Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 I recently added a new dc that is also the new global catalog server. I was unable to demote the old dc using the dcpromo. I have 2 main problems: 1. Clients are not using the new active directory server, for example i am unable to share documents, cannot add users because I cannot find the ad when trying to change permissions, etc. 2. Clients are also not using the new dns server (which is also the new dc/global catalog server) to access the internet. I know this because everytime I unplug the old dc from the network no one is able to access the internet and they all have the new dns server added to their nic settings as the primary dns server. All addresses are static so there is no dhcp server. Also the dcdiag and netdiag has a bunch of errors: DCDiag Errors Below: Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. ......................... ilcuboard.local failed test FsmoCheck ===================================================== ===================================================== My Net Diag Errors are Below: Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag ......................................... Computer Name: DBSERVER2 DNS Host Name: dbserver2.ilcuboard.local System info : Microsoft Windows Server 2003 R2 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB909520 KB921503 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB928090-IE7 KB929123 KB929969 KB930178 KB931768-IE7 KB931784 KB931836 KB932168 KB933360 KB933566-IE7 KB933729 KB933854 KB935839 KB935840 KB935966 KB936021 KB936357 KB936782 KB937143-IE7 KB938127-IE7 KB939653-IE7 KB941202 KB941568 KB941569 KB941644 KB941672 KB941693 KB942615-IE7 KB942763 KB942830 KB942831 KB943055 KB943460 KB943485 KB943729 KB944533-IE7 KB944653 KB945553 KB946026 KB947864-IE7 KB948496 KB948590 KB948745 KB948881 KB949014 KB950759-IE7 KB950760 KB950762 KB951698 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection 3 Netcard queries test . . . : Passed Host Name. . . . . . . . . : dbserver2 IP Address . . . . . . . . : 192.168.100.94 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.94 Secondary WINS Server. . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Failed [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC. NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed [WARNING] Cannot find a primary authoritative DNS server for the name 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] The name 'dbserver2.ilcuboard.local.' may not be registered in DNS. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication. PASS - All the DNS entries for DC are registered on DNS server '192.168.100. 94' and other DCs also have some of the names registered. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.100.77, ERROR_TIMEOUT. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Failed [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. [ERROR_NO_SUCH_DOMAIN] DC list test . . . . . . . . . . . : Failed 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped]. Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Skipped 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped]. LDAP test. . . . . . . . . . . . . : Failed Cannot find DC to run LDAP tests on. The error occurred was: The specified d omain either does not exist or could not be contacted. [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. [ERROR_NO_SUCH_DOMAIN] Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Documents and Settings\Administrator.CUB_DOMAIN> My plan of action is to do a dcpromo /forceremoval first on the old server in directory services restore mode (because I cant boot into windows normally) and then Ill perform a ntdsutil metadata cleanup on the new server I believe this will resolve my problem but I am not totally sure and would like feedback if anyone has any suggestions. Also I did transfer all the roles to the new server and this is a single domain network with 3 dcs we needed backups thats why i have 3 dcs for a really small network of 30 users/computers. Is there any thing I should do different or should I just build a whole new forest which I dont really want to do. Thanks for any help and suggestions.
Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 RE: DNS/Active Directory Issue Repost of dcdiag C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\DBSERVER2 Starting test: Connectivity The host 530aa149-6851-4f9e-a02b-40cacc83ef67._msdcs.ilcuboard.local co uld not be resolved to an IP address. Check the DNS server, DHCP, server name, etc Although the Guid DNS name (530aa149-6851-4f9e-a02b-40cacc83ef67._msdcs.ilcuboard.local) couldn't be resolved, the server name (dbserver2.ilcuboard.local) resolved to the IP address (192.168.100.94) and was pingable. Check that the IP address is registered correctly with the DNS server. ......................... DBSERVER2 failed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\DBSERVER2 Skipping all tests, because server DBSERVER2 is not responding to directory service requests Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 A Global Catalog Server could not be located - All GC's are down. Warning: DcGetDcName(TIME_SERVER) call failed, error 1355 A Time Server could not be located. The server holding the PDC role is down. Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 135 5 A Good Time Server could not be located. Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355 A KDC could not be located - All the KDCs are down. ......................... ilcuboard.local failed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> "Lem@community.nospam" wrote: > I recently added a new dc that is also the new global catalog server. I was > unable to demote the old dc using the dcpromo. > > I have 2 main problems: > > 1. Clients are not using the new active directory server, for example i am > unable to share documents, cannot add users because I cannot find the ad when > trying to change permissions, etc. > > 2. Clients are also not using the new dns server (which is also the new > dc/global catalog server) to access the internet. I know this because > everytime I unplug the old dc from the network no one is able to access the > internet and they all have the new dns server added to their nic settings as > the primary dns server. > > All addresses are static so there is no dhcp server. Also the dcdiag and > netdiag has a bunch of errors: > > DCDiag Errors Below: > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : ilcuboard > Starting test: CrossRefValidation > ......................... ilcuboard passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ilcuboard passed test CheckSDRefDom > > Running enterprise tests on : ilcuboard.local > Starting test: Intersite > ......................... ilcuboard.local passed test Intersite > Starting test: FsmoCheck > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355 > A Global Catalog Server could not be located - All GC's are down. > ......................... ilcuboard.local failed test FsmoCheck > > > ===================================================== > ===================================================== > > My Net Diag Errors are Below: > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > > ........................................ > > Computer Name: DBSERVER2 > DNS Host Name: dbserver2.ilcuboard.local > System info : Microsoft Windows Server 2003 R2 (Build 3790) > Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > List of installed hotfixes : > KB909520 > KB921503 > KB925398_WMP64 > KB925876 > KB925902 > KB926122 > KB927891 > KB928090-IE7 > KB929123 > KB929969 > KB930178 > KB931768-IE7 > KB931784 > KB931836 > KB932168 > KB933360 > KB933566-IE7 > KB933729 > KB933854 > KB935839 > KB935840 > KB935966 > KB936021 > KB936357 > KB936782 > KB937143-IE7 > KB938127-IE7 > KB939653-IE7 > KB941202 > KB941568 > KB941569 > KB941644 > KB941672 > KB941693 > KB942615-IE7 > KB942763 > KB942830 > KB942831 > KB943055 > KB943460 > KB943485 > KB943729 > KB944533-IE7 > KB944653 > KB945553 > KB946026 > KB947864-IE7 > KB948496 > KB948590 > KB948745 > KB948881 > KB949014 > KB950759-IE7 > KB950760 > KB950762 > KB951698 > Q147222 > > > Netcard queries test . . . . . . . : Passed > > > > Per interface results: > > Adapter : Local Area Connection 3 > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : dbserver2 > IP Address . . . . . . . . : 192.168.100.94 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.100.1 > Primary WINS Server. . . . : 192.168.100.94 > Secondary WINS Server. . . : 192.168.100.87 > Dns Servers. . . . . . . . : 192.168.100.87 > 192.168.100.94 > 192.168.100.77 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > > WINS service test. . . . . : Passed > > > Global results: > > > Domain membership test . . . . . . : Failed > [WARNING] Ths system volume has not been completely replicated to the > local > machine. This machine is not working properly as a DC. > > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > 1 NetBt transport currently configured. > > > Autonet address test . . . . . . . : Passed > > > IP loopback ping test. . . . . . . : Passed > > > Default gateway test . . . . . . . : Passed > > > NetBT name test. . . . . . . . . . : Passed > > > Winsock test . . . . . . . . . . . : Passed > > > DNS test . . . . . . . . . . . . . : Passed > [WARNING] Cannot find a primary authoritative DNS server for the > name > 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] > The name 'dbserver2.ilcuboard.local.' may not be registered in > DNS. > [WARNING] The DNS entries for this DC are not registered correctly on > DNS se > rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication. > PASS - All the DNS entries for DC are registered on DNS server > '192.168.100. > 94' and other DCs also have some of the names registered. > [WARNING] The DNS entries for this DC cannot be verified right now on > DNS > server 192.168.100.77, ERROR_TIMEOUT. > > > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > The browser is bound to 1 NetBt transport. > > > DC discovery test. . . . . . . . . : Failed > [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. [ERROR_NO_SUCH_DOMAIN] > > > DC list test . . . . . . . . . . . : Failed > 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped]. > > > Trust relationship test. . . . . . : Skipped > > > Kerberos test. . . . . . . . . . . : Skipped > 'CUB_DOMAIN': Cannot find DC to get DC list from [test skipped]. > > > LDAP test. . . . . . . . . . . . . : Failed > Cannot find DC to run LDAP tests on. The error occurred was: The > specified d > omain either does not exist or could not be contacted. > > [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. > [ERROR_NO_SUCH_DOMAIN] > > > Bindings test. . . . . . . . . . . : Passed > > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > > > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Skipped > > Note: run "netsh ipsec dynamic show /?" for more detailed information > > > The command completed successfully > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > My plan of action is to do a dcpromo /forceremoval first on the old server > in directory services restore mode (because I cant boot into windows normally) > > and then Ill perform a ntdsutil metadata cleanup on the new server > > I believe this will resolve my problem but I am not totally sure and would > like feedback if anyone has any suggestions. > > Also I did transfer all the roles to the new server and this is a single > domain network with 3 dcs we needed backups thats why i have 3 dcs for a > really small network of 30 users/computers. > > Is there any thing I should do different or should I just build a whole new > forest which I dont really want to do. > > Thanks for any help and suggestions. > >
Guest Meinolf Weber Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue Hello Lem@community.nospam, Just to get you correct, the old DC is still up and running? Or is it shutdown or disconnected? Please describe in detail about. Did you make the new server DNS server? Did you reconfigure the clients to use the new DNS server? Did you move/transfer the 5 FSMO roles to the new one? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > I recently added a new dc that is also the new global catalog server. > I was unable to demote the old dc using the dcpromo. > > I have 2 main problems: > > 1. Clients are not using the new active directory server, for example > i am unable to share documents, cannot add users because I cannot find > the ad when trying to change permissions, etc. > > 2. Clients are also not using the new dns server (which is also the > new dc/global catalog server) to access the internet. I know this > because everytime I unplug the old dc from the network no one is able > to access the internet and they all have the new dns server added to > their nic settings as the primary dns server. > > All addresses are static so there is no dhcp server. Also the dcdiag > and netdiag has a bunch of errors: > > DCDiag Errors Below: > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test > CheckSDRefDom > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test > CheckSDRefDom > Running partition tests on : ilcuboard > Starting test: CrossRefValidation > ......................... ilcuboard passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ilcuboard passed test CheckSDRefDom > Running enterprise tests on : ilcuboard.local > Starting test: Intersite > ......................... ilcuboard.local passed test > Intersite > Starting test: FsmoCheck > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > 1355 > A Global Catalog Server could not be located - All GC's are > down. > ......................... ilcuboard.local failed test > FsmoCheck > ===================================================== > ===================================================== > > My Net Diag Errors are Below: > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > > ........................................ > > Computer Name: DBSERVER2 > DNS Host Name: dbserver2.ilcuboard.local > System info : Microsoft Windows Server 2003 R2 (Build 3790) > Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > List of installed hotfixes : > KB909520 > KB921503 > KB925398_WMP64 > KB925876 > KB925902 > KB926122 > KB927891 > KB928090-IE7 > KB929123 > KB929969 > KB930178 > KB931768-IE7 > KB931784 > KB931836 > KB932168 > KB933360 > KB933566-IE7 > KB933729 > KB933854 > KB935839 > KB935840 > KB935966 > KB936021 > KB936357 > KB936782 > KB937143-IE7 > KB938127-IE7 > KB939653-IE7 > KB941202 > KB941568 > KB941569 > KB941644 > KB941672 > KB941693 > KB942615-IE7 > KB942763 > KB942830 > KB942831 > KB943055 > KB943460 > KB943485 > KB943729 > KB944533-IE7 > KB944653 > KB945553 > KB946026 > KB947864-IE7 > KB948496 > KB948590 > KB948745 > KB948881 > KB949014 > KB950759-IE7 > KB950760 > KB950762 > KB951698 > Q147222 > Netcard queries test . . . . . . . : Passed > > Per interface results: > > Adapter : Local Area Connection 3 > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : dbserver2 > IP Address . . . . . . . . : 192.168.100.94 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.100.1 > Primary WINS Server. . . . : 192.168.100.94 > Secondary WINS Server. . . : 192.168.100.87 > Dns Servers. . . . . . . . : 192.168.100.87 > 192.168.100.94 > 192.168.100.77 > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > > WINS service test. . . . . : Passed > > Global results: > > Domain membership test . . . . . . : Failed > [WARNING] Ths system volume has not been completely replicated to > the > local > machine. This machine is not working properly as a DC. > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > 1 NetBt transport currently configured. > Autonet address test . . . . . . . : Passed > > IP loopback ping test. . . . . . . : Passed > > Default gateway test . . . . . . . : Passed > > NetBT name test. . . . . . . . . . : Passed > > Winsock test . . . . . . . . . . . : Passed > > DNS test . . . . . . . . . . . . . : Passed > [WARNING] Cannot find a primary authoritative DNS server for > the > name > 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] > The name 'dbserver2.ilcuboard.local.' may not be > registered in > DNS. > [WARNING] The DNS entries for this DC are not registered correctly > on > DNS se > rver '192.168.100.87'. Please wait for 30 minutes for DNS server > replication. > PASS - All the DNS entries for DC are registered on DNS server > '192.168.100. > 94' and other DCs also have some of the names registered. > [WARNING] The DNS entries for this DC cannot be verified right > now on > DNS > server 192.168.100.77, ERROR_TIMEOUT. > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > The redir is bound to 1 NetBt transport. > List of NetBt transports currently bound to the browser > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > The browser is bound to 1 NetBt transport. > DC discovery test. . . . . . . . . : Failed > [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. > [ERROR_NO_SUCH_DOMAIN] > DC list test . . . . . . . . . . . : Failed > 'CUB_DOMAIN': Cannot find DC to get DC list from [test > skipped]. > Trust relationship test. . . . . . : Skipped > > Kerberos test. . . . . . . . . . . : Skipped > 'CUB_DOMAIN': Cannot find DC to get DC list from [test > skipped]. > LDAP test. . . . . . . . . . . . . : Failed > Cannot find DC to run LDAP tests on. The error occurred was: The > specified d > omain either does not exist or could not be contacted. > > [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. > [ERROR_NO_SUCH_DOMAIN] > > Bindings test. . . . . . . . . . . : Passed > > WAN configuration test . . . . . . : Skipped > No active remote access connections. > Modem diagnostics test . . . . . . : Passed > > IP Security test . . . . . . . . . : Skipped > > Note: run "netsh ipsec dynamic show /?" for more detailed > information > > The command completed successfully > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > My plan of action is to do a dcpromo /forceremoval first on the old > server in directory services restore mode (because I cant boot into > windows normally) > > and then Ill perform a ntdsutil metadata cleanup on the new server > > I believe this will resolve my problem but I am not totally sure and > would like feedback if anyone has any suggestions. > > Also I did transfer all the roles to the new server and this is a > single domain network with 3 dcs we needed backups thats why i have 3 > dcs for a really small network of 30 users/computers. > > Is there any thing I should do different or should I just build a > whole new forest which I dont really want to do. > > Thanks for any help and suggestions. >
Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue Hi Meinolf Weber, Yes I did make the new server the new main dns server as well. I also configured the clients to use the new server as their dns servers (added the new server as the Primary DNS server in their NIC settings). I also transferred all 5 of the FSMO roles including global catalog to the new server. The old dc server is still connected to the network. The old dc server has not been demoted because it will not boot normally it gets stuck at active directory is rebuilding indicies and then an error comes up which I listed below: lssas.exe - system error Security Accounts Manager initialization failed because of the following error: Directory Service cannot start. Error Status: 0x00002e1 Also the old dc server is still connected because it is the only way right now to give users access to the internet. Thanks for your replies. Please let me know if their is any other info I need to provide. "Meinolf Weber" wrote: > Hello Lem@community.nospam, > > Just to get you correct, the old DC is still up and running? Or is it shutdown > or disconnected? Please describe in detail about. > > Did you make the new server DNS server? > > Did you reconfigure the clients to use the new DNS server? > > Did you move/transfer the 5 FSMO roles to the new one? > > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > I recently added a new dc that is also the new global catalog server. > > I was unable to demote the old dc using the dcpromo. > > > > I have 2 main problems: > > > > 1. Clients are not using the new active directory server, for example > > i am unable to share documents, cannot add users because I cannot find > > the ad when trying to change permissions, etc. > > > > 2. Clients are also not using the new dns server (which is also the > > new dc/global catalog server) to access the internet. I know this > > because everytime I unplug the old dc from the network no one is able > > to access the internet and they all have the new dns server added to > > their nic settings as the primary dns server. > > > > All addresses are static so there is no dhcp server. Also the dcdiag > > and netdiag has a bunch of errors: > > > > DCDiag Errors Below: > > > > Running partition tests on : DomainDnsZones > > Starting test: CrossRefValidation > > ......................... DomainDnsZones passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... DomainDnsZones passed test > > CheckSDRefDom > > Running partition tests on : Schema > > Starting test: CrossRefValidation > > ......................... Schema passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > > Starting test: CrossRefValidation > > ......................... Configuration passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... Configuration passed test > > CheckSDRefDom > > Running partition tests on : ilcuboard > > Starting test: CrossRefValidation > > ......................... ilcuboard passed test > > CrossRefValidation > > Starting test: CheckSDRefDom > > ......................... ilcuboard passed test CheckSDRefDom > > Running enterprise tests on : ilcuboard.local > > Starting test: Intersite > > ......................... ilcuboard.local passed test > > Intersite > > Starting test: FsmoCheck > > Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > > 1355 > > A Global Catalog Server could not be located - All GC's are > > down. > > ......................... ilcuboard.local failed test > > FsmoCheck > > ===================================================== > > ===================================================== > > > > My Net Diag Errors are Below: > > > > Microsoft Windows [Version 5.2.3790] > > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > > > > ........................................ > > > > Computer Name: DBSERVER2 > > DNS Host Name: dbserver2.ilcuboard.local > > System info : Microsoft Windows Server 2003 R2 (Build 3790) > > Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > > List of installed hotfixes : > > KB909520 > > KB921503 > > KB925398_WMP64 > > KB925876 > > KB925902 > > KB926122 > > KB927891 > > KB928090-IE7 > > KB929123 > > KB929969 > > KB930178 > > KB931768-IE7 > > KB931784 > > KB931836 > > KB932168 > > KB933360 > > KB933566-IE7 > > KB933729 > > KB933854 > > KB935839 > > KB935840 > > KB935966 > > KB936021 > > KB936357 > > KB936782 > > KB937143-IE7 > > KB938127-IE7 > > KB939653-IE7 > > KB941202 > > KB941568 > > KB941569 > > KB941644 > > KB941672 > > KB941693 > > KB942615-IE7 > > KB942763 > > KB942830 > > KB942831 > > KB943055 > > KB943460 > > KB943485 > > KB943729 > > KB944533-IE7 > > KB944653 > > KB945553 > > KB946026 > > KB947864-IE7 > > KB948496 > > KB948590 > > KB948745 > > KB948881 > > KB949014 > > KB950759-IE7 > > KB950760 > > KB950762 > > KB951698 > > Q147222 > > Netcard queries test . . . . . . . : Passed > > > > Per interface results: > > > > Adapter : Local Area Connection 3 > > > > Netcard queries test . . . : Passed > > > > Host Name. . . . . . . . . : dbserver2 > > IP Address . . . . . . . . : 192.168.100.94 > > Subnet Mask. . . . . . . . : 255.255.255.0 > > Default Gateway. . . . . . : 192.168.100.1 > > Primary WINS Server. . . . : 192.168.100.94 > > Secondary WINS Server. . . : 192.168.100.87 > > Dns Servers. . . . . . . . : 192.168.100.87 > > 192.168.100.94 > > 192.168.100.77 > > AutoConfiguration results. . . . . . : Passed > > > > Default gateway test . . . : Passed > > > > NetBT name test. . . . . . : Passed > > > > WINS service test. . . . . : Passed > > > > Global results: > > > > Domain membership test . . . . . . : Failed > > [WARNING] Ths system volume has not been completely replicated to > > the > > local > > machine. This machine is not working properly as a DC. > > > > NetBT transports test. . . . . . . : Passed > > List of NetBt transports currently configured: > > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > > 1 NetBt transport currently configured. > > Autonet address test . . . . . . . : Passed > > > > IP loopback ping test. . . . . . . : Passed > > > > Default gateway test . . . . . . . : Passed > > > > NetBT name test. . . . . . . . . . : Passed > > > > Winsock test . . . . . . . . . . . : Passed > > > > DNS test . . . . . . . . . . . . . : Passed > > [WARNING] Cannot find a primary authoritative DNS server for > > the > > name > > 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] > > The name 'dbserver2.ilcuboard.local.' may not be > > registered in > > DNS. > > [WARNING] The DNS entries for this DC are not registered correctly > > on > > DNS se > > rver '192.168.100.87'. Please wait for 30 minutes for DNS server > > replication. > > PASS - All the DNS entries for DC are registered on DNS server > > '192.168.100. > > 94' and other DCs also have some of the names registered. > > [WARNING] The DNS entries for this DC cannot be verified right > > now on > > DNS > > server 192.168.100.77, ERROR_TIMEOUT. > > Redir and Browser test . . . . . . : Passed > > List of NetBt transports currently bound to the Redir > > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > > The redir is bound to 1 NetBt transport. > > List of NetBt transports currently bound to the browser > > NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > > The browser is bound to 1 NetBt transport. > > DC discovery test. . . . . . . . . : Failed > > [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. > > [ERROR_NO_SUCH_DOMAIN] > > DC list test . . . . . . . . . . . : Failed > > 'CUB_DOMAIN': Cannot find DC to get DC list from [test > > skipped]. > > Trust relationship test. . . . . . : Skipped > > > > Kerberos test. . . . . . . . . . . : Skipped > > 'CUB_DOMAIN': Cannot find DC to get DC list from [test > > skipped]. > > LDAP test. . . . . . . . . . . . . : Failed > > Cannot find DC to run LDAP tests on. The error occurred was: The > > specified d > > omain either does not exist or could not be contacted. > > > > [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. > > [ERROR_NO_SUCH_DOMAIN] > > > > Bindings test. . . . . . . . . . . : Passed > > > > WAN configuration test . . . . . . : Skipped > > No active remote access connections. > > Modem diagnostics test . . . . . . : Passed > > > > IP Security test . . . . . . . . . : Skipped > > > > Note: run "netsh ipsec dynamic show /?" for more detailed > > information > > > > The command completed successfully > > > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > > > My plan of action is to do a dcpromo /forceremoval first on the old > > server in directory services restore mode (because I cant boot into > > windows normally) > > > > and then Ill perform a ntdsutil metadata cleanup on the new server > > > > I believe this will resolve my problem but I am not totally sure and > > would like feedback if anyone has any suggestions. > > > > Also I did transfer all the roles to the new server and this is a > > single domain network with 3 dcs we needed backups thats why i have 3 > > dcs for a really small network of 30 users/computers. > > > > Is there any thing I should do different or should I just build a > > whole new forest which I dont really want to do. > > > > Thanks for any help and suggestions. > > > > >
Guest Meinolf Weber Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue Hello Lem@community.nospam, To get internet access for the users configure your ISP's DNS server under the server porperties in the DNS management console under the FORWARDERS TAB on the new server. Please post an unedited ipconfig /all from all DC/DNS servers. Do you use AD integrated zones? Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Hi Meinolf Weber, > > Yes I did make the new server the new main dns server as well. > > I also configured the clients to use the new server as their dns > servers (added the new server as the Primary DNS server in their NIC > settings). > > I also transferred all 5 of the FSMO roles including global catalog to > the new server. > > The old dc server is still connected to the network. > The old dc server has not been demoted because it will not boot > normally it > gets stuck at active directory is rebuilding indicies and then an > error comes > up which I listed below: > lssas.exe - system error Security Accounts Manager initialization > failed because of the following error: Directory Service cannot start. > Error Status: 0x00002e1 > > Also the old dc server is still connected because it is the only way > right now to give users access to the internet. > > Thanks for your replies. Please let me know if their is any other info > I need to provide. > > "Meinolf Weber" wrote: > >> Hello Lem@community.nospam, >> >> Just to get you correct, the old DC is still up and running? Or is it >> shutdown or disconnected? Please describe in detail about. >> >> Did you make the new server DNS server? >> >> Did you reconfigure the clients to use the new DNS server? >> >> Did you move/transfer the 5 FSMO roles to the new one? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> I recently added a new dc that is also the new global catalog >>> server. I was unable to demote the old dc using the dcpromo. >>> >>> I have 2 main problems: >>> >>> 1. Clients are not using the new active directory server, for >>> example i am unable to share documents, cannot add users because I >>> cannot find the ad when trying to change permissions, etc. >>> >>> 2. Clients are also not using the new dns server (which is also the >>> new dc/global catalog server) to access the internet. I know this >>> because everytime I unplug the old dc from the network no one is >>> able to access the internet and they all have the new dns server >>> added to their nic settings as the primary dns server. >>> >>> All addresses are static so there is no dhcp server. Also the dcdiag >>> and netdiag has a bunch of errors: >>> >>> DCDiag Errors Below: >>> >>> Running partition tests on : DomainDnsZones >>> Starting test: CrossRefValidation >>> ......................... DomainDnsZones passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... DomainDnsZones passed test >>> CheckSDRefDom >>> Running partition tests on : Schema >>> Starting test: CrossRefValidation >>> ......................... Schema passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Schema passed test CheckSDRefDom >>> Running partition tests on : Configuration >>> Starting test: CrossRefValidation >>> ......................... Configuration passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... Configuration passed test >>> CheckSDRefDom >>> Running partition tests on : ilcuboard >>> Starting test: CrossRefValidation >>> ......................... ilcuboard passed test >>> CrossRefValidation >>> Starting test: CheckSDRefDom >>> ......................... ilcuboard passed test CheckSDRefDom >>> Running enterprise tests on : ilcuboard.local >>> Starting test: Intersite >>> ......................... ilcuboard.local passed test >>> Intersite >>> Starting test: FsmoCheck >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>> 1355 >>> A Global Catalog Server could not be located - All GC's are >>> down. >>> ......................... ilcuboard.local failed test >>> FsmoCheck >>> ===================================================== >>> ===================================================== >>> My Net Diag Errors are Below: >>> >>> Microsoft Windows [Version 5.2.3790] >>> © Copyright 1985-2003 Microsoft Corp. >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag >>> ........................................ >>> >>> Computer Name: DBSERVER2 >>> DNS Host Name: dbserver2.ilcuboard.local >>> System info : Microsoft Windows Server 2003 R2 (Build 3790) >>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel >>> List of installed hotfixes : >>> KB909520 >>> KB921503 >>> KB925398_WMP64 >>> KB925876 >>> KB925902 >>> KB926122 >>> KB927891 >>> KB928090-IE7 >>> KB929123 >>> KB929969 >>> KB930178 >>> KB931768-IE7 >>> KB931784 >>> KB931836 >>> KB932168 >>> KB933360 >>> KB933566-IE7 >>> KB933729 >>> KB933854 >>> KB935839 >>> KB935840 >>> KB935966 >>> KB936021 >>> KB936357 >>> KB936782 >>> KB937143-IE7 >>> KB938127-IE7 >>> KB939653-IE7 >>> KB941202 >>> KB941568 >>> KB941569 >>> KB941644 >>> KB941672 >>> KB941693 >>> KB942615-IE7 >>> KB942763 >>> KB942830 >>> KB942831 >>> KB943055 >>> KB943460 >>> KB943485 >>> KB943729 >>> KB944533-IE7 >>> KB944653 >>> KB945553 >>> KB946026 >>> KB947864-IE7 >>> KB948496 >>> KB948590 >>> KB948745 >>> KB948881 >>> KB949014 >>> KB950759-IE7 >>> KB950760 >>> KB950762 >>> KB951698 >>> Q147222 >>> Netcard queries test . . . . . . . : Passed >>> Per interface results: >>> >>> Adapter : Local Area Connection 3 >>> >>> Netcard queries test . . . : Passed >>> >>> Host Name. . . . . . . . . : dbserver2 >>> IP Address . . . . . . . . : 192.168.100.94 >>> Subnet Mask. . . . . . . . : 255.255.255.0 >>> Default Gateway. . . . . . : 192.168.100.1 >>> Primary WINS Server. . . . : 192.168.100.94 >>> Secondary WINS Server. . . : 192.168.100.87 >>> Dns Servers. . . . . . . . : 192.168.100.87 >>> 192.168.100.94 >>> 192.168.100.77 >>> AutoConfiguration results. . . . . . : Passed >>> Default gateway test . . . : Passed >>> >>> NetBT name test. . . . . . : Passed >>> >>> WINS service test. . . . . : Passed >>> >>> Global results: >>> >>> Domain membership test . . . . . . : Failed >>> [WARNING] Ths system volume has not been completely replicated to >>> the >>> local >>> machine. This machine is not working properly as a DC. >>> NetBT transports test. . . . . . . : Passed >>> List of NetBt transports currently configured: >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>> 1 NetBt transport currently configured. >>> Autonet address test . . . . . . . : Passed >>> IP loopback ping test. . . . . . . : Passed >>> >>> Default gateway test . . . . . . . : Passed >>> >>> NetBT name test. . . . . . . . . . : Passed >>> >>> Winsock test . . . . . . . . . . . : Passed >>> >>> DNS test . . . . . . . . . . . . . : Passed >>> [WARNING] Cannot find a primary authoritative DNS server for >>> the >>> name >>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] >>> The name 'dbserver2.ilcuboard.local.' may not be >>> registered in >>> DNS. >>> [WARNING] The DNS entries for this DC are not registered correctly >>> on >>> DNS se >>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server >>> replication. >>> PASS - All the DNS entries for DC are registered on DNS server >>> '192.168.100. >>> 94' and other DCs also have some of the names registered. >>> [WARNING] The DNS entries for this DC cannot be verified right >>> now on >>> DNS >>> server 192.168.100.77, ERROR_TIMEOUT. >>> Redir and Browser test . . . . . . : Passed >>> List of NetBt transports currently bound to the Redir >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>> The redir is bound to 1 NetBt transport. >>> List of NetBt transports currently bound to the browser >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>> The browser is bound to 1 NetBt transport. >>> DC discovery test. . . . . . . . . : Failed >>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. >>> [ERROR_NO_SUCH_DOMAIN] >>> DC list test . . . . . . . . . . . : Failed >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test >>> skipped]. >>> Trust relationship test. . . . . . : Skipped >>> Kerberos test. . . . . . . . . . . : Skipped >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test >>> skipped]. >>> LDAP test. . . . . . . . . . . . . : Failed >>> Cannot find DC to run LDAP tests on. The error occurred was: The >>> specified d >>> omain either does not exist or could not be contacted. >>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. >>> [ERROR_NO_SUCH_DOMAIN] >>> Bindings test. . . . . . . . . . . : Passed >>> >>> WAN configuration test . . . . . . : Skipped >>> No active remote access connections. >>> Modem diagnostics test . . . . . . : Passed >>> IP Security test . . . . . . . . . : Skipped >>> >>> Note: run "netsh ipsec dynamic show /?" for more detailed >>> information >>> >>> The command completed successfully >>> >>> C:\Documents and Settings\Administrator.CUB_DOMAIN> >>> >>> My plan of action is to do a dcpromo /forceremoval first on the old >>> server in directory services restore mode (because I cant boot into >>> windows normally) >>> >>> and then Ill perform a ntdsutil metadata cleanup on the new server >>> >>> I believe this will resolve my problem but I am not totally sure and >>> would like feedback if anyone has any suggestions. >>> >>> Also I did transfer all the roles to the new server and this is a >>> single domain network with 3 dcs we needed backups thats why i have >>> 3 dcs for a really small network of 30 users/computers. >>> >>> Is there any thing I should do different or should I just build a >>> whole new forest which I dont really want to do. >>> >>> Thanks for any help and suggestions. >>>
Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue Yes the isp's dns server is listed under forwarders here is the ipconfig/all from the new dc Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all Windows IP Configuration Host Name . . . . . . . . . . . . : dbserver2 Primary Dns Suffix . . . . . . . : ilcuboard.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ilcuboard.local Ethernet adapter Local Area Connection 3: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-14-22-76-40-3B DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.100.94 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.100.1 DNS Servers . . . . . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 Primary WINS Server . . . . . . . : 192.168.100.94 Secondary WINS Server . . . . . . : 192.168.100.87 C:\Documents and Settings\Administrator.CUB_DOMAIN> the old dc which is running in directory services restore mode (safe mode) ipconfig/all Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all Windows IP Configuration Host Name . . . . . . . . . . . . : netserver1 Primary Dns Suffix . . . . . . . : cubnet.com Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cubnet.com Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection # 2 Physical Address. . . . . . . . . : 00-11-43-EE-19-A2 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Autoconfiguration IP Address. . . : 169.254.185.58 Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DNS Servers . . . . . . . . . . . : 192.168.100.87 192.168.100.94 Primary WINS Server . . . . . . . : 192.168.100.87 Secondary WINS Server . . . . . . : 192.168.100.94 NetBIOS over Tcpip. . . . . . . . : Disabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-11-43-EE-19-A1 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.100.87 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.100.1 DNS Servers . . . . . . . . . . . : 192.168.100.87 192.168.100.94 Primary WINS Server . . . . . . . : 192.168.100.87 Secondary WINS Server . . . . . . : 192.168.100.94 C:\Documents and Settings\Administrator.CUB_DOMAIN> "Meinolf Weber" wrote: > Hello Lem@community.nospam, > > To get internet access for the users configure your ISP's DNS server under > the server porperties in the DNS management console under the FORWARDERS > TAB on the new server. > > Please post an unedited ipconfig /all from all DC/DNS servers. Do you use > AD integrated zones? > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > Hi Meinolf Weber, > > > > Yes I did make the new server the new main dns server as well. > > > > I also configured the clients to use the new server as their dns > > servers (added the new server as the Primary DNS server in their NIC > > settings). > > > > I also transferred all 5 of the FSMO roles including global catalog to > > the new server. > > > > The old dc server is still connected to the network. > > The old dc server has not been demoted because it will not boot > > normally it > > gets stuck at active directory is rebuilding indicies and then an > > error comes > > up which I listed below: > > lssas.exe - system error Security Accounts Manager initialization > > failed because of the following error: Directory Service cannot start. > > Error Status: 0x00002e1 > > > > Also the old dc server is still connected because it is the only way > > right now to give users access to the internet. > > > > Thanks for your replies. Please let me know if their is any other info > > I need to provide. > > > > "Meinolf Weber" wrote: > > > >> Hello Lem@community.nospam, > >> > >> Just to get you correct, the old DC is still up and running? Or is it > >> shutdown or disconnected? Please describe in detail about. > >> > >> Did you make the new server DNS server? > >> > >> Did you reconfigure the clients to use the new DNS server? > >> > >> Did you move/transfer the 5 FSMO roles to the new one? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> I recently added a new dc that is also the new global catalog > >>> server. I was unable to demote the old dc using the dcpromo. > >>> > >>> I have 2 main problems: > >>> > >>> 1. Clients are not using the new active directory server, for > >>> example i am unable to share documents, cannot add users because I > >>> cannot find the ad when trying to change permissions, etc. > >>> > >>> 2. Clients are also not using the new dns server (which is also the > >>> new dc/global catalog server) to access the internet. I know this > >>> because everytime I unplug the old dc from the network no one is > >>> able to access the internet and they all have the new dns server > >>> added to their nic settings as the primary dns server. > >>> > >>> All addresses are static so there is no dhcp server. Also the dcdiag > >>> and netdiag has a bunch of errors: > >>> > >>> DCDiag Errors Below: > >>> > >>> Running partition tests on : DomainDnsZones > >>> Starting test: CrossRefValidation > >>> ......................... DomainDnsZones passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... DomainDnsZones passed test > >>> CheckSDRefDom > >>> Running partition tests on : Schema > >>> Starting test: CrossRefValidation > >>> ......................... Schema passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Schema passed test CheckSDRefDom > >>> Running partition tests on : Configuration > >>> Starting test: CrossRefValidation > >>> ......................... Configuration passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... Configuration passed test > >>> CheckSDRefDom > >>> Running partition tests on : ilcuboard > >>> Starting test: CrossRefValidation > >>> ......................... ilcuboard passed test > >>> CrossRefValidation > >>> Starting test: CheckSDRefDom > >>> ......................... ilcuboard passed test CheckSDRefDom > >>> Running enterprise tests on : ilcuboard.local > >>> Starting test: Intersite > >>> ......................... ilcuboard.local passed test > >>> Intersite > >>> Starting test: FsmoCheck > >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > >>> 1355 > >>> A Global Catalog Server could not be located - All GC's are > >>> down. > >>> ......................... ilcuboard.local failed test > >>> FsmoCheck > >>> ===================================================== > >>> ===================================================== > >>> My Net Diag Errors are Below: > >>> > >>> Microsoft Windows [Version 5.2.3790] > >>> © Copyright 1985-2003 Microsoft Corp. > >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > >>> ........................................ > >>> > >>> Computer Name: DBSERVER2 > >>> DNS Host Name: dbserver2.ilcuboard.local > >>> System info : Microsoft Windows Server 2003 R2 (Build 3790) > >>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > >>> List of installed hotfixes : > >>> KB909520 > >>> KB921503 > >>> KB925398_WMP64 > >>> KB925876 > >>> KB925902 > >>> KB926122 > >>> KB927891 > >>> KB928090-IE7 > >>> KB929123 > >>> KB929969 > >>> KB930178 > >>> KB931768-IE7 > >>> KB931784 > >>> KB931836 > >>> KB932168 > >>> KB933360 > >>> KB933566-IE7 > >>> KB933729 > >>> KB933854 > >>> KB935839 > >>> KB935840 > >>> KB935966 > >>> KB936021 > >>> KB936357 > >>> KB936782 > >>> KB937143-IE7 > >>> KB938127-IE7 > >>> KB939653-IE7 > >>> KB941202 > >>> KB941568 > >>> KB941569 > >>> KB941644 > >>> KB941672 > >>> KB941693 > >>> KB942615-IE7 > >>> KB942763 > >>> KB942830 > >>> KB942831 > >>> KB943055 > >>> KB943460 > >>> KB943485 > >>> KB943729 > >>> KB944533-IE7 > >>> KB944653 > >>> KB945553 > >>> KB946026 > >>> KB947864-IE7 > >>> KB948496 > >>> KB948590 > >>> KB948745 > >>> KB948881 > >>> KB949014 > >>> KB950759-IE7 > >>> KB950760 > >>> KB950762 > >>> KB951698 > >>> Q147222 > >>> Netcard queries test . . . . . . . : Passed > >>> Per interface results: > >>> > >>> Adapter : Local Area Connection 3 > >>> > >>> Netcard queries test . . . : Passed > >>> > >>> Host Name. . . . . . . . . : dbserver2 > >>> IP Address . . . . . . . . : 192.168.100.94 > >>> Subnet Mask. . . . . . . . : 255.255.255.0 > >>> Default Gateway. . . . . . : 192.168.100.1 > >>> Primary WINS Server. . . . : 192.168.100.94 > >>> Secondary WINS Server. . . : 192.168.100.87 > >>> Dns Servers. . . . . . . . : 192.168.100.87 > >>> 192.168.100.94 > >>> 192.168.100.77 > >>> AutoConfiguration results. . . . . . : Passed > >>> Default gateway test . . . : Passed > >>> > >>> NetBT name test. . . . . . : Passed > >>> > >>> WINS service test. . . . . : Passed > >>> > >>> Global results: > >>> > >>> Domain membership test . . . . . . : Failed > >>> [WARNING] Ths system volume has not been completely replicated to > >>> the > >>> local > >>> machine. This machine is not working properly as a DC. > >>> NetBT transports test. . . . . . . : Passed > >>> List of NetBt transports currently configured: > >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > >>> 1 NetBt transport currently configured. > >>> Autonet address test . . . . . . . : Passed > >>> IP loopback ping test. . . . . . . : Passed > >>> > >>> Default gateway test . . . . . . . : Passed > >>> > >>> NetBT name test. . . . . . . . . . : Passed > >>> > >>> Winsock test . . . . . . . . . . . : Passed > >>> > >>> DNS test . . . . . . . . . . . . . : Passed > >>> [WARNING] Cannot find a primary authoritative DNS server for > >>> the > >>> name > >>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] > >>> The name 'dbserver2.ilcuboard.local.' may not be > >>> registered in > >>> DNS. > >>> [WARNING] The DNS entries for this DC are not registered correctly > >>> on > >>> DNS se > >>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server > >>> replication. > >>> PASS - All the DNS entries for DC are registered on DNS server > >>> '192.168.100. > >>> 94' and other DCs also have some of the names registered. > >>> [WARNING] The DNS entries for this DC cannot be verified right > >>> now on > >>> DNS > >>> server 192.168.100.77, ERROR_TIMEOUT. > >>> Redir and Browser test . . . . . . : Passed > >>> List of NetBt transports currently bound to the Redir > >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > >>> The redir is bound to 1 NetBt transport. > >>> List of NetBt transports currently bound to the browser > >>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} > >>> The browser is bound to 1 NetBt transport. > >>> DC discovery test. . . . . . . . . : Failed > >>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. > >>> [ERROR_NO_SUCH_DOMAIN] > >>> DC list test . . . . . . . . . . . : Failed > >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test > >>> skipped]. > >>> Trust relationship test. . . . . . : Skipped > >>> Kerberos test. . . . . . . . . . . : Skipped > >>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test > >>> skipped]. > >>> LDAP test. . . . . . . . . . . . . : Failed > >>> Cannot find DC to run LDAP tests on. The error occurred was: The > >>> specified d > >>> omain either does not exist or could not be contacted. > >>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. > >>> [ERROR_NO_SUCH_DOMAIN] > >>> Bindings test. . . . . . . . . . . : Passed > >>> > >>> WAN configuration test . . . . . . : Skipped > >>> No active remote access connections. > >>> Modem diagnostics test . . . . . . : Passed > >>> IP Security test . . . . . . . . . : Skipped > >>> > >>> Note: run "netsh ipsec dynamic show /?" for more detailed > >>> information > >>> > >>> The command completed successfully > >>> > >>> C:\Documents and Settings\Administrator.CUB_DOMAIN> > >>> > >>> My plan of action is to do a dcpromo /forceremoval first on the old > >>> server in directory services restore mode (because I cant boot into > >>> windows normally) > >>> > >>> and then Ill perform a ntdsutil metadata cleanup on the new server > >>> > >>> I believe this will resolve my problem but I am not totally sure and
Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue After looking over my posts I noticed that my old server has dhcp service configured which I never configured we have all ways used static ips, so I dont know why that is. and our domain uses the netbios name cub_domain. cubnet.com was that servers old domain ilcuboard.local is the name that is supposed to be there. "Lem@community.nospam" wrote: > Yes the isp's dns server is listed under forwarders > > here is the ipconfig/all from the new dc > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : dbserver2 > Primary Dns Suffix . . . . . . . : ilcuboard.local > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : ilcuboard.local > > Ethernet adapter Local Area Connection 3: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection > Physical Address. . . . . . . . . : 00-14-22-76-40-3B > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.100.94 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.100.1 > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > 192.168.100.77 > Primary WINS Server . . . . . . . : 192.168.100.94 > Secondary WINS Server . . . . . . : 192.168.100.87 > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > the old dc which is running in directory services restore mode (safe mode) > ipconfig/all > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : netserver1 > Primary Dns Suffix . . . . . . . : cubnet.com > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : cubnet.com > > Ethernet adapter Local Area Connection 2: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > Connection # > 2 > Physical Address. . . . . . . . . : 00-11-43-EE-19-A2 > DHCP Enabled. . . . . . . . . . . : Yes > Autoconfiguration Enabled . . . . : Yes > Autoconfiguration IP Address. . . : 169.254.185.58 > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > Default Gateway . . . . . . . . . : > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > Primary WINS Server . . . . . . . : 192.168.100.87 > Secondary WINS Server . . . . . . : 192.168.100.94 > NetBIOS over Tcpip. . . . . . . . : Disabled > > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection > Physical Address. . . . . . . . . : 00-11-43-EE-19-A1 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.100.87 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.100.1 > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > Primary WINS Server . . . . . . . : 192.168.100.87 > Secondary WINS Server . . . . . . : 192.168.100.94 > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > "Meinolf Weber" wrote: > > > Hello Lem@community.nospam, > > > > To get internet access for the users configure your ISP's DNS server under > > the server porperties in the DNS management console under the FORWARDERS > > TAB on the new server. > > > > Please post an unedited ipconfig /all from all DC/DNS servers. Do you use > > AD integrated zones? > > > > Best regards > > > > Meinolf Weber > > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > > no rights. > > ** Please do NOT email, only reply to Newsgroups > > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > > > Hi Meinolf Weber, > > > > > > Yes I did make the new server the new main dns server as well. > > > > > > I also configured the clients to use the new server as their dns > > > servers (added the new server as the Primary DNS server in their NIC > > > settings). > > > > > > I also transferred all 5 of the FSMO roles including global catalog to > > > the new server. > > > > > > The old dc server is still connected to the network. > > > The old dc server has not been demoted because it will not boot > > > normally it > > > gets stuck at active directory is rebuilding indicies and then an > > > error comes > > > up which I listed below: > > > lssas.exe - system error Security Accounts Manager initialization > > > failed because of the following error: Directory Service cannot start. > > > Error Status: 0x00002e1 > > > > > > Also the old dc server is still connected because it is the only way > > > right now to give users access to the internet. > > > > > > Thanks for your replies. Please let me know if their is any other info > > > I need to provide. > > > > > > "Meinolf Weber" wrote: > > > > > >> Hello Lem@community.nospam, > > >> > > >> Just to get you correct, the old DC is still up and running? Or is it > > >> shutdown or disconnected? Please describe in detail about. > > >> > > >> Did you make the new server DNS server? > > >> > > >> Did you reconfigure the clients to use the new DNS server? > > >> > > >> Did you move/transfer the 5 FSMO roles to the new one? > > >> > > >> Best regards > > >> > > >> Meinolf Weber > > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > > >> confers > > >> no rights. > > >> ** Please do NOT email, only reply to Newsgroups > > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > >>> I recently added a new dc that is also the new global catalog > > >>> server. I was unable to demote the old dc using the dcpromo. > > >>> > > >>> I have 2 main problems: > > >>> > > >>> 1. Clients are not using the new active directory server, for > > >>> example i am unable to share documents, cannot add users because I > > >>> cannot find the ad when trying to change permissions, etc. > > >>> > > >>> 2. Clients are also not using the new dns server (which is also the > > >>> new dc/global catalog server) to access the internet. I know this > > >>> because everytime I unplug the old dc from the network no one is > > >>> able to access the internet and they all have the new dns server > > >>> added to their nic settings as the primary dns server. > > >>> > > >>> All addresses are static so there is no dhcp server. Also the dcdiag > > >>> and netdiag has a bunch of errors: > > >>> > > >>> DCDiag Errors Below: > > >>> > > >>> Running partition tests on : DomainDnsZones > > >>> Starting test: CrossRefValidation > > >>> ......................... DomainDnsZones passed test > > >>> CrossRefValidation > > >>> Starting test: CheckSDRefDom > > >>> ......................... DomainDnsZones passed test > > >>> CheckSDRefDom > > >>> Running partition tests on : Schema > > >>> Starting test: CrossRefValidation > > >>> ......................... Schema passed test > > >>> CrossRefValidation > > >>> Starting test: CheckSDRefDom > > >>> ......................... Schema passed test CheckSDRefDom > > >>> Running partition tests on : Configuration > > >>> Starting test: CrossRefValidation > > >>> ......................... Configuration passed test > > >>> CrossRefValidation > > >>> Starting test: CheckSDRefDom > > >>> ......................... Configuration passed test > > >>> CheckSDRefDom > > >>> Running partition tests on : ilcuboard > > >>> Starting test: CrossRefValidation > > >>> ......................... ilcuboard passed test > > >>> CrossRefValidation > > >>> Starting test: CheckSDRefDom > > >>> ......................... ilcuboard passed test CheckSDRefDom > > >>> Running enterprise tests on : ilcuboard.local > > >>> Starting test: Intersite > > >>> ......................... ilcuboard.local passed test > > >>> Intersite > > >>> Starting test: FsmoCheck > > >>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > > >>> 1355 > > >>> A Global Catalog Server could not be located - All GC's are > > >>> down. > > >>> ......................... ilcuboard.local failed test > > >>> FsmoCheck > > >>> ===================================================== > > >>> ===================================================== > > >>> My Net Diag Errors are Below: > > >>> > > >>> Microsoft Windows [Version 5.2.3790] > > >>> © Copyright 1985-2003 Microsoft Corp. > > >>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > > >>> ........................................ > > >>> > > >>> Computer Name: DBSERVER2 > > >>> DNS Host Name: dbserver2.ilcuboard.local > > >>> System info : Microsoft Windows Server 2003 R2 (Build 3790) > > >>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > > >>> List of installed hotfixes : > > >>> KB909520 > > >>> KB921503 > > >>> KB925398_WMP64 > > >>> KB925876 > > >>> KB925902 > > >>> KB926122 > > >>> KB927891 > > >>> KB928090-IE7 > > >>> KB929123 > > >>> KB929969 > > >>> KB930178 > > >>> KB931768-IE7 > > >>> KB931784 > > >>> KB931836 > > >>> KB932168 > > >>> KB933360 > > >>> KB933566-IE7 > > >>> KB933729 > > >>> KB933854 > > >>> KB935839 > > >>> KB935840 > > >>> KB935966 > > >>> KB936021 > > >>> KB936357 > > >>> KB936782 > > >>> KB937143-IE7 > > >>> KB938127-IE7 > > >>> KB939653-IE7 > > >>> KB941202 > > >>> KB941568 > > >>> KB941569 > > >>> KB941644 > > >>> KB941672 > > >>> KB941693 > > >>> KB942615-IE7 > > >>> KB942763 > > >>> KB942830 > > >>> KB942831 > > >>> KB943055 > > >>> KB943460 > > >>> KB943485 > > >>> KB943729 > > >>> KB944533-IE7 > > >>> KB944653 > > >>> KB945553 > > >>> KB946026 > > >>> KB947864-IE7 > > >>> KB948496 > > >>> KB948590 > > >>> KB948745 > > >>> KB948881 > > >>> KB949014 > > >>> KB950759-IE7 > > >>> KB950760 > > >>> KB950762 > > >>> KB951698 > > >>> Q147222 > > >>> Netcard queries test . . . . . . . : Passed > > >>> Per interface results: > > >>> > > >>> Adapter : Local Area Connection 3 > > >>> > > >>> Netcard queries test . . . : Passed > > >>> > > >>> Host Name. . . . . . . . . : dbserver2 > > >>> IP Address . . . . . . . . : 192.168.100.94 > > >>> Subnet Mask. . . . . . . . : 255.255.255.0 > > >>> Default Gateway. . . . . . : 192.168.100.1 > > >>> Primary WINS Server. . . . : 192.168.100.94 > > >>> Secondary WINS Server. . . : 192.168.100.87 > > >>> Dns Servers. . . . . . . . : 192.168.100.87 > > >>> 192.168.100.94 > > >>> 192.168.100.77 > > >>> AutoConfiguration results. . . . . . : Passed > > >>> Default gateway test . . . : Passed > > >>>
Guest Meinolf Weber Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue Hello Lem@community.nospam, Why are the both servers from different domains? New machine dbserver2 is ilcuboard.local, old machine netserver1 is cubnet.com??? Please clarify this configuration, did you setup a NEW domain with the new server? Is the new server maybe a SBS server operating system? Also if you do not use a NIC on a DC disable it, the second NIC on netserver1 witht 169.254.x.x address. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > Yes the isp's dns server is listed under forwarders > > here is the ipconfig/all from the new dc > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : dbserver2 > Primary Dns Suffix . . . . . . . : ilcuboard.local > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : ilcuboard.local > Ethernet adapter Local Area Connection 3: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-14-22-76-40-3B > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.100.94 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.100.1 > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > 192.168.100.77 > Primary WINS Server . . . . . . . : 192.168.100.94 > Secondary WINS Server . . . . . . : 192.168.100.87 > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > the old dc which is running in directory services restore mode (safe > mode) ipconfig/all > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > Windows IP Configuration > > Host Name . . . . . . . . . . . . : netserver1 > Primary Dns Suffix . . . . . . . : cubnet.com > Node Type . . . . . . . . . . . . : Hybrid > IP Routing Enabled. . . . . . . . : No > WINS Proxy Enabled. . . . . . . . : No > DNS Suffix Search List. . . . . . : cubnet.com > Ethernet adapter Local Area Connection 2: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > Connection # > 2 > Physical Address. . . . . . . . . : 00-11-43-EE-19-A2 > DHCP Enabled. . . . . . . . . . . : Yes > Autoconfiguration Enabled . . . . : Yes > Autoconfiguration IP Address. . . : 169.254.185.58 > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > Default Gateway . . . . . . . . . : > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > Primary WINS Server . . . . . . . : 192.168.100.87 > Secondary WINS Server . . . . . . : 192.168.100.94 > NetBIOS over Tcpip. . . . . . . . : Disabled > Ethernet adapter Local Area Connection: > > Connection-specific DNS Suffix . : > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > Connection > Physical Address. . . . . . . . . : 00-11-43-EE-19-A1 > DHCP Enabled. . . . . . . . . . . : No > IP Address. . . . . . . . . . . . : 192.168.100.87 > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > Default Gateway . . . . . . . . . : 192.168.100.1 > DNS Servers . . . . . . . . . . . : 192.168.100.87 > 192.168.100.94 > Primary WINS Server . . . . . . . : 192.168.100.87 > Secondary WINS Server . . . . . . : 192.168.100.94 > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > "Meinolf Weber" wrote: > >> Hello Lem@community.nospam, >> >> To get internet access for the users configure your ISP's DNS server >> under the server porperties in the DNS management console under the >> FORWARDERS TAB on the new server. >> >> Please post an unedited ipconfig /all from all DC/DNS servers. Do you >> use AD integrated zones? >> >> Best regards >> >> Meinolf Weber >> Disclaimer: This posting is provided "AS IS" with no warranties, and >> confers >> no rights. >> ** Please do NOT email, only reply to Newsgroups >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>> Hi Meinolf Weber, >>> >>> Yes I did make the new server the new main dns server as well. >>> >>> I also configured the clients to use the new server as their dns >>> servers (added the new server as the Primary DNS server in their NIC >>> settings). >>> >>> I also transferred all 5 of the FSMO roles including global catalog >>> to the new server. >>> >>> The old dc server is still connected to the network. >>> The old dc server has not been demoted because it will not boot >>> normally it >>> gets stuck at active directory is rebuilding indicies and then an >>> error comes >>> up which I listed below: >>> lssas.exe - system error Security Accounts Manager initialization >>> failed because of the following error: Directory Service cannot >>> start. >>> Error Status: 0x00002e1 >>> Also the old dc server is still connected because it is the only way >>> right now to give users access to the internet. >>> >>> Thanks for your replies. Please let me know if their is any other >>> info I need to provide. >>> >>> "Meinolf Weber" wrote: >>> >>>> Hello Lem@community.nospam, >>>> >>>> Just to get you correct, the old DC is still up and running? Or is >>>> it shutdown or disconnected? Please describe in detail about. >>>> >>>> Did you make the new server DNS server? >>>> >>>> Did you reconfigure the clients to use the new DNS server? >>>> >>>> Did you move/transfer the 5 FSMO roles to the new one? >>>> >>>> Best regards >>>> >>>> Meinolf Weber >>>> Disclaimer: This posting is provided "AS IS" with no warranties, >>>> and >>>> confers >>>> no rights. >>>> ** Please do NOT email, only reply to Newsgroups >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm >>>>> I recently added a new dc that is also the new global catalog >>>>> server. I was unable to demote the old dc using the dcpromo. >>>>> >>>>> I have 2 main problems: >>>>> >>>>> 1. Clients are not using the new active directory server, for >>>>> example i am unable to share documents, cannot add users because I >>>>> cannot find the ad when trying to change permissions, etc. >>>>> >>>>> 2. Clients are also not using the new dns server (which is also >>>>> the new dc/global catalog server) to access the internet. I know >>>>> this because everytime I unplug the old dc from the network no one >>>>> is able to access the internet and they all have the new dns >>>>> server added to their nic settings as the primary dns server. >>>>> >>>>> All addresses are static so there is no dhcp server. Also the >>>>> dcdiag and netdiag has a bunch of errors: >>>>> >>>>> DCDiag Errors Below: >>>>> >>>>> Running partition tests on : DomainDnsZones >>>>> Starting test: CrossRefValidation >>>>> ......................... DomainDnsZones passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... DomainDnsZones passed test >>>>> CheckSDRefDom >>>>> Running partition tests on : Schema >>>>> Starting test: CrossRefValidation >>>>> ......................... Schema passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... Schema passed test CheckSDRefDom >>>>> Running partition tests on : Configuration >>>>> Starting test: CrossRefValidation >>>>> ......................... Configuration passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... Configuration passed test >>>>> CheckSDRefDom >>>>> Running partition tests on : ilcuboard >>>>> Starting test: CrossRefValidation >>>>> ......................... ilcuboard passed test >>>>> CrossRefValidation >>>>> Starting test: CheckSDRefDom >>>>> ......................... ilcuboard passed test CheckSDRefDom >>>>> Running enterprise tests on : ilcuboard.local >>>>> Starting test: Intersite >>>>> ......................... ilcuboard.local passed test >>>>> Intersite >>>>> Starting test: FsmoCheck >>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error >>>>> 1355 >>>>> A Global Catalog Server could not be located - All GC's are >>>>> down. >>>>> ......................... ilcuboard.local failed test >>>>> FsmoCheck >>>>> ===================================================== >>>>> ===================================================== >>>>> My Net Diag Errors are Below: >>>>> Microsoft Windows [Version 5.2.3790] >>>>> © Copyright 1985-2003 Microsoft Corp. >>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag >>>>> ........................................ >>>>> Computer Name: DBSERVER2 >>>>> DNS Host Name: dbserver2.ilcuboard.local >>>>> System info : Microsoft Windows Server 2003 R2 (Build 3790) >>>>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel >>>>> List of installed hotfixes : >>>>> KB909520 >>>>> KB921503 >>>>> KB925398_WMP64 >>>>> KB925876 >>>>> KB925902 >>>>> KB926122 >>>>> KB927891 >>>>> KB928090-IE7 >>>>> KB929123 >>>>> KB929969 >>>>> KB930178 >>>>> KB931768-IE7 >>>>> KB931784 >>>>> KB931836 >>>>> KB932168 >>>>> KB933360 >>>>> KB933566-IE7 >>>>> KB933729 >>>>> KB933854 >>>>> KB935839 >>>>> KB935840 >>>>> KB935966 >>>>> KB936021 >>>>> KB936357 >>>>> KB936782 >>>>> KB937143-IE7 >>>>> KB938127-IE7 >>>>> KB939653-IE7 >>>>> KB941202 >>>>> KB941568 >>>>> KB941569 >>>>> KB941644 >>>>> KB941672 >>>>> KB941693 >>>>> KB942615-IE7 >>>>> KB942763 >>>>> KB942830 >>>>> KB942831 >>>>> KB943055 >>>>> KB943460 >>>>> KB943485 >>>>> KB943729 >>>>> KB944533-IE7 >>>>> KB944653 >>>>> KB945553 >>>>> KB946026 >>>>> KB947864-IE7 >>>>> KB948496 >>>>> KB948590 >>>>> KB948745 >>>>> KB948881 >>>>> KB949014 >>>>> KB950759-IE7 >>>>> KB950760 >>>>> KB950762 >>>>> KB951698 >>>>> Q147222 >>>>> Netcard queries test . . . . . . . : Passed >>>>> Per interface results: >>>>> Adapter : Local Area Connection 3 >>>>> >>>>> Netcard queries test . . . : Passed >>>>> >>>>> Host Name. . . . . . . . . : dbserver2 >>>>> IP Address . . . . . . . . : 192.168.100.94 >>>>> Subnet Mask. . . . . . . . : 255.255.255.0 >>>>> Default Gateway. . . . . . : 192.168.100.1 >>>>> Primary WINS Server. . . . : 192.168.100.94 >>>>> Secondary WINS Server. . . : 192.168.100.87 >>>>> Dns Servers. . . . . . . . : 192.168.100.87 >>>>> 192.168.100.94 >>>>> 192.168.100.77 >>>>> AutoConfiguration results. . . . . . : Passed >>>>> Default gateway test . . . : Passed >>>>> NetBT name test. . . . . . : Passed >>>>> >>>>> WINS service test. . . . . : Passed >>>>> >>>>> Global results: >>>>> >>>>> Domain membership test . . . . . . : Failed >>>>> [WARNING] Ths system volume has not been completely replicated to >>>>> the >>>>> local >>>>> machine. This machine is not working properly as a DC. >>>>> NetBT transports test. . . . . . . : Passed >>>>> List of NetBt transports currently configured: >>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>>>> 1 NetBt transport currently configured. >>>>> Autonet address test . . . . . . . : Passed >>>>> IP loopback ping test. . . . . . . : Passed >>>>> Default gateway test . . . . . . . : Passed >>>>> >>>>> NetBT name test. . . . . . . . . . : Passed >>>>> >>>>> Winsock test . . . . . . . . . . . : Passed >>>>> >>>>> DNS test . . . . . . . . . . . . . : Passed >>>>> [WARNING] Cannot find a primary authoritative DNS server for >>>>> the >>>>> name >>>>> 'dbserver2.ilcuboard.local.'. [RCODE_SERVER_FAILURE] >>>>> The name 'dbserver2.ilcuboard.local.' may not be >>>>> registered in >>>>> DNS. >>>>> [WARNING] The DNS entries for this DC are not registered correctly >>>>> on >>>>> DNS se >>>>> rver '192.168.100.87'. Please wait for 30 minutes for DNS server >>>>> replication. >>>>> PASS - All the DNS entries for DC are registered on DNS server >>>>> '192.168.100. >>>>> 94' and other DCs also have some of the names registered. >>>>> [WARNING] The DNS entries for this DC cannot be verified right >>>>> now on >>>>> DNS >>>>> server 192.168.100.77, ERROR_TIMEOUT. >>>>> Redir and Browser test . . . . . . : Passed >>>>> List of NetBt transports currently bound to the Redir >>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>>>> The redir is bound to 1 NetBt transport. >>>>> List of NetBt transports currently bound to the browser >>>>> NetBT_Tcpip_{3193A4C9-B465-4280-A562-A1B85B1AC17C} >>>>> The browser is bound to 1 NetBt transport. >>>>> DC discovery test. . . . . . . . . : Failed >>>>> [FATAL] Cannot find DC in domain 'CUB_DOMAIN'. >>>>> [ERROR_NO_SUCH_DOMAIN] >>>>> DC list test . . . . . . . . . . . : Failed >>>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test >>>>> skipped]. >>>>> Trust relationship test. . . . . . : Skipped >>>>> Kerberos test. . . . . . . . . . . : Skipped >>>>> 'CUB_DOMAIN': Cannot find DC to get DC list from [test >>>>> skipped]. >>>>> LDAP test. . . . . . . . . . . . . : Failed >>>>> Cannot find DC to run LDAP tests on. The error occurred was: The >>>>> specified d >>>>> omain either does not exist or could not be contacted. >>>>> [WARNING] Cannot find DC in domain 'CUB_DOMAIN'. >>>>> [ERROR_NO_SUCH_DOMAIN] >>>>> Bindings test. . . . . . . . . . . : Passed >>>>> WAN configuration test . . . . . . : Skipped >>>>> No active remote access connections. >>>>> Modem diagnostics test . . . . . . : Passed >>>>> IP Security test . . . . . . . . . : Skipped >>>>> Note: run "netsh ipsec dynamic show /?" for more detailed >>>>> information >>>>> >>>>> The command completed successfully >>>>> >>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN> >>>>> >>>>> My plan of action is to do a dcpromo /forceremoval first on the >>>>> old server in directory services restore mode (because I cant boot >>>>> into windows normally) >>>>> >>>>> and then Ill perform a ntdsutil metadata cleanup on the new server >>>>> >>>>> I believe this will resolve my problem but I am not totally sure >>>>> and >>>>>
