dns/ad issues

[Shantu Roy]

Hi all,
Hope you could help with this issue I am having...
I am having problems with adding machines to a AD domain.
The machine I have is win2k+sp4, new install. When
running dcdiag, it fails on the fsmo check with the error:
DcGetDcName(PDC_REQUIRED) call failed, error 1355. Also I
cannot add any new machines to the domain. Looking at the
AD tree, the machine is registered as a domain
controller. When doing nslookup queries for srv records,
they appear correct. I have verified that the info in
netlogon.dns is the same as the dns info on the AD box. So
needless to say, I am pulling my hair out. Any ideas
would be greatly appreciated....

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi all,
Hope you could help with this issue I am having...
I am having problems with adding machines to a AD domain.
The machine I have is win2k+sp4, new install. When
running dcdiag, it fails on the fsmo check with the error:
DcGetDcName(PDC_REQUIRED) call failed, error 1355. Also I
cannot add any new machines to the domain. Looking at the
AD tree, the machine is registered as a domain
controller. When doing nslookup queries for srv records,
they appear correct. I have verified that the info in
netlogon.dns is the same as the dns info on the AD box. So
needless to say, I am pulling my hair out. Any ideas
would be greatly appreciated....

The first DC must *only* point to its own private (not loopback) address
that has File Sharing and Client for Microsoft Networks bound to. Allow
dynamic updates must be "Yes" until all machines are joined to the domain
and have permission to update DNS. Then you can set Allow dynamic updates to
"Secure updates only"

The second DC must point to the first DC for DNS then to itself secondary.

All clients must point only to the DC(s) that has DNS installed

 

[shantu roy]

The DC (which is running AD-DNS)

-----Original Message-----
What DNS server does the machines you are adding to the domain point to?

hth
DDS W 2k MVP MCSE




.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

here ya go..

C:\Documents and Settings\Administrator>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : PSLAP
Primary DNS Suffix . . . . . . . : nextitcorp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nextitcorp.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/1000 XT Network Connect
ion
Physical Address. . . . . . . . . : 00-06-5B-F8-65-
61
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.248
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.248
Primary WINS Server . . . . . . . : 192.168.1.248

C:\Documents and Settings\Administrator>

Thanks for the ipconfig it looks good can you verify that the domain name in
ADUC matches the Primary DNS suffix exactly?

 

[Shantu Roy]

yes the both of them match up

-----Original Message-----
In
Thanks for the ipconfig it looks good can you verify that the domain name in
ADUC matches the Primary DNS suffix exactly?






.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

yes the both of them match up

Everything looks good so far, What events are being logged?

What services are disabled or stopped if any?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Well as for services that are disabled:
exchange replication service

well there are a list of stopped servies, they are mainly
stuff like dhcp server/client, qos admin control, asp.net
state service noting critical to network logon or dns is
stopped.

The DHCP client service is required whether it is a DHCP client or not. The
DHCP client service is responsble for DNS registration set it to Automatic.

 

[Ace Fekay [MVP]]

In

In
The DHCP client service is required whether it is a DHCP client or
not. The DHCP client service is responsble for DNS registration set
it to Automatic. --

Good call! That would do it, provided everything else is ok.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Shantu Roy]

*sigh* Well I enabled the dhcp client service and set it
to automatic as well, but it is still not working.

 

[Kevin D. Goodknecht Sr. [MVP]]

In

*sigh* Well I enabled the dhcp client service and set it
to automatic as well, but it is still not working.

Did you restart the Net Logon service after you started the DHCP Client?

 

[Shantu Roy]

humm...
I still seem to get the following error on dcdiag:
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.

yet looking at net share the sysvol dir is shared. Any
ideas?

 

[Kevin D. Goodknecht Sr. [MVP]]

In

humm...
I still seem to get the following error on dcdiag:
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.

yet looking at net share the sysvol dir is shared. Any
ideas?

Show me a dcdiag /v please, sir.

 

[Ace Fekay [MVP]]

In

humm...
I still seem to get the following error on dcdiag:
Starting test: frssysvol
Error: No record of File Replication System, SYSVOL
started.
The Active Directory may be prevented from starting.

yet looking at net share the sysvol dir is shared. Any
ideas?

Do all the SRV records appear in the zone?

