOST/bserver.domain.COM
    * SPN found :HOST/BSERVER
    * SPN found :HOST/bserver.domain.COM/domain
    * SPN found :GC/bserver.domain.COM/domain.com
    ......................... BSERVER passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: Idomainerv
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... BSERVER passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    BSERVER is in domain DC=domain,DC=com
    Checking for CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com in
    domain DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    in domain CN=Configuration,DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    ......................... BSERVER passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    The registry lookup failed to determine the state of the SYSVOL.
    The

    error returned was 0 (The operation completed successfully.).
    Check

    the FRS event log to see if the SYSVOL has successfully been
    shared.
    ......................... BSERVER passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after
    the

    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause

    Group Policy problems.
    An Warning Event occured. EventID: 0x800034FE
    Time Generated: 09/12/2005 11:47:08
    Event String: File Replication Service is scanning the data in

    the system volume. Computer BSERVER cannot become

    a domain controller until this process is

    complete. The system volume will then be shared

    as SYSVOL.



    To check for the SYSVOL share, at the command

    prompt, type:

    net share



    When File Replication Service completes the

    scanning process, the SYSVOL share will appear.



    The initialization of the system volume can take

    some time. The time is dependent on the amount of

    data in the system volume.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 09/12/2005 11:48:52
    Event String: The File Replication Service is having trouble

    enabling replication from \\dserver.domain.COM to

    BSERVER for c:\windows\sysvol\domain using the

    DNS name \\dserver.domain.COM. FRS will keep

    retrying.

    Following are some of the reasons you would see

    this warning.



    [1] FRS can not correctly resolve the DNS name

    \\dserver.domain.COM from this computer.

    [2] FRS is not running on \\dserver.domain.COM.

    [3] The topology information in the Active

    Directory for this replica has not yet replicated

    to all the Domain Controllers.



    This event log message will appear once per

    connection, After the problem is fixed you will

    see another event log message indicating that the

    connection has been established.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 09/12/2005 11:56:53
    Event String: The File Replication Service is having trouble

    enabling replication from DSERVER to BSERVER for

    c:\windows\sysvol\domain using the DNS name

    dserver.domain.COM. FRS will keep retrying.

    Following are some of the reasons you would see

    this warning.



    [1] FRS can not correctly resolve the DNS name

    dserver.domain.COM from this computer.

    [2] FRS is not running on dserver.domain.COM.

    [3] The topology information in the Active

    Directory for this replica has not yet replicated

    to all the Domain Controllers.



    This event log message will appear once per

    connection, After the problem is fixed you will

    see another event log message indicating that the

    connection has been established.
    ......................... BSERVER failed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15
    minutes.
    ......................... BSERVER passed test kccevent
    Starting test: systemlog
    * The System Event log test
    Found no errors in System Event log in the last 60 minutes.
    ......................... BSERVER passed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com and backlink on

    CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=BSERVER,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=domain,DC=com

    and backlink on CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com
    are

    correct.
    The system object reference (serverReferenceBL)

    CN=BSERVER,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=domain,DC=com

    and backlink on

    CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

    are correct.
    ......................... BSERVER passed test VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : domain
    Starting test: CrossRefValidation
    ......................... domain passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... domain passed test CheckSDRefDom

    Running enterprise tests on : domain.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the
    scope

    provided by the command line arguments provided.
    ......................... domain.com passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\dserver.domain.COM
    Locator Flags: 0xe00001fc
    PDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Time Server Name: \\dserver.domain.COM
    Locator Flags: 0xe00001fc
    Preferred Time Server Name: \\dserver.domain.COM
    Locator Flags: 0xe00001fc
    KDC Name: \\dserver.domain.COM
    Locator Flags: 0xe00001fc
    ......................... domain.com passed test FsmoCheck
     
    scott, Sep 12, 2005
    #3
  4. scott

    scott Guest

    after a restart of BSERRVER im now getting this (note dserver is
    available).