Guest Lem@community.nospam Posted July 2, 2008 Posted July 2, 2008 Re: DNS/Active Directory Issue The servers are actually not in different domains I believe this happened because I renamed the domain from cubnet.com to ilcuboard.local about 4 years ago. I renamed the domain from cubnet.com to ilcuboard.local because cubnet.com caused problems with some internet sites. Our domain is only accessible locally so I had to rename the domain to ilcuboard.local. But during that process the old dc kept the old cubnet.com suffix but it still operated without major problems with this setup. I will also disable all inactive nics, thanks for the tip. "Meinolf Weber" wrote: > Hello Lem@community.nospam, > > Why are the both servers from different domains? New machine dbserver2 is > ilcuboard.local, old machine netserver1 is cubnet.com??? > > Please clarify this configuration, did you setup a NEW domain with the new > server? Is the new server maybe a SBS server operating system? > > Also if you do not use a NIC on a DC disable it, the second NIC on netserver1 > witht 169.254.x.x address. > > Best regards > > Meinolf Weber > Disclaimer: This posting is provided "AS IS" with no warranties, and confers > no rights. > ** Please do NOT email, only reply to Newsgroups > ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > > > Yes the isp's dns server is listed under forwarders > > > > here is the ipconfig/all from the new dc > > > > Microsoft Windows [Version 5.2.3790] > > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : dbserver2 > > Primary Dns Suffix . . . . . . . : ilcuboard.local > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : ilcuboard.local > > Ethernet adapter Local Area Connection 3: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > > Connection > > Physical Address. . . . . . . . . : 00-14-22-76-40-3B > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.100.94 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.100.1 > > DNS Servers . . . . . . . . . . . : 192.168.100.87 > > 192.168.100.94 > > 192.168.100.77 > > Primary WINS Server . . . . . . . : 192.168.100.94 > > Secondary WINS Server . . . . . . : 192.168.100.87 > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > > > the old dc which is running in directory services restore mode (safe > > mode) ipconfig/all > > > > Microsoft Windows [Version 5.2.3790] > > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig/all > > > > Windows IP Configuration > > > > Host Name . . . . . . . . . . . . : netserver1 > > Primary Dns Suffix . . . . . . . : cubnet.com > > Node Type . . . . . . . . . . . . : Hybrid > > IP Routing Enabled. . . . . . . . : No > > WINS Proxy Enabled. . . . . . . . : No > > DNS Suffix Search List. . . . . . : cubnet.com > > Ethernet adapter Local Area Connection 2: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > > Connection # > > 2 > > Physical Address. . . . . . . . . : 00-11-43-EE-19-A2 > > DHCP Enabled. . . . . . . . . . . : Yes > > Autoconfiguration Enabled . . . . : Yes > > Autoconfiguration IP Address. . . : 169.254.185.58 > > Subnet Mask . . . . . . . . . . . : 255.255.0.0 > > Default Gateway . . . . . . . . . : > > DNS Servers . . . . . . . . . . . : 192.168.100.87 > > 192.168.100.94 > > Primary WINS Server . . . . . . . : 192.168.100.87 > > Secondary WINS Server . . . . . . : 192.168.100.94 > > NetBIOS over Tcpip. . . . . . . . : Disabled > > Ethernet adapter Local Area Connection: > > > > Connection-specific DNS Suffix . : > > Description . . . . . . . . . . . : Intel® PRO/1000 MT Network > > Connection > > Physical Address. . . . . . . . . : 00-11-43-EE-19-A1 > > DHCP Enabled. . . . . . . . . . . : No > > IP Address. . . . . . . . . . . . : 192.168.100.87 > > Subnet Mask . . . . . . . . . . . : 255.255.255.0 > > Default Gateway . . . . . . . . . : 192.168.100.1 > > DNS Servers . . . . . . . . . . . : 192.168.100.87 > > 192.168.100.94 > > Primary WINS Server . . . . . . . : 192.168.100.87 > > Secondary WINS Server . . . . . . : 192.168.100.94 > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > > > "Meinolf Weber" wrote: > > > >> Hello Lem@community.nospam, > >> > >> To get internet access for the users configure your ISP's DNS server > >> under the server porperties in the DNS management console under the > >> FORWARDERS TAB on the new server. > >> > >> Please post an unedited ipconfig /all from all DC/DNS servers. Do you > >> use AD integrated zones? > >> > >> Best regards > >> > >> Meinolf Weber > >> Disclaimer: This posting is provided "AS IS" with no warranties, and > >> confers > >> no rights. > >> ** Please do NOT email, only reply to Newsgroups > >> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>> Hi Meinolf Weber, > >>> > >>> Yes I did make the new server the new main dns server as well. > >>> > >>> I also configured the clients to use the new server as their dns > >>> servers (added the new server as the Primary DNS server in their NIC > >>> settings). > >>> > >>> I also transferred all 5 of the FSMO roles including global catalog > >>> to the new server. > >>> > >>> The old dc server is still connected to the network. > >>> The old dc server has not been demoted because it will not boot > >>> normally it > >>> gets stuck at active directory is rebuilding indicies and then an > >>> error comes > >>> up which I listed below: > >>> lssas.exe - system error Security Accounts Manager initialization > >>> failed because of the following error: Directory Service cannot > >>> start. > >>> Error Status: 0x00002e1 > >>> Also the old dc server is still connected because it is the only way > >>> right now to give users access to the internet. > >>> > >>> Thanks for your replies. Please let me know if their is any other > >>> info I need to provide. > >>> > >>> "Meinolf Weber" wrote: > >>> > >>>> Hello Lem@community.nospam, > >>>> > >>>> Just to get you correct, the old DC is still up and running? Or is > >>>> it shutdown or disconnected? Please describe in detail about. > >>>> > >>>> Did you make the new server DNS server? > >>>> > >>>> Did you reconfigure the clients to use the new DNS server? > >>>> > >>>> Did you move/transfer the 5 FSMO roles to the new one? > >>>> > >>>> Best regards > >>>> > >>>> Meinolf Weber > >>>> Disclaimer: This posting is provided "AS IS" with no warranties, > >>>> and > >>>> confers > >>>> no rights. > >>>> ** Please do NOT email, only reply to Newsgroups > >>>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > >>>>> I recently added a new dc that is also the new global catalog > >>>>> server. I was unable to demote the old dc using the dcpromo. > >>>>> > >>>>> I have 2 main problems: > >>>>> > >>>>> 1. Clients are not using the new active directory server, for > >>>>> example i am unable to share documents, cannot add users because I > >>>>> cannot find the ad when trying to change permissions, etc. > >>>>> > >>>>> 2. Clients are also not using the new dns server (which is also > >>>>> the new dc/global catalog server) to access the internet. I know > >>>>> this because everytime I unplug the old dc from the network no one > >>>>> is able to access the internet and they all have the new dns > >>>>> server added to their nic settings as the primary dns server. > >>>>> > >>>>> All addresses are static so there is no dhcp server. Also the > >>>>> dcdiag and netdiag has a bunch of errors: > >>>>> > >>>>> DCDiag Errors Below: > >>>>> > >>>>> Running partition tests on : DomainDnsZones > >>>>> Starting test: CrossRefValidation > >>>>> ......................... DomainDnsZones passed test > >>>>> CrossRefValidation > >>>>> Starting test: CheckSDRefDom > >>>>> ......................... DomainDnsZones passed test > >>>>> CheckSDRefDom > >>>>> Running partition tests on : Schema > >>>>> Starting test: CrossRefValidation > >>>>> ......................... Schema passed test > >>>>> CrossRefValidation > >>>>> Starting test: CheckSDRefDom > >>>>> ......................... Schema passed test CheckSDRefDom > >>>>> Running partition tests on : Configuration > >>>>> Starting test: CrossRefValidation > >>>>> ......................... Configuration passed test > >>>>> CrossRefValidation > >>>>> Starting test: CheckSDRefDom > >>>>> ......................... Configuration passed test > >>>>> CheckSDRefDom > >>>>> Running partition tests on : ilcuboard > >>>>> Starting test: CrossRefValidation > >>>>> ......................... ilcuboard passed test > >>>>> CrossRefValidation > >>>>> Starting test: CheckSDRefDom > >>>>> ......................... ilcuboard passed test CheckSDRefDom > >>>>> Running enterprise tests on : ilcuboard.local > >>>>> Starting test: Intersite > >>>>> ......................... ilcuboard.local passed test > >>>>> Intersite > >>>>> Starting test: FsmoCheck > >>>>> Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error > >>>>> 1355 > >>>>> A Global Catalog Server could not be located - All GC's are > >>>>> down. > >>>>> ......................... ilcuboard.local failed test > >>>>> FsmoCheck > >>>>> ===================================================== > >>>>> ===================================================== > >>>>> My Net Diag Errors are Below: > >>>>> Microsoft Windows [Version 5.2.3790] > >>>>> © Copyright 1985-2003 Microsoft Corp. > >>>>> C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag > >>>>> ........................................ > >>>>> Computer Name: DBSERVER2 > >>>>> DNS Host Name: dbserver2.ilcuboard.local > >>>>> System info : Microsoft Windows Server 2003 R2 (Build 3790) > >>>>> Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > >>>>> List of installed hotfixes : > >>>>> KB909520 > >>>>> KB921503 > >>>>> KB925398_WMP64 > >>>>> KB925876 > >>>>> KB925902 > >>>>> KB926122 > >>>>> KB927891 > >>>>> KB928090-IE7 > >>>>> KB929123 > >>>>> KB929969 > >>>>> KB930178 > >>>>> KB931768-IE7 > >>>>> KB931784 > >>>>> KB931836 > >>>>> KB932168 > >>>>> KB933360 > >>>>> KB933566-IE7 > >>>>> KB933729 > >>>>> KB933854 > >>>>> KB935839 > >>>>> KB935840 > >>>>> KB935966 > >>>>> KB936021 > >>>>> KB936357 > >>>>> KB936782 > >>>>> KB937143-IE7 > >>>>> KB938127-IE7 > >>>>> KB939653-IE7 > >>>>> KB941202 > >>>>> KB941568 > >>>>> KB941569 > >>>>> KB941644 > >>>>> KB941672 > >>>>> KB941693 > >>>>> KB942615-IE7 > >>>>> KB942763 > >>>>> KB942830 > >>>>> KB942831 > >>>>> KB943055 > >>>>> KB943460 > >>>>> KB943485 > >>>>> KB943729 > >>>>> KB944533-IE7 > >>>>> KB944653 > >>>>> KB945553 > >>>>> KB946026 > >>>>> KB947864-IE7 > >>>>> KB948496 > >>>>> KB948590 > >>>>> KB948745 > >>>>> KB948881 > >>>>> KB949014 > >>>>> KB950759-IE7 > >>>>> KB950760 > >>>>> KB950762 > >>>>> KB951698 > >>>>> Q147222 > >>>>> Netcard queries test . . . . . . . : Passed > >>>>> Per interface results: > >>>>> Adapter : Local Area Connection 3 > >>>>> > >>>>> Netcard queries test . . . : Passed > >>>>>
Guest David Shen [MSFT] Posted July 3, 2008 Posted July 3, 2008 RE: DNS/Active Directory Issue Hello Lem, Thank you for posting here. According to description, my understanding of the problematic system environment is as followed. If I have any misunderstanding, please feel free to let me know. Scenario: ========== Old DC: Host Name . . . . . . . . . . . . : netserver1 IP Address. . . . . . . . . . . . : 192.168.100.87 Primary Dns Suffix . . . . . . . : cubnet.com New DC: Host Name. . . . . . . . . : dbserver2 IP Address . . . . . . . . : 192.168.100.94 Primary Dns Suffix . . . . . . . : ilcuboard.local Current domain name: ilcuboard.local Based on the experience, here is some information which may be helpful for you. Analysis and Suggestion: ===================== 1. Please try to change to "Primary DNS suffix" of Old DC "netserver1" to "ilcuboard.local" 2. Can you tell me if the DNS lookup zone type is "Active Directory Integrated" on all the DNS servers? If not, please change the type to " Active Directory Integrated" 3. After you change the DNS lookup zone type, please adjust the DNS servers sequence in the NIC configuration of all the DCs and the domain clients. The DNS servers sequence is as followed. Primary DNS Server: 192.168.100.94 Secondary DNS Server: 192.168.100.87 Third DNS Server: 192.168.100.77 4. Please check on the new DC dbserver2 to see if the DNS zone "ilcuboard.local" is created; meanwhile, please let me know how you renamed the domain. 5. To verify all the domain clients can access the Internet, please enable Forwarder on the Primary DNS Server and make it point to the ISP DNS server. 6. Afterwards, please clear cache on all the DNS servers 7. Then, you may run "net stop netlogon" and then run "net start netlogon" on all the domain controllers to manually register the SRV records in the DNS database. Please note: before you restart the netlogon service, please verify all the Primary DNS suffix of all the domain controller is "ilcuboard.local" (the same as the current domain name) 8. After that, please check if the issue will re-occur. Since the issue is little complex and it may need a rather long period of troubleshooting. If the issue is important or urgent to you, I would like to suggest that you contact Microsoft Product Support Services via telephone so that a dedicated Support Professional can assist with this request. To obtain the phone numbers for specific technology request please take a look at the web site listed below. http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS If you are outside the US please see http://support.microsoft.com for regional support phone numbers. Hope the issue will be resolved soon. David Shen Microsoft Online Partner Support
Guest David Shen [MSFT] Posted July 7, 2008 Posted July 7, 2008 RE: DNS/Active Directory Issue Hello Lem, How's everything going? I'm wondering if the suggestion has helped or if you have any further questions. Please feel free to respond to the newsgroups if I can assist further. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 9, 2008 Posted July 9, 2008 RE: DNS/Active Directory Issue Hi David, I've been following all the suggestions in this thread and was able to rebuild the network without losing all of my ad objects and the dns was the key. But the problem is not totally solved yet I have my main zone created ilcuboard.local and I cannot create a new zone on the rebuilt dns server. I rebuilt it with the same name and ip address of the failed ad/dns server. The error is "the zone cannot be created. there was a server failure." also running a netdiag /fix returns the following results: Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag /fix Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent ......................... NETSERVER1 passed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog ......................... NETSERVER1 passed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag /fix ........................................ Computer Name: NETSERVER1 DNS Host Name: netserver1.ilcuboard.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB924667-v2 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB929123 KB930178 KB931784 KB932168 KB933729 KB933854 KB935839 KB935840 KB936021 KB936357 KB936782 KB938127 KB938127-IE7 KB941202 KB941569 KB941644 KB941672 KB941693 KB942763 KB943055 KB943460 KB943485 KB943729 KB944338 KB944653 KB945553 KB946026 KB948496 KB948590 KB949014 KB950759 KB950759-IE7 KB950760 KB950762 KB951698 KB951746 KB951748 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : netserver1 IP Address . . . . . . . . : 192.168.100.87 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS serv er '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com. re-regi steration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.e7181c48-3613-4666-8bb6-10ddc 90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.8 7' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com. re-registeration o n DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry 827c49b4-9a34-4c00-a2fe-c9048d23e005._ms dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com. re- registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._ sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' fail ed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com. re-regi steration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com. re-registerat ion on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._ sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites. cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com. re-registerat ion on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com. re-registerati on on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com. re-registerati on on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th is DC on DNS server '192.168.100.87'. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Passed Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'. Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Documents and Settings\Administrator.CUB_DOMAIN> the cubnet.com errors are referring to the previous ad/dns server that was rebuilt with the same name and ip. the ipconfig/all returns: Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>ipconfig /all Windows IP Configuration Host Name . . . . . . . . . . . . : netserver1 Primary Dns Suffix . . . . . . . : ilcuboard.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ilcuboard.local Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection # 2 Physical Address. . . . . . . . . : 00-11-43-EE-19-A1 DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 192.168.100.87 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.100.1 DNS Servers . . . . . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 Primary WINS Server . . . . . . . : 192.168.100.87 C:\Documents and Settings\Administrator.CUB_DOMAIN> Do you all have any suggestions on how to resolve this issue? "David Shen [MSFT]" wrote: > Hello Lem, > > How's everything going? > > I'm wondering if the suggestion has helped or if you have any further > questions. Please feel free to respond to the newsgroups if I can assist > further. > > David Shen > Microsoft Online Partner Support > >
