Hi all,
When i run DCDIAG on my domain controllers the Forw test fails every time.
This is the output;
Doing initial required tests
Testing server: MELLIDC02
Starting test: Connectivity
……………………. LIDC02 passed test Connectivity
Doing primary tests
Testing server: MELLIDC02
DNS Tests are running and not hung. Please wait a few minutes…
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : mkllp
Running enterprise tests on : mkllp.com
Starting test: DNS
Test results for domain controllers:
DC: LIDC02.mkllp.com
Domain: mkllp.com
TEST: Forwarders/Root hints (Forw)
Error: Root hints list has invalid root hint server: a.root-se
rvers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (192.228.79.201)
Error: Root hints list has invalid root hint server: c.root-se
rvers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-se
rvers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-se
rvers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-se
rvers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-se
rvers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-se
rvers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-se
rvers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-se
rvers.net. (198.41.0.10)
Error: Root hints list has invalid root hint server: k.root-se
rvers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-se
rvers.net. (202.12.27.33)
Summary of test results for DNS servers used by the above domain contro
llers:
DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 202.12.27.33
DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.4
DNS server: 198.41.0.10 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.41.0.10
DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12
DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 193.0.14.129
DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.5.5.241
DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.36.148.17
DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.33.4.12
DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.228.79.201
DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.203.230.10
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 192.112.36.4
DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.8.10.90
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.63.2.53
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: mkllp.com
LIDC02 PASS PASS FAIL PASS PASS PASS n/a
……………………. mkllp.com failed test DNS
any suggestions as to what the problem is?
dcdiag /a output. BTW. The server is running as a VM.
……………………. SERVER passed test SysVolCheck
Starting test: KccEvent
A warning event occurred. EventID: 0x80000603
Time Generated: 12/28/2019 23:15:21
Event String:
Active Directory Domain Services could not disable the software-based disk write cache on the following hard disk.
A warning event occurred. EventID: 0x80000B46
Time Generated: 12/28/2019 23:15:33
Event String:
The security of this directory server can be significantly enhanced by configuring the server to reject SASL (Negotiate, Kerberos, NTLM, or Digest) LDAP binds that do not request signing (integrity verification) and LDAP simple binds that are performed on a clear text (non-SSL/TLS-encrypted) connection. Even if no clients are using such binds, configuring the server to reject them will improve the security of this server.
……………………. SERVER passed test KccEvent
Starting test: KnowsOfRoleHolders
……………………. SERVER passed test KnowsOfRoleHolders
Starting test: MachineAccount
……………………. SERVER passed test MachineAccount
Starting test: NCSecDesc
……………………. SERVER passed test NCSecDesc
Starting test: NetLogons
……………………. SERVER passed test NetLogons
Starting test: ObjectsReplicated
……………………. SERVER passed test ObjectsReplicated
Starting test: Replications
……………………. SERVER passed test Replications
Starting test: RidManager
……………………. SERVER passed test RidManager
Starting test: Services
……………………. SERVER passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:14:30
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
A warning event occurred. EventID: 0x80040020
Time Generated: 12/28/2019 23:15:21
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 12/28/2019 23:15:21
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x80040020
Time Generated: 12/28/2019 23:15:21
Event String:
The driver detected that the device DeviceHarddisk0DR0 has its write cache enabled. Data corruption may occur.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/28/2019 23:15:28
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.PRAKTIJK.local. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 12/28/2019 23:15:30
Event String:
Name resolution for the name _ldap._tcp.dc._msdcs.PRAKTIJK.local. timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727AA
Time Generated: 12/28/2019 23:15:39
Event String:
The WinRM service failed to create the following SPNs: WSMAN/Server.PRAKTIJK.local; WSMAN/Server.
A warning event occurred. EventID: 0x0000000C
Time Generated: 12/28/2019 23:15:56
Event String:
Time Provider NtpClient: This machine is configured to use the domain hierarchy to determine its time source, but it is the AD PDC emulator for the domain at the root of the forest, so there is no machine above it in the domain hierarchy to use as a time source. It is recommended that you either configure a reliable time service in the root domain, or manually configure the AD PDC to synchronize with an external time source. Otherwise, this machine will function as the authoritative time source in the domain hierarchy. If an external time source is not configured or used for this computer, you may choose to disable the NtpClient.
A warning event occurred. EventID: 0x00002724
Time Generated: 12/28/2019 23:16:00
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresses.
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:16:08
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
A warning event occurred. EventID: 0x00000090
Time Generated: 12/28/2019 23:16:12
Event String:
The time service has stopped advertising as a good time source.