    Starting test: FsmoCheck
    Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
    A Global Catalog Server could not be located - All GC's are down.
    PDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Time Server Name: \\dserver.domain.COM
    Locator Flags: 0xe00001f8
    Preferred Time Server Name: \\dserver.domain.COM
    Locator Flags: 0xe00001f8
    KDC Name: \\dserver.domain.COM
    Locator Flags: 0xe00001f8
    ......................... SMS.com failed test FsmoCheck



    did a search on this error Warning: DcGetDcName(GC_SERVER_REQUIRED)
    call failed, error 1355
    A Global Catalog Server could not be located - All GC's are down.
    and found thus article

    http://support.microsoft.com/default.aspx?scid=kb;en-us;q316790

    which im about to try.
     
    scott, Sep 12, 2005
    #4
  5. scott

    scott Guest

    that seemed to help.

    Starting test: FsmoCheck
    GC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    PDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    KDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    ......................... domain.com passed test FsmoCheck
     
    scott, Sep 12, 2005
    #5
  6. scott

    scott Guest

    all roles now look at bserver and DCDIAG looks ok (unless anyone tells me
    different). SYSLOGON scripts and NETLOGON stil not available hoever and i
    have not drive switching off dserver (old dc) yet.


    Domain Controller Diagnosis

    Performing initial setup:
    * Verifying that the local machine bserver, is a DC.
    * Connecting to directory service on server bserver.
    * Collecting site info.
    * Identifying all servers.
    * Identifying all NC cross-refs.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\BSERVER
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... BSERVER passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\BSERVER
    Starting test: Replications
    * Replications Check
    [Replications Check,BSERVER] A recent replication attempt failed:
    From DSERVER to BSERVER
    Naming Context: CN=Schema,CN=Configuration,DC=domain,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup
    failure.
    The failure occurred at 2005-09-12 14:14:30.
    The last success occurred at 2005-09-12 13:54:15.
    1 failures have occurred since the last success.
    The guid-based DNS name
    d01b35d9-1284-4cb0-9cd8-ae9d5c7bb186._msdcs.domain.com
    is not registered on one or more DNS servers.
    [Replications Check,BSERVER] A recent replication attempt failed:
    From DSERVER to BSERVER
    Naming Context: CN=Configuration,DC=domain,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup
    failure.
    The failure occurred at 2005-09-12 14:14:30.
    The last success occurred at 2005-09-12 13:54:14.
    1 failures have occurred since the last success.
    The guid-based DNS name
    d01b35d9-1284-4cb0-9cd8-ae9d5c7bb186._msdcs.domain.com
    is not registered on one or more DNS servers.
    [Replications Check,BSERVER] A recent replication attempt failed:
    From DSERVER to BSERVER
    Naming Context: DC=domain,DC=com
    The replication generated an error (8524):
    The DSA operation is unable to proceed because of a DNS lookup
    failure.
    The failure occurred at 2005-09-12 14:14:30.
    The last success occurred at 2005-09-12 13:54:14.
    1 failures have occurred since the last success.
    The guid-based DNS name
    d01b35d9-1284-4cb0-9cd8-ae9d5c7bb186._msdcs.domain.com
    is not registered on one or more DNS servers.
    * Replication Latency Check
    * Replication Site Latency Check
    ......................... BSERVER passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    DC=ForestDnsZones,DC=domain,DC=com
    (NDNC,Version 2)
    * Security Permissions Check for
    DC=DomainDnsZones,DC=domain,DC=com
    (NDNC,Version 2)
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=domain,DC=com
    (Schema,Version 2)
    * Security Permissions Check for
    CN=Configuration,DC=domain,DC=com
    (Configuration,Version 2)
    * Security Permissions Check for
    DC=domain,DC=com
    (Domain,Version 2)
    ......................... BSERVER passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... BSERVER passed test NetLogons
    Starting test: Advertising
    The DC BSERVER is advertising itself as a DC and having a DS.
    The DC BSERVER is advertising as an LDAP server
    The DC BSERVER is advertising as having a writeable directory
    The DC BSERVER is advertising as a Key Distribution Center
    The DC BSERVER is advertising as a time server
    The DS BSERVER is advertising as a GC.
    ......................... BSERVER passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Domain Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role PDC Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Rid Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    ......................... BSERVER passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 2101 to 1073741823
    * bserver.domain.COM is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1601 to 2100
    * rIDPreviousAllocationPool is 1601 to 2100
    * rIDNextRID: 1601
    ......................... BSERVER passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/bserver.domain.COM/domain.com
    * SPN found :LDAP/bserver.domain.COM
    * SPN found :LDAP/BSERVER
    * SPN found :LDAP/bserver.domain.COM/domain
    * SPN found
    :LDAP/41a036d2-d434-4d3d-aa0b-3fb95a176fd4._msdcs.domain.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/41a036d2-d434-4d3d-aa0b-3fb95a176fd4/domain.com
    * SPN found :HOST/bserver.domain.COM/domain.com
    * SPN found :HOST/bserver.domain.COM
    * SPN found :HOST/BSERVER
    * SPN found :HOST/bserver.domain.COM/domain
    * SPN found :GC/bserver.domain.COM/domain.com
    ......................... BSERVER passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: Idomainerv
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: w32time
    * Checking Service: NETLOGON
    ......................... BSERVER passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    BSERVER is in domain DC=domain,DC=com
    Checking for CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com in
    domain DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    in domain CN=Configuration,DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    ......................... BSERVER passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service SYSVOL ready test
    File Replication Service's SYSVOL is ready
    ......................... BSERVER passed test frssysvol
    Starting test: frsevent
    * The File Replication Service Event log test
    There are warning or error events within the last 24 hours after
    the