Guest Lem@community.nospam Posted July 9, 2008 Posted July 9, 2008 RE: DNS/Active Directory Issue Also to provide more information all of the suggestions are coming in handy, so my current domain is ad integrated on both servers. the main server is the netserver1.ilcuboard.local and the backup will be mserver1.ilcuboard.local Netserver1 was was rebuilt by wiping replacing the hardrive that crashed then reinstalling without the new name of netserver1.ilcuboard.local instead of netserver1.cubnet.com which was the old suffix. The netserver1 is not currently the primary dc the primary is mserver1 which will be changed once I figure out this last part of getting rid of the remains of the cubnet.com suffix and being able to create new zones on the netserver1 which i want to be my primary again. I also demoted dbserver2 back to member server status. all the clients can access the internet and the shared folders work now so i am almost completely done with this problem once i figure out how to get rid of the problems i mentioned above. Please let me know if there is any other information needed. "Lem@community.nospam" wrote: > Hi David, > > I've been following all the suggestions in this thread and was able to > rebuild the network without losing all of my ad objects and the dns was the > key. > > But the problem is not totally solved yet I have my main zone created > ilcuboard.local and I cannot create a new zone on the rebuilt dns server. I > rebuilt it with the same name and ip address of the failed ad/dns server. The > error is "the zone cannot be created. there was a server failure." > > also running a netdiag /fix returns the following results: > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag /fix > > Domain Controller Diagnosis > > Performing initial setup: > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site-Name\NETSERVER1 > Starting test: Connectivity > ......................... NETSERVER1 passed test Connectivity > > Doing primary tests > > Testing server: Default-First-Site-Name\NETSERVER1 > Starting test: Replications > ......................... NETSERVER1 passed test Replications > Starting test: NCSecDesc > ......................... NETSERVER1 passed test NCSecDesc > Starting test: NetLogons > ......................... NETSERVER1 passed test NetLogons > Starting test: Advertising > ......................... NETSERVER1 passed test Advertising > Starting test: KnowsOfRoleHolders > ......................... NETSERVER1 passed test KnowsOfRoleHolders > Starting test: RidManager > ......................... NETSERVER1 passed test RidManager > Starting test: MachineAccount > ......................... NETSERVER1 passed test MachineAccount > Starting test: Services > ......................... NETSERVER1 passed test Services > Starting test: ObjectsReplicated > ......................... NETSERVER1 passed test ObjectsReplicated > Starting test: frssysvol > ......................... NETSERVER1 passed test frssysvol > Starting test: frsevent > ......................... NETSERVER1 passed test frsevent > Starting test: kccevent > ......................... NETSERVER1 passed test kccevent > Starting test: systemlog > ......................... NETSERVER1 passed test systemlog > Starting test: VerifyReferences > ......................... NETSERVER1 passed test VerifyReferences > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : ilcuboard > Starting test: CrossRefValidation > ......................... ilcuboard passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ilcuboard passed test CheckSDRefDom > > Running enterprise tests on : ilcuboard.local > Starting test: Intersite > ......................... ilcuboard.local passed test Intersite > Starting test: FsmoCheck > ......................... ilcuboard.local passed test FsmoCheck > > C:\Documents and Settings\Administrator.CUB_DOMAIN> > > > > > > Microsoft Windows [Version 5.2.3790] > © Copyright 1985-2003 Microsoft Corp. > > C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag /fix > > ....................................... > > Computer Name: NETSERVER1 > DNS Host Name: netserver1.ilcuboard.local > System info : Microsoft Windows Server 2003 (Build 3790) > Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel > List of installed hotfixes : > KB924667-v2 > KB925398_WMP64 > KB925876 > KB925902 > KB926122 > KB927891 > KB929123 > KB930178 > KB931784 > KB932168 > KB933729 > KB933854 > KB935839 > KB935840 > KB936021 > KB936357 > KB936782 > KB938127 > KB938127-IE7 > KB941202 > KB941569 > KB941644 > KB941672 > KB941693 > KB942763 > KB943055 > KB943460 > KB943485 > KB943729 > KB944338 > KB944653 > KB945553 > KB946026 > KB948496 > KB948590 > KB949014 > KB950759 > KB950759-IE7 > KB950760 > KB950762 > KB951698 > KB951746 > KB951748 > Q147222 > > > Netcard queries test . . . . . . . : Passed > > > > Per interface results: > > Adapter : Local Area Connection > > Netcard queries test . . . : Passed > > Host Name. . . . . . . . . : netserver1 > IP Address . . . . . . . . : 192.168.100.87 > Subnet Mask. . . . . . . . : 255.255.255.0 > Default Gateway. . . . . . : 192.168.100.1 > Primary WINS Server. . . . : 192.168.100.87 > Dns Servers. . . . . . . . : 192.168.100.87 > 192.168.100.94 > 192.168.100.77 > > > AutoConfiguration results. . . . . . : Passed > > Default gateway test . . . : Passed > > NetBT name test. . . . . . : Passed > > WINS service test. . . . . : Passed > > > Global results: > > > Domain membership test . . . . . . : Passed > > > NetBT transports test. . . . . . . : Passed > List of NetBt transports currently configured: > NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} > 1 NetBt transport currently configured. > > > Autonet address test . . . . . . . : Passed > > > IP loopback ping test. . . . . . . : Passed > > > Default gateway test . . . . . . . : Passed > > > NetBT name test. . . . . . . . . . : Passed > > > Winsock test . . . . . . . . . . . : Passed > > > DNS test . . . . . . . . . . . . . : Failed > [FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS > serv > er '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com. > re-registeration > on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.Default-First-Site-Name._site > s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com. > re-regi > steration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.Default-First-Site-Name._site > s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' > failed. > > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.e7181c48-3613-4666-8bb6-10ddc > 90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server > '192.168.100.8 > 7' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com. > re-registeration o > n DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > 827c49b4-9a34-4c00-a2fe-c9048d23e005._ms > dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com. > re- > registeration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _kerberos._tcp.Default-First-Site-Name._ > sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' > fail > ed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com. > re-regi > steration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _ldap._tcp.Default-First-Site-Name._site > s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' > failed. > > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com. > re-registerat > ion on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _kerberos._tcp.Default-First-Site-Name._ > sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com. > re-registeration on > DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry > _gc._tcp.Default-First-Site-Name._sites. > cubnet.com. re-registeration on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com. > re-registerat > ion on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com. > re-registerati > on on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com. > re-registerati > on on DNS server '192.168.100.87' failed. > DNS Error code: 0x00002339 > [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries > for th > is DC on DNS server '192.168.100.87'. > [FATAL] No DNS servers have the DNS records for this DC registered. > > > Redir and Browser test . . . . . . : Passed > List of NetBt transports currently bound to the Redir > NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF}
Guest David Shen [MSFT] Posted July 11, 2008 Posted July 11, 2008 RE: DNS/Active Directory Issue Hello Lem, Thanks for the reply. Based on the research of the message that you provided with me. I found that all the SRV resource records cannot be registered on the '192.168.100.87'(netserver1). To further troubleshoot the issue, please follow the steps to check if it still exists. 1. please verify the Primary DNS suffix of the DC (netserver1) is "ilcuboard.local" and the domain name on the DC is also "ilcuboard.local" 2. please also verify that the DNS domain name is "ilcuboard.local" and the DNS lookup zone type is "Active Directory Integrated" 3. Afterwards, please run "net stop netlogon" and then run "net start netlogon" on the DC (netserver1) to manually register the SRV records in the DNS database. Hope it helps. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 11, 2008 Posted July 11, 2008 RE: DNS/Active Directory Issue Hi David, I verified that the primary dns suffix on the dc is ilcuboard.local and verified that the dns server has the ilcuboard.local suffix in its computer name. To verify that the zone is active directory integrated i checked the properties of the ilcuboard.local zone and under the general tab, replication not an active directory integrated zone is greyed out. I also ran the net stop/start netlogon commands. I dont know if the error i get when trying to create a new zone "the zone cannot be created. there was a server failure." has to do with anything but i am only able to create a secondary zone for reverse zone which doesnt work because it has a red x on it after its created. Please let me know what you think. I also have results from the current dcdiag and netdiag commands Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag .......................................... Computer Name: NETSERVER1 DNS Host Name: netserver1.ilcuboard.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB924667-v2 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB929123 KB930178 KB931784 KB932168 KB933729 KB933854 KB935839 KB935840 KB936021 KB936357 KB936782 KB938127 KB938127-IE7 KB941202 KB941569 KB941644 KB941672 KB941693 KB942763 KB943055 KB943460 KB943485 KB943729 KB944338 KB944653 KB945553 KB946026 KB948496 KB948590 KB948745 KB949014 KB950759 KB950759-IE7 KB950760 KB950762 KB951698 KB951746 KB951748 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : netserver1 IP Address . . . . . . . . : 192.168.100.87 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.100.87'. Please wait for 30 minutes for DNS server replication. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.100.94, ERROR_TIMEOUT. [WARNING] The DNS entries for this DC are not registered correctly on DNS se rver '192.168.100.77'. Please wait for 30 minutes for DNS server replication. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Passed Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'. Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Documents and Settings\Administrator.CUB_DOMAIN> ==================================================================================================================== ==================================================================================================================== C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag/fix ........................................ Computer Name: NETSERVER1 DNS Host Name: netserver1.ilcuboard.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB924667-v2 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB929123 KB930178 KB931784 KB932168 KB933729 KB933854 KB935839 KB935840 KB936021 KB936357 KB936782 KB938127 KB938127-IE7 KB941202 KB941569 KB941644 KB941672 KB941693 KB942763 KB943055 KB943460 KB943485 KB943729 KB944338 KB944653 KB945553 KB946026 KB948496 KB948590 KB948745 KB949014 KB950759 KB950759-IE7 KB950760 KB950762 KB951698 KB951746 KB951748 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : netserver1 IP Address . . . . . . . . : 192.168.100.87 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Failed [FATAL] Failed to fix: DC DNS entry cubnet.com. re-registeration on DNS serv er '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.gc._msdcs.cubnet.com. re-regi steration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.gc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.e7181c48-3613-4666-8bb6-10ddc 90a40a3.domains._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.8 7' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry gc._msdcs.cubnet.com. re-registeration o n DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry 827c49b4-9a34-4c00-a2fe-c9048d23e005._ms dcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.dc._msdcs.cubnet.com. re- registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._ sites.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' fail ed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.dc._msdcs.cubnet.com. re-regi steration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _ldap._tcp.Default-First-Site-Name._site s.dc._msdcs.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.cubnet.com. re-registerat ion on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._tcp.Default-First-Site-Name._ sites.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _gc._tcp.cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _gc._tcp.Default-First-Site-Name._sites. cubnet.com. re-registeration on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kerberos._udp.cubnet.com. re-registerat ion on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kpasswd._tcp.cubnet.com. re-registerati on on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Failed to fix: DC DNS entry _kpasswd._udp.cubnet.com. re-registerati on on DNS server '192.168.100.87' failed. DNS Error code: 0x00002339 [FATAL] Fix Failed: netdiag failed to re-register missing DNS entries for th is DC on DNS server '192.168.100.87'. [FATAL] No DNS servers have the DNS records for this DC registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Passed Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'. Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Documents and Settings\Administrator.CUB_DOMAIN> ==================================================================================================================== ==================================================================================================================== C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent ......................... NETSERVER1 passed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record ......................... NETSERVER1 failed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> ==================================================================================================================== ==================================================================================================================== C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag/fix Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent ......................... NETSERVER1 passed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:19 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:20 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record An Error Event occured. EventID: 0x0000168E Time Generated: 07/11/2008 10:02:21 Event String: The dynamic registration of the DNS record ......................... NETSERVER1 failed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> David Shen [MSFT]" wrote: > Hello Lem, > > Thanks for the reply. > > Based on the research of the message that you provided with me. I found > that all the SRV resource records cannot be registered on the > '192.168.100.87'(netserver1). To further troubleshoot the issue, please > follow the steps to check if it still exists. > > 1. please verify the Primary DNS suffix of the DC (netserver1) is > "ilcuboard.local" and the domain name on the DC is also "ilcuboard.local" > > 2. please also verify that the DNS domain name is "ilcuboard.local" and > the DNS lookup zone type is "Active Directory Integrated" > > 3. Afterwards, please run "net stop netlogon" and then run "net start > netlogon" on the DC (netserver1) to manually register the SRV records in > the > DNS database. > > Hope it helps. > > David Shen > Microsoft Online Partner Support > >
Guest David Shen [MSFT] Posted July 14, 2008 Posted July 14, 2008 RE: DNS/Active Directory Issue Hi LEM, Thanks for the reply. Analysis and Suggestion: ======================= According to the netdiag report, the problematic DC (netserver1) still uses old domain suffix (cubnet.com) to register SRV resource records on the DNS server. As you has done domain rename before, it seems that some old domain information are still left. When using random to rename a domain, we should use he rendom /clean command to remove the old domain names from Active Directory. This cleanup step removes all values of msDS-DnsRootAlias from the domain naming operations master, and removal of this value is replicated to all domain controllers in the forest. According to the symptom, it seems that the "random /clean" command was not run properly before performing domain rename. Please run the command line "random /clean" on the problematic DC/ Meanwhile, you can try the following steps to delete the value "msDS-DnsRootAlias" to check if the issue will re-occur. 1. Open ADSIEdit.msc. Navigate to the following location. CN=<domain name>, CN=Partitions, CN=Configuration, DC=<domain name>, DC=local 2. Right-click on the object and select properties. 3. Verify the attribute "msDS-DnsRootAlias". If any value does exists, clear the value. i.e. msDS-DnsRootAlias: <not set> 4. Force replication to all the domain controllers. 5. Rename the netlogon.dns and netlogon.dnb file in %systemroot%\system32\config directory on the problematic domain controller. 6. Stop and restart the netlogon service. 7. Run netdiag to test this issue again. Hope it helps. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 14, 2008 Posted July 14, 2008 RE: DNS/Active Directory Issue Hi David, I performed the rendom /clean on all the dcs in the domain just to be sure because you're right I did not perform this step when i did the domain rename. But I ran it and the netdiag tests passed as I will post below. But the dcdiag still had errors in it. I also renamed the netlog.dns and .dnb files. But I was unable to locate the msDS-DnsRootAlias attribute, I checked the location on both dcs and could not find the value so i guess that is a good thing. I still cannot create a zone but Im thinking I may need to post that in a new thread. here are the netdiag and dcdiag test results: ====================================================== C:\Program Files\Microsoft Domain Rename Tools>netdiag/fix ....................................... Computer Name: NETSERVER1 DNS Host Name: netserver1.ilcuboard.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB924667-v2 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB929123 KB930178 KB931784 KB932168 KB933729 KB933854 KB935839 KB935840 KB936021 KB936357 KB936782 KB938127 KB938127-IE7 KB941202 KB941569 KB941644 KB941672 KB941693 KB942763 KB943055 KB943460 KB943485 KB943729 KB944338 KB944653 KB945553 KB946026 KB948496 KB948590 KB948745 KB949014 KB950759 KB950759-IE7 KB950760 KB950762 KB951698 KB951746 KB951748 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : netserver1 IP Address . . . . . . . . : 192.168.100.87 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.94 192.168.100.77 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '192.168.100. 87' and other DCs also have some of the names registered. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Passed Secure channel for domain 'CUB_DOMAIN' is to '\\mserver1.ilcuboard.local'. Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Program Files\Microsoft Domain Rename Tools> ===================================================== C:\Program Files\Microsoft Domain Rename Tools>dcdiag /fix Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent ......................... NETSERVER1 passed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:35 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:36 Event String: The dynamic deletion of the DNS record An Error Event occured. EventID: 0x0000168F Time Generated: 07/14/2008 09:32:36 Event String: The dynamic deletion of the DNS record ......................... NETSERVER1 failed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Program Files\Microsoft Domain Rename Tools> "David Shen [MSFT]" wrote: > Hi LEM, > > Thanks for the reply. > > Analysis and Suggestion: > ======================= > > According to the netdiag report, the problematic DC (netserver1) still uses > old domain suffix (cubnet.com) to register SRV resource records on the DNS > server. As you has done domain rename before, it seems that some old domain > information are still left. When using random to rename a domain, we should > use he rendom /clean command to remove the old domain names from Active > Directory. This cleanup step removes all values of msDS-DnsRootAlias from > the domain naming operations master, and removal of this value is > replicated to all domain controllers in the forest. > > According to the symptom, it seems that the "random /clean" command was not > run properly before performing domain rename. > > Please run the command line "random /clean" on the problematic DC/ > > Meanwhile, you can try the following steps to delete the value > "msDS-DnsRootAlias" to check if the issue will re-occur. > > 1. Open ADSIEdit.msc. Navigate to the following location. > > CN=<domain name>, CN=Partitions, CN=Configuration, DC=<domain name>, > DC=local > > 2. Right-click on the object and select properties. > > 3. Verify the attribute "msDS-DnsRootAlias". If any value does exists, > clear the value. i.e. msDS-DnsRootAlias: <not set> > > 4. Force replication to all the domain controllers. > > 5. Rename the netlogon.dns and netlogon.dnb file in > %systemroot%\system32\config directory on the problematic domain controller. > > 6. Stop and restart the netlogon service. > > 7. Run netdiag to test this issue again. > > Hope it helps. > > David Shen > Microsoft Online Partner Support > >
