DC Issues...

J

Joe

Ran DcDiag.exe remotely and this is what came back, I
understand very little of what it returned, ANY help
would be appreciated, I am trying to upgrade to
Exchange03 on this DC and then replicate everything from
the 2000 AD & exchange to 2003 AD with 2003 Exchange..
And I am trying to get it done this weekend!


C:\Documents and Settings\xxxxx>dcdiag /s:galactus

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Connectivity
......................... GALACTUS passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Replications
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Schema,CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
20:53:51.
439 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[VENOM] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:18:16.
1810 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context: DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:20:13.
5478 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
......................... GALACTUS passed test
Replications
Starting test: NCSecDesc
......................... GALACTUS passed test
NCSecDesc
Starting test: NetLogons
......................... GALACTUS passed test
NetLogons
Starting test: Advertising
......................... GALACTUS passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: VENOM is the Rid Owner, but is not
responding to DS RPC Bind.
[VENOM] LDAP search failed with error 58,
The specified server cannot perform the
requested operation..
Warning: VENOM is the Rid Owner, but is not
responding to LDAP Bind.
......................... GALACTUS failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... GALACTUS failed test
RidManager
Starting test: MachineAccount
* GALACTUS is not trusted for account delegation
The corresponding flag bits are missing from the
computer object's
User-Account-Control attribute. You can re-run
this command and
include the /FixMachineAccount option to attempt
a repair.
......................... GALACTUS failed test
MachineAccount
Starting test: Services
......................... GALACTUS passed test
Services
Starting test: ObjectsReplicated
......................... GALACTUS passed test
ObjectsReplicated
Starting test: frssysvol
......................... GALACTUS passed test
frssysvol
Starting test: frsevent
There are warning or error events within the
last 24 hours after the
SYSVOL has been shared. Failing SYSVOL
replication problems may cause
Group Policy problems.
......................... GALACTUS failed test
frsevent
Starting test: kccevent
......................... GALACTUS passed test
kccevent
Starting test: systemlog
......................... GALACTUS passed test
systemlog
Starting test: VerifyReferences
......................... GALACTUS passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test
CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed
test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed
test CheckSDRefDom

Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test
CheckSDRefDom

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed
test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed
test FsmoCheck

C:\Documents and Settings\xxxxx>


Thats about it!

Thanks,

Joe
 
A

Antonio Lam

Well, obviously there is problem on the link between VENOM and
GALACTUS. You should fix it first.

Regards,
Antonio
CCA, CCNA, CCSA, CISSP, CNA, MCSA, MCSE, SCSA

Joe said:
Ran DcDiag.exe remotely and this is what came back, I
understand very little of what it returned, ANY help
would be appreciated, I am trying to upgrade to
Exchange03 on this DC and then replicate everything from
the 2000 AD & exchange to 2003 AD with 2003 Exchange..
And I am trying to get it done this weekend!


C:\Documents and Settings\xxxxx>dcdiag /s:galactus

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Connectivity
......................... GALACTUS passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Replications
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Schema,CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
20:53:51.
439 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[VENOM] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:18:16.
1810 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context: DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:20:13.
5478 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
......................... GALACTUS passed test
Replications
Starting test: NCSecDesc
......................... GALACTUS passed test
NCSecDesc
Starting test: NetLogons
......................... GALACTUS passed test
NetLogons
Starting test: Advertising
......................... GALACTUS passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: VENOM is the Rid Owner, but is not
responding to DS RPC Bind.
[VENOM] LDAP search failed with error 58,
The specified server cannot perform the
requested operation..
Warning: VENOM is the Rid Owner, but is not
responding to LDAP Bind.
......................... GALACTUS failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... GALACTUS failed test
RidManager
Starting test: MachineAccount
* GALACTUS is not trusted for account delegation
The corresponding flag bits are missing from the
computer object's
User-Account-Control attribute. You can re-run
this command and
include the /FixMachineAccount option to attempt
a repair.
......................... GALACTUS failed test
MachineAccount
Starting test: Services
......................... GALACTUS passed test
Services
Starting test: ObjectsReplicated
......................... GALACTUS passed test
ObjectsReplicated
Starting test: frssysvol
......................... GALACTUS passed test
frssysvol
Starting test: frsevent
There are warning or error events within the
last 24 hours after the
SYSVOL has been shared. Failing SYSVOL
replication problems may cause
Group Policy problems.
......................... GALACTUS failed test
frsevent
Starting test: kccevent
......................... GALACTUS passed test
kccevent
Starting test: systemlog
......................... GALACTUS passed test
systemlog
Starting test: VerifyReferences
......................... GALACTUS passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test
CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed
test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed
test CheckSDRefDom

Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test
CheckSDRefDom

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed
test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed
test FsmoCheck

C:\Documents and Settings\xxxxx>


Thats about it!