    SYSVOL has been shared. Failing SYSVOL replication problems may
    cause

    Group Policy problems.
    An Warning Event occured. EventID: 0x800034C4
    Time Generated: 09/12/2005 14:36:31
    Event String: The File Replication Service is having trouble

    enabling replication from DSERVER to BSERVER for

    c:\windows\sysvol\domain using the DNS name

    dserver.domain.COM. FRS will keep retrying.

    Following are some of the reasons you would see

    this warning.



    [1] FRS can not correctly resolve the DNS name

    dserver.domain.COM from this computer.

    [2] FRS is not running on dserver.domain.COM.

    [3] The topology information in the Active

    Directory for this replica has not yet replicated

    to all the Domain Controllers.



    This event log message will appear once per

    connection, After the problem is fixed you will

    see another event log message indicating that the

    connection has been established.
    ......................... BSERVER failed test frsevent
    Starting test: kccevent
    * The KCC Event log test
    An Error Event occured. EventID: 0xC0000466
    Time Generated: 09/12/2005 14:29:01
    Event String: Active Directory was unable to establish a

    connection with the global catalog.



    Additional Data

    Error value:

    1355

    The specified domain either does not exist or could not be contacted.



    Internal ID:

    3200caf



    User Action:

    Make sure a global catalog is available in the

    forest, and is reachable from this domain

    controller. You may use the nltest utility to

    diagnose this problem.
    ......................... BSERVER failed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0x0000164A
    Time Generated: 09/12/2005 14:34:51
    Event String: The Netlogon service could not create server

    share C:\WINDOWS\SYSVOL\sysvol\domain.COM\SCRIPTS.