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:16:21
Event String:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:16:22
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:16:22
Event String:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:17:08
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x00002720
Time Generated: 12/28/2019 23:18:16
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
An error event occurred. EventID: 0x0000272C
Time Generated: 12/28/2019 23:20:12
Event String:
DCOM was unable to communicate with the computer 9.9.9.9 using any of the configured protocols; requested by PID 1c98 (C:Windowssystem32dcdiag.exe).
……………………. SERVER failed test SystemLog
Starting test: VerifyReferences
……………………. SERVER passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Running partition tests on : PRAKTIJK
Starting test: CheckSDRefDom
……………………. PRAKTIJK passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. PRAKTIJK passed test CrossRefValidation
Running enterprise tests on : PRAKTIJK.local
Starting test: LocatorCheck
……………………. PRAKTIJK.local passed test LocatorCheck
Starting test: Intersite
……………………. PRAKTIJK.local passed test Intersite
I’m not seeing any replication issues, ran the following on all DC’s and the results are all successful, all had the same results.
repadmin /showreps
repadmin /replsum
Repadmin/kcc
Also ran dcdiag /v, no issues her that I can see — Apologies for the lenght).
Directory Server Diagnosis
Performing initial setup:
Trying to find home server…
* Verifying that the local machine ELROND, is a Directory Server.
Home Server = ELROND
* Connecting to directory service on server ELROND.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),…….
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),…….
The previous call succeeded….
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BOROMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=FARAMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=LEGOLAS,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=GIMLI,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ARAGORN,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CRUSADER,CN=Servers,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PHANTOM,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HERA,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PROMETHIUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 12 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: TonbridgeELROND
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
……………………. ELROND passed test Connectivity
Doing primary tests
Testing server: TonbridgeELROND
Starting test: Advertising
The DC ELROND is advertising itself as a DC and having a DS.
The DC ELROND is advertising as an LDAP server
The DC ELROND is advertising as having a writeable directory
The DC ELROND is advertising as a Key Distribution Center
The DC ELROND is advertising as a time server
The DS ELROND is advertising as a GC.
……………………. ELROND passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
……………………. ELROND passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
……………………. ELROND passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service’s SYSVOL is ready
……………………. ELROND passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in «Directory Service» Event log in the last 15 minutes.
……………………. ELROND passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Domain Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role PDC Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Rid Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
……………………. ELROND passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC ELROND on DC ELROND.
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local
* SPN found :LDAP/ELROND
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
* SPN found :LDAP/d2a64bd3-876f-40b9-bc67-862d63d06e6e._msdcs.DOMAIN.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d2a64bd3-876f-40b9-bc67-862d63d06e6e/tonbridge.DOMAIN.local
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local
* SPN found :HOST/ELROND
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
* SPN found :GC/ELROND.tonbridge.DOMAIN.local/DOMAIN.local
……………………. ELROND passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC’s on DC ELROND.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=DOMAIN,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=tonbridge,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=DOMAIN,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=newhaven,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=TechGate,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=Southampton1,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=braintree,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for
DC=DOMAIN,DC=local
(Domain,Version 3)
……………………. ELROND passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \ELRONDnetlogon
Verified share \ELRONDsysvol
……………………. ELROND passed test NetLogons
Starting test: ObjectsReplicated
ELROND is in domain DC=tonbridge,DC=DOMAIN,DC=local
Checking for CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local in domain DC=tonbridge,DC=DOMAIN,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
Object is up-to-date on all servers.
……………………. ELROND passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=DOMAIN,DC=local
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
15 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
15 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
6 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Southampton1,DC=DOMAIN,DC=local
Latency information for 16 entries in the vector were ignored.
7 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=tonbridge,DC=DOMAIN,DC=local
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=braintree,DC=DOMAIN,DC=local
Latency information for 16 entries in the vector were ignored.
7 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=newhaven,DC=DOMAIN,DC=local
Latency information for 10 entries in the vector were ignored.
1 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=TechGate,DC=DOMAIN,DC=local
Latency information for 14 entries in the vector were ignored.
5 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc’s no longer replicating this nc. 0 had no latency information (Win2K DC).
……………………. ELROND passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 4600 to 1073741823
* ELROND.tonbridge.DOMAIN.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2600 to 3099
* rIDPreviousAllocationPool is 2600 to 3099
* rIDNextRID: 2703
……………………. ELROND passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
……………………. ELROND passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x0000272C
Time Generated: 09/21/2017 17:41:32
Event String:
DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols; requested by PID 12fc (C:Windowssystem32dcdiag.exe).
An error event occurred. EventID: 0x0000272C
Time Generated: 09/21/2017 17:41:53
Event String:
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 12fc (C:Windowssystem32dcdiag.exe).
……………………. ELROND failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local
and backlink on
CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local
and backlink on
CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local
and backlink on
CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local
are correct.