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

here it is:
Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine PSLAP, is a DC.
* Connecting to directory service on server PSLAP.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\PSLAP
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... PSLAP passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\PSLAP
Starting test: Replications
* Replications Check
......................... PSLAP passed test
Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=nextitcorp,DC=com
* Security Permissions Check for
CN=Configuration,DC=nextitcorp,DC=com
* Security Permissions Check for
DC=nextitcorp,DC=com
......................... PSLAP passed test
NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... PSLAP passed test
NetLogons
Starting test: Advertising
The DC PSLAP is advertising itself as a DC and
having a DS.
The DC PSLAP is advertising as an LDAP server
The DC PSLAP is advertising as having a
writeable directory
The DC PSLAP is advertising as a Key
Distribution Center
The DC PSLAP is advertising as a time server
The DS PSLAP is advertising as a GC.
......................... PSLAP passed test
Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com
Role Domain Owner = CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com
Role PDC Owner = CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com
Role Rid Owner = CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com
......................... PSLAP passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1606 to
1073741823
* PSLAP.nextitcorp.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1106 to 1605
* rIDNextRID: 1205
* rIDPreviousAllocationPool is 1106 to 1605
......................... PSLAP passed test
RidManager
Starting test: MachineAccount
* SPN
found :LDAP/PSLAP.nextitcorp.com/nextitcorp.com
* SPN found :LDAP/PSLAP.nextitcorp.com
* SPN found :LDAP/PSLAP
* SPN found :LDAP/PSLAP.nextitcorp.com/NEXTITCORP
* SPN found :LDAP/6086dbb9-9ee2-4f65-9f64-
97ae329c98e5._msdcs.nextitcorp.com
* SPN found :E3514235-4B06-11D1-AB04-
00C04FC2DCD2/6086dbb9-9ee2-4f65-9f64-
97ae329c98e5/nextitcorp.com
* SPN
found :HOST/PSLAP.nextitcorp.com/nextitcorp.com
* SPN found :HOST/PSLAP.nextitcorp.com
* SPN found :HOST/PSLAP
* SPN found :HOST/PSLAP.nextitcorp.com/NEXTITCORP
* SPN
found :GC/PSLAP.nextitcorp.com/nextitcorp.com
......................... PSLAP passed test
MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... PSLAP passed test
Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
PSLAP is in domain DC=nextitcorp,DC=com
Checking for CN=PSLAP,OU=Domain
Controllers,DC=nextitcorp,DC=com in domain
DC=nextitcorp,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=PSLAP,CN=Servers,CN=Default-First-Site-
Name,CN=Sites,CN=Configuration,DC=nextitcorp,DC=com in
domain CN=Configuration,DC=nextitcorp,DC=com on 1 servers
Object is up-to-date on all servers.
......................... PSLAP passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
Error: No record of File Replication System,
SYSVOL started.
The Active Directory may be prevented from
starting.
......................... PSLAP passed test
frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event
log in the last 15 minutes.
......................... PSLAP passed test
kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 07/25/2003 13:25:19
Event String: Driver HP OfficeJet G85xi
required for printer

__192.168.100.110_HOME is unknown. Contact the

administrator to install the driver before you

log in again.
An Error Event occured. EventID: 0x00000452
Time Generated: 07/25/2003 13:25:19
Event String: The printer could not be
installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/25/2003 13:25:26
Event String: Driver Acrobat PDFWriter
required for printer

Acrobat PDFWriter is unknown. Contact the

administrator to install the driver before you

log in again.
An Error Event occured. EventID: 0x00000452
Time Generated: 07/25/2003 13:25:26
Event String: The printer could not be
installed.
An Error Event occured. EventID: 0x00000457
Time Generated: 07/25/2003 13:25:27
Event String: Driver Send with eFax Messenger
Plus required for

printer Send with eFax Messenger Plus is unknown.

Contact the administrator to install the driver

before you log in again.
An Error Event occured. EventID: 0x00000452
Time Generated: 07/25/2003 13:25:27
Event String: The printer could not be
installed.
......................... PSLAP failed test
systemlog

Running enterprise tests on : nextitcorp.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site
is outside the scope

provided by the command line arguments provided.
......................... nextitcorp.com passed
test Intersite
Starting test: FsmoCheck
GC Name: \\PSLAP.nextitcorp.com
Locator Flags: 0xe00001fd
PDC Name: \\PSLAP.nextitcorp.com
Locator Flags: 0xe00001fd
Time Server Name: \\PSLAP.nextitcorp.com
Locator Flags: 0xe00001fd
Preferred Time Server Name:
\\PSLAP.nextitcorp.com
Locator Flags: 0xe00001fd
KDC Name: \\PSLAP.nextitcorp.com
Locator Flags: 0xe00001fd
......................... nextitcorp.com passed
test FsmoCheck

See if this helps. NOt sure, but the FRS shows in an earlier test in the log
that it's ok, just the Sysvol, so check this out:
316790 - The Sysvol and Netlogon Shares Are Missing After You Restore a
Domain Controller from Backup:
http://support.microsoft.com/?id=316790

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[askus2]

I had a very similar issue.

This may help.

http://www.andymcdonald.co.uk/2010/04/19/dcdiag-fsmocheck-error-1355/

In my situation a firewall was blocking UDP traffic on port 389

Andy