Guest David Shen [MSFT] Posted July 21, 2008 Posted July 21, 2008 RE: DNS/Active Directory Issue Hello LEM, How's everything going? I'm wondering if the suggestion has helped or if you have any further questions. Please feel free to respond to the newsgroups if I can assist further. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 21, 2008 Posted July 21, 2008 RE: DNS/Active Directory Issue Hi David, I am closer to resolving the problem but running the dcdiag I still get this error about the frsevent failed but all other test passed and it seems like replication is working but I am still trying to figure this error out. If you have any suggestions please let me know. Thanks ------------------------------------------------------------------------------------------------ Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag/fix Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... NETSERVER1 failed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog ......................... NETSERVER1 passed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> "David Shen [MSFT]" wrote: > Hello LEM, > > How's everything going? > > I'm wondering if the suggestion has helped or if you have any further > questions. Please feel free to respond to the newsgroups if I can assist > further. > > David Shen > Microsoft Online Partner Support > >
Guest David Shen [MSFT] Posted July 23, 2008 Posted July 23, 2008 RE: DNS/Active Directory Issue Hi LEM, Thanks for the reply. Based on the log file, I noticed the error message as follow. There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. ......................... NETSERVER1 failed test frsevent As all other tests have passed, it seems that the server is working properly now. This error will be reported whenever there is any warning or error events within the last 24 hours. When did you run the dcdiag.exe tool? Did you run it just after you ran the “random clean” command. If you ran dcdiag tool just after you fixed the issue, this error might be reported even though the problem has gone away. Please check on all the domain controllers to see if SYSVOL contents have been replicated properly. Meanwhile, please wait for 24 hours and then run "dcdiag /fix" again to see if the error still exists. Hope it helps. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 23, 2008 Posted July 23, 2008 RE: DNS/Active Directory Issue Hi David, I did run the dcdiag command after the rendom but it was a few days after and I also had to call microsoft which they fixed the problem at first but the frsevent error came up again today after I demoted my backup domain controller and then I promoted it again yesterday, since that was what the microsoft techs recommended that I do once I got a dcdiag with no failed tests. So Im thinking maybe I need to wait another 24 hours. But I also am able to replicate using the ntds under active directory sites and services. group policy seems to be working but here are my dcdiags from my primary and my secondary dcs Primary DC: Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine netserver1, is a DC. * Connecting to directory service on server netserver1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=ilcuboard,DC=local Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=ilcuboard,DC=local Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... NETSERVER1 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC NETSERVER1. * Security Permissions Check for DC=ForestDnsZones,DC=ilcuboard,DC=local (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=ilcuboard,DC=local (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=ilcuboard,DC=local (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ilcuboard,DC=local (Configuration,Version 2) * Security Permissions Check for DC=ilcuboard,DC=local (Domain,Version 2) ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\NETSERVER1\netlogon Verified share \\NETSERVER1\sysvol ......................... NETSERVER1 passed test NetLogons Starting test: Advertising The DC NETSERVER1 is advertising itself as a DC and having a DS. The DC NETSERVER1 is advertising as an LDAP server The DC NETSERVER1 is advertising as having a writeable directory The DC NETSERVER1 is advertising as a Key Distribution Center The DC NETSERVER1 is advertising as a time server The DS NETSERVER1 is advertising as a GC. ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Domain Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role PDC Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Rid Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 7217 to 1073741823 * netserver1.ilcuboard.local is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 6217 to 6716 * rIDPreviousAllocationPool is 6217 to 6716 * rIDNextRID: 6218 ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount Checking machine account for DC NETSERVER1 on DC NETSERVER1. * SPN found :LDAP/netserver1.ilcuboard.local/ilcuboard.local * SPN found :LDAP/netserver1.ilcuboard.local * SPN found :LDAP/NETSERVER1 * SPN found :LDAP/netserver1.ilcuboard.local/CUB_DOMAIN * SPN found :LDAP/827c49b4-9a34-4c00-a2fe-c9048d23e005._msdcs.ilcuboard.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/827c49b4-9a34-4c00-a2fe-c9048d23e005/ilcuboard.local * SPN found :HOST/netserver1.ilcuboard.local/ilcuboard.local * SPN found :HOST/netserver1.ilcuboard.local * SPN found :HOST/NETSERVER1 * SPN found :HOST/netserver1.ilcuboard.local/CUB_DOMAIN * SPN found :GC/netserver1.ilcuboard.local/ilcuboard.local ......................... NETSERVER1 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... NETSERVER1 passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated NETSERVER1 is in domain DC=ilcuboard,DC=local Checking for CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers Object is up-to-date on all servers. ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... NETSERVER1 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. An Warning Event occured. EventID: 0x800034C4 Time Generated: 07/22/2008 14:58:01 (Event String could not be retrieved) ......................... NETSERVER1 failed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... NETSERVER1 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... NETSERVER1 passed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and backlink on CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local are correct. The system object reference (frsComputerReferenceBL) CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ilcuboard,DC=local and backlink on CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are correct. The system object reference (serverReferenceBL) CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ilcuboard,DC=local and backlink on CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local are correct. ......................... NETSERVER1 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck GC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd PDC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd Time Server Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd Preferred Time Server Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd KDC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd ......................... ilcuboard.local passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS ---------------------------------------------------------------------------------------------- Secondary DC: Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine mserver1, is a DC. * Connecting to directory service on server mserver1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\mserver1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... mserver1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\mserver1 Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=ilcuboard,DC=local Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=ilcuboard,DC=local Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ilcuboard,DC=local Latency information for 7 entries in the vector were ignored. 7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... mserver1 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC mserver1. * Security Permissions Check for DC=ForestDnsZones,DC=ilcuboard,DC=local (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=ilcuboard,DC=local (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=ilcuboard,DC=local (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ilcuboard,DC=local (Configuration,Version 2) * Security Permissions Check for DC=ilcuboard,DC=local (Domain,Version 2) ......................... mserver1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Unable to connect to the NETLOGON share! (\\mserver1\netlogon) [mserver1] An net use or LsaPolicy operation failed with error 1203, No network provider accepted the given network path.. ......................... mserver1 failed test NetLogons Starting test: Advertising Warning: DsGetDcName returned information for \\netserver1.ilcuboard.local, when we were trying to reach mserver1. Server is not responding or is not considered suitable. The DC mserver1 is advertising itself as a DC and having a DS. The DC mserver1 is advertising as an LDAP server The DC mserver1 is advertising as having a writeable directory The DC mserver1 is advertising as a Key Distribution Center The DC mserver1 is advertising as a time server The DS mserver1 is advertising as a GC. ......................... mserver1 failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Domain Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role PDC Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Rid Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local ......................... mserver1 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 7217 to 1073741823 * netserver1.ilcuboard.local is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 6717 to 7216 * rIDPreviousAllocationPool is 6717 to 7216 * rIDNextRID: 6718 ......................... mserver1 passed test RidManager Starting test: MachineAccount Checking machine account for DC mserver1 on DC mserver1. * SPN found :LDAP/mserver1.ilcuboard.local/ilcuboard.local * SPN found :LDAP/mserver1.ilcuboard.local * SPN found :LDAP/mserver1 * SPN found :LDAP/mserver1.ilcuboard.local/CUB_DOMAIN * SPN found :LDAP/1a87de41-0c78-48af-b34b-311e306289fc._msdcs.ilcuboard.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1a87de41-0c78-48af-b34b-311e306289fc/ilcuboard.local * SPN found :HOST/mserver1.ilcuboard.local/ilcuboard.local * SPN found :HOST/mserver1.ilcuboard.local * SPN found :HOST/mserver1 * SPN found :HOST/mserver1.ilcuboard.local/CUB_DOMAIN * SPN found :GC/mserver1.ilcuboard.local/ilcuboard.local ......................... mserver1 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... mserver1 passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated mserver1 is in domain DC=ilcuboard,DC=local Checking for CN=MSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers Object is up-to-date on all servers. ......................... mserver1 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test The registry lookup failed to determine the state of the SYSVOL. The error returned was 0 (The operation completed successfully.). Check the FRS event log to see if the SYSVOL has successfully been shared. ......................... mserver1 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. An Warning Event occured. EventID: 0x800034FD Time Generated: 07/22/2008 12:27:03 (Event String could not be retrieved) An Warning Event occured. EventID: 0x800034C4 Time Generated: 07/22/2008 12:28:59 (Event String could not be retrieved) An Warning Event occured. EventID: 0x800034C4 Time Generated: 07/22/2008 12:36:59 (Event String could not be retrieved) ......................... mserver1 failed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... mserver1 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... mserver1 passed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=MSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and backlink on CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local are correct. The system object reference (frsComputerReferenceBL) CN=MSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ilcuboard,DC=local and backlink on CN=MSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are correct. The system object reference (serverReferenceBL) CN=MSERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ilcuboard,DC=local and backlink on CN=NTDS Settings,CN=mserver1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local are correct. ......................... mserver1 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck GC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd PDC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd Time Server Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd Preferred Time Server Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd KDC Name: \\netserver1.ilcuboard.local Locator Flags: 0xe00003fd ......................... ilcuboard.local passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS "David Shen [MSFT]" wrote: > Hi LEM, > > Thanks for the reply. > > Based on the log file, I noticed the error message as follow. > > There are warning or error events within the last 24 hours after the SYSVOL > has been shared. Failing SYSVOL replication problems may cause Group > Policy problems. ......................... NETSERVER1 failed test frsevent > > As all other tests have passed, it seems that the server is working > properly now. This error will be reported whenever there is any warning or > error events within the last 24 hours. When did you run the dcdiag.exe > tool? Did you run it just after you ran the “random clean” command. If you > ran dcdiag tool just after you fixed the issue, this error might be > reported even though the problem has gone away. > > Please check on all the domain controllers to see if SYSVOL contents have > been replicated properly. Meanwhile, please wait for 24 hours and then run > "dcdiag /fix" again to see if the error still exists. > > Hope it helps. > > David Shen > Microsoft Online Partner Support > >