    The following error occurred:

    %%2
    ......................... BSERVER failed test systemlog
    Test omitted by user request: VerifyReplicas
    Starting test: VerifyReferences
    The system object reference (serverReference)

    CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com and backlink on

    CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

    are correct.
    The system object reference (frsComputerReferenceBL)

    CN=BSERVER,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=domain,DC=com

    and backlink on CN=BSERVER,OU=Domain Controllers,DC=domain,DC=com
    are

    correct.
    The system object reference (serverReferenceBL)

    CN=BSERVER,CN=Domain System Volume (SYSVOL share),CN=File
    Replication Service,CN=System,DC=domain,DC=com

    and backlink on

    CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com

    are correct.
    ......................... BSERVER passed test VerifyReferences
    Test omitted by user request: VerifyEnterpriseReferences

    Running partition tests on : ForestDnsZones
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom

    Running partition tests on : DomainDnsZones
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom

    Running partition tests on : Schema
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom

    Running partition tests on : Configuration
    Starting test: CrossRefValidation
    ......................... Configuration passed test
    CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom

    Running partition tests on : domain
    Starting test: CrossRefValidation
    ......................... domain passed test CrossRefValidation
    Starting test: CheckSDRefDom
    ......................... domain passed test CheckSDRefDom

    Running enterprise tests on : domain.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the
    scope

    provided by the command line arguments provided.
    ......................... domain.com passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    PDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    KDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    ......................... domain.com passed test FsmoCheck
     
    scott, Sep 12, 2005
    #6
  7. scott

    scott Guest

    ok. dcdiag on dserver seems to report all 5 roles on BSERVER which is nice.
    although this is a worry.


    The DC DSERVER is advertising itself as a DC and having a DS.
    The DC DSERVER is advertising as an LDAP server
    The DC DSERVER is advertising as having a writeable directory
    The DC DSERVER is advertising as a Key Distribution Center
    The DC DSERVER is advertising as a time server






    DC Diagnosis

    Performing initial setup:
    * Verifing that the local machine dserver, is a DC.
    * Connecting to directory service on server dserver.
    * Collecting site info.
    * Identifying all servers.
    * Found 2 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial non skippeable tests

    Testing server: Default-First-Site-Name\DSERVER
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... DSERVER passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\DSERVER
    Starting test: Replications
    * Replications Check
    ......................... DSERVER passed test Replications
    Test omitted by user request: Topology
    Test omitted by user request: CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=domain,DC=com
    * Security Permissions Check for
    CN=Configuration,DC=domain,DC=com
    * Security Permissions Check for
    DC=domain,DC=com
    ......................... DSERVER passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... DSERVER passed test NetLogons
    Starting test: Advertising
    Warning: DsGetDcName returned information for \\bserver.domain.COM,
    when we were trying to reach DSERVER.
    Server is not responding or is not considered suitable.
    The DC DSERVER is advertising itself as a DC and having a DS.
    The DC DSERVER is advertising as an LDAP server
    The DC DSERVER is advertising as having a writeable directory
    The DC DSERVER is advertising as a Key Distribution Center
    The DC DSERVER is advertising as a time server
    ......................... DSERVER failed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Domain Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role PDC Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Rid Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    Role Infrastructure Update Owner = CN=NTDS
    Settings,CN=BSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    ......................... DSERVER passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 2101 to 1073741823
    * (null) is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1101 to 1600
    * rIDNextRID: 1185
    * rIDPreviousAllocationPool is 1101 to 1600
    ......................... DSERVER passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/dserver.domain.COM/domain.com
    * SPN found :LDAP/dserver.domain.COM
    * SPN found :LDAP/DSERVER
    * SPN found :LDAP/dserver.domain.COM/domain
    * SPN found
    :LDAP/d01b35d9-1284-4cb0-9cd8-ae9d5c7bb186._msdcs.domain.com
    * SPN found
    :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d01b35d9-1284-4cb0-9cd8-ae9d5c7bb186/domain.com
    * SPN found :HOST/dserver.domain.COM/domain.com
    * SPN found :HOST/dserver.domain.COM
    * SPN found :HOST/DSERVER
    * SPN found :HOST/dserver.domain.COM/domain
    * SPN found :GC/dserver.domain.COM/domain.com
    ......................... DSERVER passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: Idomainerv
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: RPCLOCATOR
    * Checking Service: w32time
    * Checking Service: TrkWks
    * Checking Service: TrkSvr
    * Checking Service: NETLOGON
    ......................... DSERVER passed test Services
    Test omitted by user request: OutboundSecureChannels
    Starting test: ObjectsReplicated
    DSERVER is in domain DC=domain,DC=com
    Checking for CN=DSERVER,OU=Domain Controllers,DC=domain,DC=com in
    domain DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS
    Settings,CN=DSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
    in domain CN=Configuration,DC=domain,DC=com on 1 servers
    Object is up-to-date on all servers.
    ......................... DSERVER passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service Event log test
    Error: No record of File Replication System, SYSVOL started.
    The Active Directory may be prevented from starting.
    There are errors after the SYSVOL has been shared.
    The SYSVOL can prevent the AD from starting.
    An Warning Event occured. EventID: 0x800034FD
    Time Generated: 09/12/2005 14:34:51
    Event String: File Replication Service is initializing the