……………………. ELROND passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
……………………. ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
……………………. DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. DomainDnsZones passed test
CrossRefValidation
Running partition tests on : tonbridge
Starting test: CheckSDRefDom
……………………. tonbridge passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. tonbridge passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
……………………. Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
……………………. Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
……………………. Configuration passed test CrossRefValidation
Running enterprise tests on : DOMAIN.local
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \ELROND.tonbridge.DOMAIN.local
Locator Flags: 0xe000f1fd
PDC Name: \ELROND.tonbridge.DOMAIN.local
Locator Flags: 0xe000f1fd
Time Server Name: \ELROND.tonbridge.DOMAIN.local
Locator Flags: 0xe000f1fd
Preferred Time Server Name: \ELROND.tonbridge.DOMAIN.local
Locator Flags: 0xe000f1fd
KDC Name: \ELROND.tonbridge.DOMAIN.local
Locator Flags: 0xe000f1fd
……………………. DOMAIN.local passed test LocatorCheck
Starting test: Intersite
Skipping site Southampton1, this site is outside the scope provided by
the command line arguments provided.
Skipping site Tonbridge, this site is outside the scope provided by
the command line arguments provided.
Skipping site TechGate, this site is outside the scope provided by the
command line arguments provided.
Skipping site Braintree, this site is outside the scope provided by
the command line arguments provided.
Skipping site Newhaven, this site is outside the scope provided by the
command line arguments provided.
Skipping site Reading, this site is outside the scope provided by the
command line arguments provided.
……………………. DOMAIN.local passed test Intersite
Hi,
I restored a DC via a ghost image and I’m configuring it to become a single DC. I ran the command «DCDIAG /TESDT:DNS /V /S:<DCNAME> /F:<filename.log>» and received the above error. Here’s the snippet of the logs.
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]...
Open in new window
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 10065 (Type: Win32 - Description: A socket operation was attempted to an unreachable host.)]
Open in new window
...DNS server: 192.168.78.1 (xyz.contoso.com.)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
Delegation to the domain _msdcs.contoso.com. is operational
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: contoso.com
XYZ PASS PASS FAIL PASS PASS PASS n/a
......................... contoso.com failed test DNS
Open in new window
Kind of puzzled as to why it is a valid DNS and yet fail test DNS. I don’t have forwarders configured and I am not connecting to the internet. What’s the difference between forwarders and root hints, and how do I resolve this? I suspect there is a cache file somewhere.
Thanks.
Active Directory setup:
Single forest, 3 domains, with 1 domain controller each. All running server 2008 R2, with the same domain/forest functional level.
DNS clients are configured as follows:
DC1 -> DC2 (prim), DC1 (sec)
DC2 -> DC1 (prim), DC2 (sec)
DC3 -> DC1 (prim), DC3 (sec)
All zones are replicated throughout the entire forest, and each DNS server is set-up with 8.8.8.8/8.8.4.4 as forwarders.
Problem:
Everything appears to be working as should. AD is replicating properly, DNS is responsive and not causing any issues, BUT when I run dcdiag /test:dns, the enterprise DNS test fails on DC2 and DC3 with the following error:
TEST: Forwarders/Root hints (Forw)
Error: All forwarders in the forwarder list are invalid.
Error: Both root hints and forwarders are not configured or
broken. Please make sure at least one of them works.
Symptoms:
Event viewer is constantly showing these 2 event ID’s for DNS client:
ID 1017 — The DNS server’s response to a query for name INTERNAL RECORD indicates that no records of the type queried are available, but could indicate that other records for the same name are present.
ID 1019 — There are currently no IPv6 DNS servers configured for any interface on this host. Please configure DNS server settings, or renew your dynamic IP settings. (strange, as IPv6 is disabled on the network card)
nslookup is working as expected, and finding any and all records appearing in ID 1017, no matter which DNS server I select to use.
While running dcdiag, the following events appear:
Event ID 10009: DCOM was unable to communicate with the computer 8.8.4.4 using any of the configured protocols.
DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols.
Event ID 1014: Name resolution for the name 1.0.0.127.in-addr.arpa timed out after none of the configured DNS servers responded.
I’ve run wireshark while dcdiag is running its test, and the internal DNS servers do resolve anything thrown at them, but then the server continues querying Google DNS and root hints.
What the hell is going on? What am I missing here?
Edit: The actual enterprise DNS test error messages are:
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain1.local. failed on the DNS server 128.63.2.53
DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90 Name resolution is not functional. _ldap._tcp.domain1.local. failed on the DNS server 128.8.10.90
DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
Name resolution is not functional. _ldap._tcp.domain1.local. failed on the DNS server 192.112.36.4
etc., etc.