Guest Lem@community.nospam Posted July 23, 2008 Posted July 23, 2008 RE: DNS/Active Directory Issue Hi David, I just wanted to update that waiting and running dcdiag did turn out to be part of the solution. But for some strange reason now my secondary dc is having an issue with the frsevent failing but Im going to wait on that one as well. Thanks for all your help. The dcdiag and netdiag tests are now without any failures. Microsoft Windows [Version 5.2.3790] © Copyright 1985-2003 Microsoft Corp. C:\Documents and Settings\Administrator.CUB_DOMAIN>netdiag ......................................... Computer Name: NETSERVER1 DNS Host Name: netserver1.ilcuboard.local System info : Microsoft Windows Server 2003 (Build 3790) Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel List of installed hotfixes : KB924667-v2 KB925398_WMP64 KB925876 KB925902 KB926122 KB927891 KB929123 KB930178 KB931784 KB932168 KB933729 KB933854 KB935839 KB935840 KB936021 KB936357 KB936782 KB938127 KB938127-IE7 KB941202 KB941569 KB941644 KB941672 KB941693 KB942763 KB943055 KB943460 KB943485 KB943729 KB944338 KB944653 KB945553 KB946026 KB948496 KB948590 KB948745 KB949014 KB950759 KB950759-IE7 KB950760 KB950762 KB951698 KB951746 KB951748 Q147222 Netcard queries test . . . . . . . : Passed Per interface results: Adapter : Local Area Connection Netcard queries test . . . : Passed Host Name. . . . . . . . . : netserver1 IP Address . . . . . . . . : 192.168.100.87 Subnet Mask. . . . . . . . : 255.255.255.0 Default Gateway. . . . . . : 192.168.100.1 Primary WINS Server. . . . : 192.168.100.87 Dns Servers. . . . . . . . : 192.168.100.87 192.168.100.77 192.168.100.94 AutoConfiguration results. . . . . . : Passed Default gateway test . . . : Passed NetBT name test. . . . . . : Passed No remote names have been found. WINS service test. . . . . : Passed Global results: Domain membership test . . . . . . : Passed NetBT transports test. . . . . . . : Passed List of NetBt transports currently configured: NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} 1 NetBt transport currently configured. Autonet address test . . . . . . . : Passed IP loopback ping test. . . . . . . : Passed Default gateway test . . . . . . . : Passed NetBT name test. . . . . . . . . . : Passed Winsock test . . . . . . . . . . . : Passed DNS test . . . . . . . . . . . . . : Passed PASS - All the DNS entries for DC are registered on DNS server '192.168.100. 87' and other DCs also have some of the names registered. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.100.77, ERROR_TIMEOUT. [WARNING] The DNS entries for this DC cannot be verified right now on DNS server 192.168.100.94, ERROR_TIMEOUT. Redir and Browser test . . . . . . : Passed List of NetBt transports currently bound to the Redir NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The redir is bound to 1 NetBt transport. List of NetBt transports currently bound to the browser NetBT_Tcpip_{7E2C88B5-6802-4477-8CA2-DEB643E989DF} The browser is bound to 1 NetBt transport. DC discovery test. . . . . . . . . : Passed DC list test . . . . . . . . . . . : Passed Trust relationship test. . . . . . : Skipped Kerberos test. . . . . . . . . . . : Passed LDAP test. . . . . . . . . . . . . : Passed Bindings test. . . . . . . . . . . : Passed WAN configuration test . . . . . . : Skipped No active remote access connections. Modem diagnostics test . . . . . . : Passed IP Security test . . . . . . . . . : Skipped Note: run "netsh ipsec dynamic show /?" for more detailed information The command completed successfully C:\Documents and Settings\Administrator.CUB_DOMAIN>dcdiag Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Connectivity ......................... NETSERVER1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\NETSERVER1 Starting test: Replications ......................... NETSERVER1 passed test Replications Starting test: NCSecDesc ......................... NETSERVER1 passed test NCSecDesc Starting test: NetLogons ......................... NETSERVER1 passed test NetLogons Starting test: Advertising ......................... NETSERVER1 passed test Advertising Starting test: KnowsOfRoleHolders ......................... NETSERVER1 passed test KnowsOfRoleHolders Starting test: RidManager ......................... NETSERVER1 passed test RidManager Starting test: MachineAccount ......................... NETSERVER1 passed test MachineAccount Starting test: Services ......................... NETSERVER1 passed test Services Starting test: ObjectsReplicated ......................... NETSERVER1 passed test ObjectsReplicated Starting test: frssysvol ......................... NETSERVER1 passed test frssysvol Starting test: frsevent ......................... NETSERVER1 passed test frsevent Starting test: kccevent ......................... NETSERVER1 passed test kccevent Starting test: systemlog ......................... NETSERVER1 passed test systemlog Starting test: VerifyReferences ......................... NETSERVER1 passed test VerifyReferences Running partition tests on : ForestDnsZones Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ilcuboard Starting test: CrossRefValidation ......................... ilcuboard passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ilcuboard passed test CheckSDRefDom Running enterprise tests on : ilcuboard.local Starting test: Intersite ......................... ilcuboard.local passed test Intersite Starting test: FsmoCheck ......................... ilcuboard.local passed test FsmoCheck C:\Documents and Settings\Administrator.CUB_DOMAIN> "Lem@community.nospam" wrote: > Hi David, > > I did run the dcdiag command after the rendom but it was a few days after > and I also had to call microsoft which they fixed the problem at first but > the frsevent error came up again today after I demoted my backup domain > controller and then I promoted it again yesterday, since that was what the > microsoft techs recommended that I do once I got a dcdiag with no failed > tests. > > So Im thinking maybe I need to wait another 24 hours. But I also am able to > replicate using the ntds under active directory sites and services. > > group policy seems to be working but here are my dcdiags from my primary and > my secondary dcs > > > > Primary DC: > > > Domain Controller Diagnosis > > Performing initial setup: > * Verifying that the local machine netserver1, is a DC. > * Connecting to directory service on server netserver1. > * Collecting site info. > * Identifying all servers. > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 1 of them. > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site-Name\NETSERVER1 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check > ......................... NETSERVER1 passed test Connectivity > > Doing primary tests > > Testing server: Default-First-Site-Name\NETSERVER1 > Starting test: Replications > * Replications Check > * Replication Latency Check > DC=ForestDnsZones,DC=ilcuboard,DC=local > Latency information for 1 entries in the vector were ignored. > 1 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=DomainDnsZones,DC=ilcuboard,DC=local > Latency information for 1 entries in the vector were ignored. > 1 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Schema,CN=Configuration,DC=ilcuboard,DC=local > Latency information for 7 entries in the vector were ignored. > 7 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > CN=Configuration,DC=ilcuboard,DC=local > Latency information for 7 entries in the vector were ignored. > 7 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > DC=ilcuboard,DC=local > Latency information for 7 entries in the vector were ignored. > 7 were retired Invocations. 0 were either: read-only > replicas and are not verifiably latent, or dc's no longer replicating this > nc. 0 had no latency information (Win2K DC). > ......................... NETSERVER1 passed test Replications > Test omitted by user request: Topology > Test omitted by user request: CutoffServers > Starting test: NCSecDesc > * Security Permissions check for all NC's on DC NETSERVER1. > * Security Permissions Check for > DC=ForestDnsZones,DC=ilcuboard,DC=local > (NDNC,Version 2) > * Security Permissions Check for > DC=DomainDnsZones,DC=ilcuboard,DC=local > (NDNC,Version 2) > * Security Permissions Check for > CN=Schema,CN=Configuration,DC=ilcuboard,DC=local > (Schema,Version 2) > * Security Permissions Check for > CN=Configuration,DC=ilcuboard,DC=local > (Configuration,Version 2) > * Security Permissions Check for > DC=ilcuboard,DC=local > (Domain,Version 2) > ......................... NETSERVER1 passed test NCSecDesc > Starting test: NetLogons > * Network Logons Privileges Check > Verified share \\NETSERVER1\netlogon > Verified share \\NETSERVER1\sysvol > ......................... NETSERVER1 passed test NetLogons > Starting test: Advertising > The DC NETSERVER1 is advertising itself as a DC and having a DS. > The DC NETSERVER1 is advertising as an LDAP server > The DC NETSERVER1 is advertising as having a writeable directory > The DC NETSERVER1 is advertising as a Key Distribution Center > The DC NETSERVER1 is advertising as a time server > The DS NETSERVER1 is advertising as a GC. > ......................... NETSERVER1 passed test Advertising > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > Role Domain Owner = CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > Role PDC Owner = CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > Role Rid Owner = CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > Role Infrastructure Update Owner = CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > ......................... NETSERVER1 passed test KnowsOfRoleHolders > Starting test: RidManager > * Available RID Pool for the Domain is 7217 to 1073741823 > * netserver1.ilcuboard.local is the RID Master > * DsBind with RID Master was successful > * rIDAllocationPool is 6217 to 6716 > * rIDPreviousAllocationPool is 6217 to 6716 > * rIDNextRID: 6218 > ......................... NETSERVER1 passed test RidManager > Starting test: MachineAccount > Checking machine account for DC NETSERVER1 on DC NETSERVER1. > * SPN found :LDAP/netserver1.ilcuboard.local/ilcuboard.local > * SPN found :LDAP/netserver1.ilcuboard.local > * SPN found :LDAP/NETSERVER1 > * SPN found :LDAP/netserver1.ilcuboard.local/CUB_DOMAIN > * SPN found > :LDAP/827c49b4-9a34-4c00-a2fe-c9048d23e005._msdcs.ilcuboard.local > * SPN found > :E3514235-4B06-11D1-AB04-00C04FC2DCD2/827c49b4-9a34-4c00-a2fe-c9048d23e005/ilcuboard.local > * SPN found :HOST/netserver1.ilcuboard.local/ilcuboard.local > * SPN found :HOST/netserver1.ilcuboard.local > * SPN found :HOST/NETSERVER1 > * SPN found :HOST/netserver1.ilcuboard.local/CUB_DOMAIN > * SPN found :GC/netserver1.ilcuboard.local/ilcuboard.local > ......................... NETSERVER1 passed test MachineAccount > Starting test: Services > * Checking Service: Dnscache > * Checking Service: NtFrs > * Checking Service: IsmServ > * Checking Service: kdc > * Checking Service: SamSs > * Checking Service: LanmanServer > * Checking Service: LanmanWorkstation > * Checking Service: RpcSs > * Checking Service: w32time > * Checking Service: NETLOGON > ......................... NETSERVER1 passed test Services > Test omitted by user request: OutboundSecureChannels > Starting test: ObjectsReplicated > NETSERVER1 is in domain DC=ilcuboard,DC=local > Checking for CN=NETSERVER1,OU=Domain > Controllers,DC=ilcuboard,DC=local in domain DC=ilcuboard,DC=local on 1 servers > Object is up-to-date on all servers. > Checking for CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > in domain CN=Configuration,DC=ilcuboard,DC=local on 1 servers > Object is up-to-date on all servers. > ......................... NETSERVER1 passed test ObjectsReplicated > Starting test: frssysvol > * The File Replication Service SYSVOL ready test > File Replication Service's SYSVOL is ready > ......................... NETSERVER1 passed test frssysvol > Starting test: frsevent > * The File Replication Service Event log test > There are warning or error events within the last 24 hours after the > > SYSVOL has been shared. Failing SYSVOL replication problems may > cause > > Group Policy problems. > An Warning Event occured. EventID: 0x800034C4 > Time Generated: 07/22/2008 14:58:01 > (Event String could not be retrieved) > ......................... NETSERVER1 failed test frsevent > Starting test: kccevent > * The KCC Event log test > Found no KCC errors in Directory Service Event log in the last 15 > minutes. > ......................... NETSERVER1 passed test kccevent > Starting test: systemlog > * The System Event log test > Found no errors in System Event log in the last 60 minutes. > ......................... NETSERVER1 passed test systemlog > Test omitted by user request: VerifyReplicas > Starting test: VerifyReferences > The system object reference (serverReference) > > CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local and > backlink > > on > > > CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > > are correct. > The system object reference (frsComputerReferenceBL) > > CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=ilcuboard,DC=local > > and backlink on > > CN=NETSERVER1,OU=Domain Controllers,DC=ilcuboard,DC=local are > correct. > > The system object reference (serverReferenceBL) > > CN=NETSERVER1,CN=Domain System Volume (SYSVOL share),CN=File > Replication Service,CN=System,DC=ilcuboard,DC=local > > and backlink on > > CN=NTDS > Settings,CN=NETSERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ilcuboard,DC=local > > are correct. > ......................... NETSERVER1 passed test VerifyReferences > Test omitted by user request: VerifyEnterpriseReferences > Test omitted by user request: CheckSecurityError > > Running partition tests on : ForestDnsZones > Starting test: CrossRefValidation > ......................... ForestDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... ForestDnsZones passed test CheckSDRefDom > > Running partition tests on : DomainDnsZones > Starting test: CrossRefValidation > ......................... DomainDnsZones passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... DomainDnsZones passed test CheckSDRefDom > > Running partition tests on : Schema > Starting test: CrossRefValidation > ......................... Schema passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... Schema passed test CheckSDRefDom > > Running partition tests on : Configuration > Starting test: CrossRefValidation > ......................... Configuration passed test > CrossRefValidation > Starting test: CheckSDRefDom > ......................... Configuration passed test CheckSDRefDom > > Running partition tests on : ilcuboard > Starting test: CrossRefValidation > ......................... ilcuboard passed test CrossRefValidation > Starting test: CheckSDRefDom > ......................... ilcuboard passed test CheckSDRefDom > > Running enterprise tests on : ilcuboard.local > Starting test: Intersite > Skipping site Default-First-Site-Name, this site is outside the scope > > provided by the command line arguments provided. > ......................... ilcuboard.local passed test Intersite > Starting test: FsmoCheck > GC Name: \\netserver1.ilcuboard.local > Locator Flags: 0xe00003fd > PDC Name: \\netserver1.ilcuboard.local > Locator Flags: 0xe00003fd > Time Server Name: \\netserver1.ilcuboard.local > Locator Flags: 0xe00003fd > Preferred Time Server Name: \\netserver1.ilcuboard.local > Locator Flags: 0xe00003fd > KDC Name: \\netserver1.ilcuboard.local > Locator Flags: 0xe00003fd > ......................... ilcuboard.local passed test FsmoCheck > Test omitted by user request: DNS > Test omitted by user request: DNS > > > ---------------------------------------------------------------------------------------------- > Secondary DC: > > Domain Controller Diagnosis > > Performing initial setup: > * Verifying that the local machine mserver1, is a DC. > * Connecting to directory service on server mserver1. > * Collecting site info. > * Identifying all servers. > * Identifying all NC cross-refs. > * Found 2 DC(s). Testing 1 of them. > Done gathering initial info. > > Doing initial required tests > > Testing server: Default-First-Site-Name\mserver1 > Starting test: Connectivity > * Active Directory LDAP Services Check > * Active Directory RPC Services Check
Guest David Shen [MSFT] Posted July 24, 2008 Posted July 24, 2008 RE: DNS/Active Directory Issue Hello Lem, It seems that the issue has been resolve on the PDC. For the error on the secondary DC, please keep wait on and run "dcdiag /fix" again to check if the error will re-ocurr. If the issue still exists, please collect Directory Edition of MPS_Report log for further research. Please Download the Directory Edition of MPS_Report tool from <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd 915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The %COMPUTERNAME%_MPSReports_.CAB file which is under the %systemroot%\MPSReports\Setup\Lite\Cab directory. Please send the text file and MPS report CAB file to tfwst@microsoft.com, and then I am happy to be of assistance. As I noticed that you have contacted CSS, you may also reopen the case to work with the support engineer if the issue is urgent. Generally speaking, phone call support is more efficient than newsgroup reply :) Thanks for the co-operation. David Shen Microsoft Online Partner Support
Guest David Shen [MSFT] Posted July 24, 2008 Posted July 24, 2008 RE: DNS/Active Directory Issue Hello Lem, It seems that the issue has been resolve on the PDC. For the error on the secondary DC, please keep wait on and run "dcdiag /fix" again to check if the error will re-ocurr. If the issue still exists, please collect Directory Edition of MPS_Report log for further research. Please Download the Directory Edition of MPS_Report tool from <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd 915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The %COMPUTERNAME%_MPSReports_.CAB file which is under the %systemroot%\MPSReports\Setup\Lite\Cab directory. Please send the text file and MPS report CAB file to tfwst@microsoft.com, and then I am happy to be of assistance. As I noticed that you have contacted CSS, you may also reopen the case to work with the support engineer if the issue is urgent. Generally speaking, phone call support is more efficient than newsgroup reply :) Thanks for the co-operation. David Shen Microsoft Online Partner Support
Guest Lem@community.nospam Posted July 24, 2008 Posted July 24, 2008 RE: DNS/Active Directory Issue Thanks David, I appreciate your responses, but I contacted the support rep and he continues to tell me that the frsevent is referring to old event logs. Which I find questionable since now the frsevent test failed again now on both domain controllers. The microsoft rep continues to say as long as no services are affected they do not troubleshoot errors or warnings unless they cause work stoppages. Its true that group policy seems to be functioning properly and I can replicate using the ntds settings but its got to be some reason the test bounces back and forth between pass and fail and now both are failing the frsevent. Before I request a different support technician I would like your opinion on my situation, because it is my understanding that this frsevent test should not be failing. Thanks "David Shen [MSFT]" wrote: > Hello Lem, > > It seems that the issue has been resolve on the PDC. For the error on the > secondary DC, please keep wait on and run "dcdiag /fix" again to check if > the error will re-ocurr. > > If the issue still exists, please collect Directory Edition of MPS_Report > log for further research. > > Please Download the Directory Edition of MPS_Report tool from > <http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd > 915706/MPSRPT_DirSvc.EXE>, run it on the problematic domain controller. The > %COMPUTERNAME%_MPSReports_.CAB file which is under the > %systemroot%\MPSReports\Setup\Lite\Cab directory. > > Please send the text file and MPS report CAB file to tfwst@microsoft.com, > and then I am happy to be of assistance. As I noticed that you have > contacted CSS, you may also reopen the case to work with the support > engineer if the issue is urgent. Generally speaking, phone call support is > more efficient than newsgroup reply :) > > Thanks for the co-operation. > > David Shen > Microsoft Online Partner Support > >
Recommended Posts