Nope. That's not it. Saw that and thought it might be it, but all ports
are specifically open.
Here's the results of the dcdiag /v. I'm not seeing anything in there that
I didn't mention in my original post.
DC Diagnosis
Performing initial setup:
* Verifing that the local machine absolute, is a DC.
* Connecting to directory service on server absolute.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\ABSOLUTE
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... ABSOLUTE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\ABSOLUTE
Starting test: Replications
* Replications Check
......................... ABSOLUTE passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=reality,DC=com
* Security Permissions Check for
CN=Configuration,DC=reality,DC=com
* Security Permissions Check for
DC=reality,DC=com
......................... ABSOLUTE passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... ABSOLUTE passed test NetLogons
Starting test: Advertising
The DC ABSOLUTE is advertising itself as a DC and having a DS.
The DC ABSOLUTE is advertising as an LDAP server
The DC ABSOLUTE is advertising as having a writeable directory
The DC ABSOLUTE is advertising as a Key Distribution Center
The DC ABSOLUTE is advertising as a time server
The DS ABSOLUTE is advertising as a GC.
......................... ABSOLUTE passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
Role Domain Owner = CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
Role PDC Owner = CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
......................... ABSOLUTE passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1605 to 1073741823
* absolute.reality.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1105 to 1604
* rIDNextRID: 1109
* rIDPreviousAllocationPool is 1105 to 1604
......................... ABSOLUTE passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/absolute.reality.com/reality.com
* SPN found :LDAP/absolute.reality.com
* SPN found :LDAP/ABSOLUTE
* SPN found :LDAP/absolute.reality.com/REALITY
* SPN found
:LDAP/3b115ba9-d62a-458d-b644-d1356a5fb909._msdcs.reality.com
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3b115ba9-d62a-458d-b644-d1356a5fb909/reality.com
* SPN found :HOST/absolute.reality.com/reality.com
* SPN found :HOST/absolute.reality.com
* SPN found :HOST/ABSOLUTE
* SPN found :HOST/absolute.reality.com/REALITY
* SPN found :GC/absolute.reality.com/reality.com
......................... ABSOLUTE passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... ABSOLUTE passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
ABSOLUTE is in domain DC=reality,DC=com
Checking for CN=ABSOLUTE,OU=Domain Controllers,DC=reality,DC=com in
domain DC=reality,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=ABSOLUTE,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=reality,DC=com
in domain CN=Configuration,DC=reality,DC=com on 1 servers
Object is up-to-date on all servers.
......................... ABSOLUTE passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... ABSOLUTE passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minutes.
......................... ABSOLUTE passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000041B
Time Generated: 08/18/2004 20:45:45
Event String: The DHCP/BINL service has determined that it is
not authorized to service clients on this network
for the Windows domain: reality.com.
......................... ABSOLUTE failed test systemlog
Running enterprise tests on : reality.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... reality.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\absolute.reality.com
Locator Flags: 0xe00001fd
PDC Name: \\absolute.reality.com
Locator Flags: 0xe00001fd
Time Server Name: \\absolute.reality.com
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\absolute.reality.com
Locator Flags: 0xe00001fd
KDC Name: \\absolute.reality.com
Locator Flags: 0xe00001fd
......................... reality.com passed test FsmoCheck
323542 You Cannot Start the Active Directory Users and Computers Tool
Because
http://support.microsoft.com/?id=323542
If thats not it run a DCdiag /v >dcdiag.txt and post it here. I would be
fairly certain there is an error in there.
--
James Brandt [MSFT]
Jack Shot said:
Less than 48 hours ago I set up a new Windows 2000 DC. Brand new forest.
Since setting up that machine, I have installed Symantec Anti-Virus
console
on the machine, and performed various Windows updates.
This morning I was unable to load any of the Active Directory tools. The
error message states that 'The server is not operational.
I have one message in the DNS log that states that DNS cannot contact
active
directory, from when the server was installed. No other errors since.
After searching the forums here, I ran dcdiag and netdiag and both seem to
run great with 2 exceptions. 1) There is no default gateway configured.
This is because there is no default gateway. Shouldn't matter, right? 2)
The DHCP service is not authorized yet. There are no DHCP clients
currently.
This is in prep for future expansion, and will be authorized later today.
But it shouldn't make a difference either, right?
Nothing else appears to be wrong in either the dcdiag or the netdiag.
What
am I not seeing?
