DCDIAG Errors for Root and Subdomain

-

hi,

when run dcdiag root domain (abc.com) getting following results:

c:\windows\system32>dcdiag

directory server diagnosis

performing initial setup:
   trying find home server...
   home server = dc01
   * identified ad forest.
   done gathering initial info.

doing initial required tests

   testing server: islamabad\dc01
      starting test: connectivity
         ......................... dc01 passed test connectivity

doing primary tests

   testing server: islamabad\dc01
      starting test: advertising
         ......................... dc01 passed test advertising
      starting test: frsevent
         ......................... dc01 passed test frsevent
      starting test: dfsrevent
         ......................... dc01 passed test dfsrevent
      starting test: sysvolcheck
         ......................... dc01 passed test sysvolcheck
      starting test: kccevent
         ......................... dc01 passed test kccevent
      starting test: knowsofroleholders
         ......................... dc01 passed test knowsofroleholders
      starting test: machineaccount
         ......................... dc01 passed test machineaccount
      starting test: ncsecdesc
         ......................... dc01 passed test ncsecdesc
      starting test: netlogons
         ......................... dc01 passed test netlogons
      starting test: objectsreplicated
         ......................... dc01 passed test objectsreplicated
      starting test: replications
         replication-received latency warning
         dc01:  current time 2012-04-14 01:29:33.
            dc=forestdnszones,dc=abc,dc=com
               last replication received khidc01 at
          2012-04-12 18:54:46
               last replication received lhrdc02 at
          2012-04-12 18:54:59
               last replication received lhrdc01 at
          2012-04-12 18:58:54
               last replication received pshdc01 at
          2012-04-12 18:45:59
               last replication received pshdc02 at
          2011-01-14 12:58:09
               warning:  latency on tombstone lifetime of 180
         days!
            cn=schema,cn=configuration,dc=abc,dc=com
               last replication received khidc01 at
          2012-04-12 18:52:52
               last replication received lhrdc02 at
          2012-04-12 18:54:59
               last replication received lhrdc01 at
          2012-04-12 18:58:51
               last replication received pshdc01 at
          2012-04-12 18:45:59
               last replication received pshdc02 at
          2012-04-12 18:35:23
            cn=configuration,dc=abc,dc=com
               last replication received khidc01 at
          2012-04-12 18:52:51
               last replication received lhrdc02 at
          2012-04-12 18:54:59
               last replication received lhrdc01 at
          2012-04-12 18:58:50
               last replication received pshdc01 at
          2012-04-12 18:45:59
               last replication received pshdc02 at
          2011-01-14 12:58:09
               warning:  latency on tombstone lifetime of 180
         days!
            dc=khi,dc=abc,dc=com
               last replication received khidc01 at
          2012-04-12 19:01:15
            dc=lhr,dc=abc,dc=com
               last replication received lhrdc02 at
          2012-04-12 18:54:59
               last replication received lhrdc01 at
          2012-04-12 18:58:57
            dc=psh,dc=abc,dc=com
               last replication received pshdc01 at
          2012-04-12 18:46:15
               last replication received pshdc02 at
          2011-01-14 12:58:10
               warning:  latency on tombstone lifetime of 180
         days!
         ......................... dc01 passed test replications
      starting test: ridmanager
         ......................... dc01 passed test ridmanager
      starting test: services
         ......................... dc01 passed test services
      starting test: systemlog
         warning event occurred.  eventid: 0x000003fc
            time generated: 04/14/2012   00:55:20
            event string:
            scope, 10.80.7.0, 91 percent full 18 ip addresses remai
ning.
         warning event occurred.  eventid: 0x000003fc
            time generated: 04/14/2012   00:55:20
            event string:
            scope, 10.80.18.0, 92 percent full 9 ip addresses remai
ning.
         warning event occurred.  eventid: 0x8000001d
            time generated: 04/14/2012   00:57:35
            event string:
            key distribution center (kdc) cannot find suitable certificate
 to use smart card logons, or kdc certificate not verified. sma
rt card logon may not function correctly if problem not resolved. cor
rect problem, either verify existing kdc certificate using certutil.exe
 or enroll new kdc certificate.
         error event occurred.  eventid: 0x00000457
            time generated: 04/14/2012   01:29:16
            event string:
            driver adobe pdf converter required printer adobe pdf unknown
. contact administrator install driver before log in again.
         error event occurred.  eventid: 0x00000457
            time generated: 04/14/2012   01:29:23
            event string:
            driver hp universal printing pcl 6 required printer hp universal
 printing pcl 6 unknown. contact administrator install driver befo
re log in again.
         error event occurred.  eventid: 0x00000457
            time generated: 04/14/2012   01:29:24
            event string:
            driver microsoft office live meeting 2007 document writer driver req
uired printer microsoft office live meeting 2007 document writer unknown.
 contact administrator install driver before log in again.
         error event occurred.  eventid: 0x00000457
            time generated: 04/14/2012   01:29:27
            event string:
            driver send microsoft onenote 2010 driver required printer se
nd onenote 2010 unknown. contact administrator install driver b
efore log in again.
         ......................... dc01 failed test systemlog
      starting test: verifyreferences
         ......................... dc01 passed test verifyreferences


   running partition tests on : forestdnszones
      starting test: checksdrefdom
         ......................... forestdnszones passed test checksdrefdom
      starting test: crossrefvalidation
         ......................... forestdnszones passed test
         crossrefvalidation

