DCDIAG tests failed

[H]

Hello,

When I run dcdiag, two tests fail:

Starting test: MachineAccount
* DCNAME is not trusted for account delegation
......................... DCNAME failed test MachineAccount


Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started
The Active Directory may be prevented from starting.
.........................DCNAME passed test frssysvol.


AD seems to be running fine and there are no errors in the
event logs. Just thought I'd run dcdiag....

Any ideas as to the errors?

Thanks,
H

 

[Matjaz Ladava [MVP]]

See if you DC has Account is trusted for delegation in its propery on
computer object in ADUS.

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[H]

Thanks for the reply.

After lots of reading, the only thing I miss out on with
having "trust computer for delegation" disabled on the DCs
is Messaging Queue... correct?

By not having this enabled, is there any adverse
functionality with AD?

- H

 

[Matjaz Ladava [MVP]]

This means that a DC can impersonate user account on some actions. This
should be enabled on DC's.

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Guest]

Thanks for the reply and good info!

Any ideas on the SYSVOL message , though....

Starting test: frssysvol
Error: No record of File Replication System, SYSVOL started
The Active Directory may be prevented from starting.
.........................DCNAME passed test frssysvol.

Thanks,
H

 

[Matjaz Ladava [MVP]]

This is sometimes logged during DC startup. Your reference should be FRS log
in Event Viewer, where you will see if SYSVOL was shared. Do you have sysvol
shared on your DC ?

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

 

[Guest]

Interesting!!!

Sysvol is shared. But the FRS log was empty, so I
rebooted the DC to see what is logged during startup.

This is what was logged:
Source: Ntfrs
EventID: 13516
Description:
The [FRS] is no longer preventing the computer DCNAME from
becomeing a domain controller. The system volume has been
successfully initialized and the Netlogon service has been
notified that the system volume is now ready to be shared
as SYSVOL.

So I ran dcdiag again, and the error went away. Wierd. I
wonder if it will come back?

Have you seen/heardof this before? What causes this
behavior?

Thanks!

 

[Matjaz Ladava [MVP]]

I have seen this, but as long as sysvol is shared everything is ok. It is
hard to say why you had this issue, but I think that you are allright now
;-).

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)

Interesting!!!

Sysvol is shared. But the FRS log was empty, so I
rebooted the DC to see what is logged during startup.

This is what was logged:
Source: Ntfrs
EventID: 13516
Description:
The [FRS] is no longer preventing the computer DCNAME from
becomeing a domain controller. The system volume has been
successfully initialized and the Netlogon service has been
notified that the system volume is now ready to be shared
as SYSVOL.

So I ran dcdiag again, and the error went away. Wierd. I
wonder if it will come back?

Have you seen/heardof this before? What causes this
behavior?

Thanks!

-----Original Message-----
This is sometimes logged during DC startup. Your reference should be FRS log
in Event Viewer, where you will see if SYSVOL was shared. Do you have sysvol
shared on your DC ?

--

Regards

Matjaz Ladava, MCSA, MCSE, MCT, MVP
Microsoft MVP Windows Server - Active Directory
(e-mail address removed), (e-mail address removed)






.