Thanks,

Joe
Click to expand...
 
C

Christian Schindler

Seems there a two major issues:

First:

The DC VENOM is somewhat not reachable because it is not correctly
registered in DNS.
This problem is also causing problems with the FSMO RID Master role, because
VENOM
is currently holding this role.

Question: Is VENOM still a DC? If yes, have a look at the DNS config of this
server(are the
correct DNS server configured in the IP-Stack?). If the DNS config is
correct, try restarting
the NETLOGON service on VENOM - this should create all necessary records in
DNS.

Second:

The DC GALACTUS is missing the "Turst computer for delegation" flag.

As already mentioned in the DCDIAG report try to fix this with the
"/FixMachineAccount"
option of DCDIAG. But first solve the replication issues!

--

Christian Schindler
MCSA / MCSE / MCT / CCEA

Senior Consultant

NTx BackOffice Consulting Group Austria
mailto:[email protected]

Joe said:
Ran DcDiag.exe remotely and this is what came back, I
understand very little of what it returned, ANY help
would be appreciated, I am trying to upgrade to
Exchange03 on this DC and then replicate everything from
the 2000 AD & exchange to 2003 AD with 2003 Exchange..
And I am trying to get it done this weekend!


C:\Documents and Settings\xxxxx>dcdiag /s:galactus

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Connectivity
......................... GALACTUS passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\GALACTUS
Starting test: Replications
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Schema,CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
20:53:51.
439 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[VENOM] DsBindWithSpnEx() failed with error 1722,
The RPC server is unavailable..
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context:
CN=Configuration,DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:18:16.
1810 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
[Replications Check,GALACTUS] A recent
replication attempt failed:
From VENOM to GALACTUS
Naming Context: DC=mydomain,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failure.
The failure occurred at 2004-02-07 15:53:03.
The last success occurred at 2004-01-20
21:20:13.
5478 failures have occurred since the last
success.
The guid-based DNS name ca43e5fe-85db-4c55-
8f2c-0a09b9435a27._msdcs.mydomain.com
is not registered on one or more DNS servers.
......................... GALACTUS passed test
Replications
Starting test: NCSecDesc
......................... GALACTUS passed test
NCSecDesc
Starting test: NetLogons
......................... GALACTUS passed test
NetLogons
Starting test: Advertising
......................... GALACTUS passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: VENOM is the Rid Owner, but is not
responding to DS RPC Bind.
[VENOM] LDAP search failed with error 58,
The specified server cannot perform the
requested operation..
Warning: VENOM is the Rid Owner, but is not
responding to LDAP Bind.
......................... GALACTUS failed test
KnowsOfRoleHolders
Starting test: RidManager
......................... GALACTUS failed test
RidManager
Starting test: MachineAccount
* GALACTUS is not trusted for account delegation
The corresponding flag bits are missing from the
computer object's
User-Account-Control attribute. You can re-run
this command and
include the /FixMachineAccount option to attempt
a repair.
......................... GALACTUS failed test
MachineAccount
Starting test: Services
......................... GALACTUS passed test
Services
Starting test: ObjectsReplicated
......................... GALACTUS passed test
ObjectsReplicated
Starting test: frssysvol
......................... GALACTUS passed test
frssysvol
Starting test: frsevent
There are warning or error events within the
last 24 hours after the
SYSVOL has been shared. Failing SYSVOL
replication problems may cause
Group Policy problems.
......................... GALACTUS failed test
frsevent
Starting test: kccevent
......................... GALACTUS passed test
kccevent
Starting test: systemlog
......................... GALACTUS passed test
systemlog
Starting test: VerifyReferences
......................... GALACTUS passed test
VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test
CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed
test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed
test CheckSDRefDom

Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test
CheckSDRefDom

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed
test Intersite
Starting test: FsmoCheck
......................... mydomain.com passed
test FsmoCheck

C:\Documents and Settings\xxxxx>


Thats about it!

Thanks,

Joe
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Slow Logons and Can't open files 0
event 1265 ntds kcc - access denied 3
Remove a non-existent DC 2
One way communication with DC's 3
2k8r2 endpoint mapper error 3
Windows 2000 Replication error 0
Domain Rename Problem 1
the dsa operation is unable to proceed because of a dns lookup failure 2

Top