   running partition tests on : domaindnszones
      starting test: checksdrefdom
         ......................... domaindnszones passed test checksdrefdom
      starting test: crossrefvalidation
         ......................... domaindnszones passed test
         crossrefvalidation

   running partition tests on : schema
      starting test: checksdrefdom
         ......................... schema passed test checksdrefdom
      starting test: crossrefvalidation
         ......................... schema passed test crossrefvalidation

   running partition tests on : configuration
      starting test: checksdrefdom
         ......................... configuration passed test checksdrefdom
      starting test: crossrefvalidation
         ......................... configuration passed test crossrefvalidation

   running partition tests on : hec
      starting test: checksdrefdom
         ......................... abc passed test checksdrefdom
      starting test: crossrefvalidation
         ......................... abc passed test crossrefvalidation

   running enterprise tests on : abc.com
      starting test: locatorcheck
         ......................... abc.com passed test locatorcheck
      starting test: intersite
         ......................... abc.com passed test intersite

hasan

from dc01 log clear dc01 has not replicated lhrdc02,lhrdc01,pshdc01,pshdc02 , latency on tombstone lifetime period.if server reached tombstone need demote/promote dc or enable allowreplicationwithdivergentandcorruptpartner registry key can lead lingering object issue.

in subdomain dc isbdc01 getting error "the rpc server unavailable" relates port being blocked or network connectivity issue or due dns misconfig.i suggest contact network/security team verify whether related ad ports being configured , allowed on firewall communication. portquery free tool ms can downloaded , installed verify necessary ports opened or not.

also, disable local windows firewall service, default enabled in vista/windows 2008 , above. check network connectivity , latency.
disable windows firewall:http://technet.microsoft.com/en-us/library/cc766337(ws.10).aspx

it can caused antivirus software many of them sporting new feature called "network traffic protection," can efffectively block necessary ad traffic


active directory , active directory domain services port requirements
http://technet.microsoft.com/en-us/library/dd772723%28ws.10%29.aspx

troubleshooting “rpc server unavailable” error, reported in failing ad replication scenario.
http://blogs.technet.com/b/abizerh/archive/2009/06/11/troubleshooting-rpc-server-is-unavailable-error-reported-in-failing-ad-replication-scenario.aspx

first of check dns setting on dc.ensure following on dc:
1. each dc / dns server points private ip address primary dns server , other remote/local dns servers secondary in tcp/ip properties.
2. each dc has 1 ip address , single network adapter enabled.
3. contact isp , valid dns ips them , add in forwarders, not set public dns server in tcp/ip setting of dc.
4. once done, run "ipconfig /flushdns & ipconfig /registerdns", restart dns , netlogon service each dc.
not put private dns ip addresses in forwarder list.
5.assigning static ip address dc if ip address assigned dhcp server dc.it not recommended.

check required port open not ad replication.post log of dc(ipconfig /all,dcdiag,repadmin,etc other mentioned detail analysis).

best regards,

sandesh dubey.

mcse|mcsa:messaging|mcts|mcitp:enterprise adminitrator | blog

disclaimer: posting provided "as is" no warranties or guarantees , , confers no rights.



Windows Server  >  Directory Services



Comments

Post a Comment

Popular posts from this blog

Edit Group Policy

-
i have pc has power settings pushed out default domain policy in ad environment. of course on local machine "some settings managed system adminstrator". the machine temporarily no longer in contact domain controller (it's been physically moved , not on same network now) can't updated gpo settings. i believe if edit local group policy won't make difference because of group policy processing , precedence. since it's temporary away ad network, still want use settings of ad user. is there somewhere in registry stored can edit power plan manually until can sync domain? (i need prevent sleeping while plugged in - it's set 1 hour) thanks! allen crist i found site: http://gpsearch.azurewebsites.net/#7916 i able add policy to hkey_local_machine\software\policies\microsoft\power using specs found on site. looks solved issue. i'll report if didn't. thanks! allen crist ...
Read more

Hyper-V VM not reaching OS 'Logon' screen

-
i trying migrate vm vmware hyper-v. so far have done following (seemingly successfully): prepare vmware vm conversion hyper-v format (vhd) within vmware workstation 8.0 environment following steps guide: http://social.technet.microsoft.com/forums/en/winserverhyperv/thread/ef8c12f7-c45d-442e-9a30-c43cd87df3b3   (i.e. remove vm tools, add new ide hard disk…) use vmdk2vhd application convert individual vmdk files vhd ones create new vm in hyper-v exporting in 3 newly converted vhd files at point have checked settings , powered on vm in hyper-v find although windows begins load expected manages reach screen prior login screen saying either of following messages: “windows starting up…” “the active directory rebuilding indices… please wait” to knowledge, albeit limited in area, vm should present me login screen since appears in vmware. if start vm in safe mode can login not desired affect. below details of vm: operating system: windows server 2003 (enterprise edit...
Read more

DNS question...

-
i new setting dns server....my domain name expl. "domain.com"....i set "a" record in forward lookup for  www.domain.com itself...."server's local ip"....i've added no other zones , i seem able resolve names except own....www.domain.com.....also, do i put my isp's dns ip's....for external dns's server can't resolve?....forwarding or in nic setup?......i want setup in my dns server don't have include them on client side..... thanks mark     not put isp dsn server address in settings on nic dc or clients. should point local dns server on dc. set dns forward public dns, such isp. bill Windows Server  >  Network Infrastructure Servers
Read more