    system volume with data from another domain

    controller. Computer DSERVER cannot become a

    domain controller until this process is complete.

    The system volume will then be shared as SYSVOL.



    To check for the SYSVOL share, at the command

    prompt, type:

    net share



    When File Replication Service completes the

    initialization process, the SYSVOL share will

    appear.



    The initialization of the system volume can take

    some time. The time is dependent on the amount of

    data in the system volume, the availability of

    other domain controllers, and the replication

    interval between domain controllers.
    An Warning Event occured. EventID: 0x800034D0
    Time Generated: 09/12/2005 14:34:51
    Event String: The File Replication Service moved the

    preexisting files in c:\winnt\sysvol\domain to

    c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.





    The File Replication Service may delete the files

    in

    c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog

    at any time. Files can be saved from deletion by

    copying them out of

    c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.

    Copying the files into c:\winnt\sysvol\domain

    may lead to name conflicts if the files already

    exist on some other replicating partner.



    In some cases, the File Replication Service may

    copy a file from

    c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog

    into c:\winnt\sysvol\domain instead of

    replicating the file from some other replicating

    partner.



    Space can be recovered at any time by deleting

    the files in

    c:\winnt\sysvol\domain\NtFrs_PreExisting___See_EventLog.


    ......................... DSERVER passed test frssysvol
    Starting test: kccevent
    * The KCC Event log test
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 09/12/2005 14:40:56
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 09/12/2005 14:40:56
    (Event String could not be retrieved)
    An Warning Event occured. EventID: 0x800004F1
    Time Generated: 09/12/2005 14:40:56
    (Event String could not be retrieved)
    ......................... DSERVER failed test kccevent
    Starting test: systemlog
    * The System Event log test
    Found no errors in System Event log in the last 60 minutes.
    ......................... DSERVER passed test systemlog

    Running enterprise tests on : domain.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the
    scope

    provided by the command line arguments provided.
    ......................... domain.com passed test Intersite
    Starting test: FsmoCheck
    Warning: Couldn't verify this server as a GC in this servers AD.
    GC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Warning: Couldn't verify this server as a PDC using DsListRoles()
    PDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    Preferred Time Server Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    KDC Name: \\bserver.domain.COM
    Locator Flags: 0xe00003fd
    ......................... domain.com passed test FsmoCheck
     
    scott, Sep 12, 2005
    #7
  8. scott

    scott Guest

    PROBLEMS

    when rebooting a clinet and entering "echo %logonserver%" i still get
    dserver.

    dcdiag on dserver still gives me this (although i have not demoted it yet so
    maybe this is normal)
    The DC DSERVER is advertising itself as a DC and having a DS.
    The DC DSERVER is advertising as an LDAP server
    The DC DSERVER is advertising as having a writeable directory
    The DC DSERVER is advertising as a Key Distribution Center
    The DC DSERVER is advertising as a time server

    netlogon and sysvol still not replicated on new dc.

    Thanks for any advice
    Scott
     
    scott, Sep 12, 2005
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.