Ad Health

================================
Domain Controllers In the Domain

================================
SERVER1
SERVER2
======================
Repadmin - Syncall - e
======================
CALLBACK MESSAGE: The following replication is in progress:
From: ae7edea7-7117-4677-ba3a-1173e9293052._msdcs.Domain.com
To : 467d2a30-d459-4aec-a537-818c902ff397._msdcs.Domain.com
CALLBACK MESSAGE: The following replication completed successfully:
CALLBACK MESSAGE: SyncAll Finished.
SyncAll terminated with no errors.
======================
Repadmin - Syncall - a
======================
Syncing all NC's held on localhost.
Syncing partition: DC=ForestDnsZones,DC=Domain,DC=com
Syncing partition: DC=DomainDnsZones,DC=Domain,DC=com
Syncing partition: CN=Schema,CN=Configuration,DC=Domain,DC=com
Syncing partition: CN=Configuration,DC=Domain,DC=com
Syncing partition: DC=Domain,DC=com
======================
Repadmin - Syncall - d
======================
From: CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=S
ites,CN=Configuration,DC=Domain,DC=com
To : CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=S
From: CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=S
To : CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=S
======================
Repadmin - Replsummary
======================
Replication Summary Start Time: 2012-10-04 12:25:29
Beginning data collection for replication summary, this may take awhile:
.....
Source DSA largest delta fails/total %% error

SERVER1 0s 0 / 5 0
SERVER2 36m:01s 0 / 5 0
Destination DSA largest delta fails/total %% error

SERVER1 36m:01s 0 / 5 0
SERVER2 0s 0 / 5 0
==============
Repadmin - KCC
==============
Repadmin: running command /kcc against full DC Server1.Domain.com
Default-First-Site-Name
Current Site Options: (none)
Consistency check on Server1.Domain.com successful.
Repadmin: running command /kcc against full DC Server2.Domain.com
Default-First-Site-Name
Current Site Options: (none)
Consistency check on Server2.Domain.com successful.
=====================
Repadmin - showbackup
=====================
Repadmin: running command /showbackup against full DC Server1.Domain.com
Loc.USN Originating DSA Org.USN Org.Time/Date
Ver Attribute
======= =============== ========= =============
=== =========
DC=ForestDnsZones,DC=Domain,DC=com
DC=DomainDnsZones,DC=Domain,DC=com
CN=Schema,CN=Configuration,DC=Domain,DC=com
CN=Configuration,DC=Domain,DC=com
DC=Domain,DC=com
Repadmin: running command /showbackup against full DC Server2.Domain.com
Loc.USN Originating DSA Org.USN Org.Time/Date
Ver Attribute
======= =============== ========= =============
=== =========
DC=Domain,DC=com
===================
Repadmin - Showrepl
===================
Repadmin: running command /showrepl against full DC Server1.Domain.com
Default-First-Site-Name\SERVER1
DSA Options: IS_GC
Site Options: (none)
DSA object GUID: ae7edea7-7117-4677-ba3a-1173e9293052
DSA invocationID: ae7edea7-7117-4677-ba3a-1173e9293052
==== INBOUND NEIGHBORS ======================================
DC=Domain,DC=com
Default-First-Site-Name\SERVER2 via RPC
DSA object GUID: 467d2a30-d459-4aec-a537-818c902ff397
Last attempt @ 2012-10-04 11:49:28 was successful.
Repadmin: running command /showrepl against full DC Server2.Domain.com
DSA Options: IS_GC
Site Options: (none)
DSA invocationID: 16cf55dd-01c8-4234-aa51-299f56099905
==== INBOUND NEIGHBORS ======================================
DC=Domain,DC=com
================
Repadmin - Queue
================
Repadmin: running command /queue against full DC Server1.Domain.com
Queue contains 0 items.
Repadmin: running command /queue against full DC Server2.Domain.com
Queue contains 0 items.
======================
Repadmin - Bridgeheads
======================
Repadmin: running command /bridgeheads against full DC Server1.Domain.com
Gathering topology from site Default-First-Site-Name (Server1.Domain.com):
Bridgeheads for site Default-First-Site-Name (Server2.Domain.com):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === =======
=
Repadmin: running command /bridgeheads against full DC Server2.Domain.com
Bridgeheads for site Default-First-Site-Name (Server2.Domain.com):
Source Site Local Bridge Trns Fail. Time # Status
=============== ============== ==== ================= === =======
=
===============
Repadmin - ISTG
===============
Repadmin: running command /istg against full DC Server1.Domain.com
Site ISTG
================== =================
Default-First-Site-Name SERVER2
Repadmin: running command /istg against full DC Server2.Domain.com
Site ISTG
================== =================
Default-First-Site-Name SERVER2
=======================
Repadmin - Showoutcalls
=======================
Repadmin: running command /showoutcalls against full DC Server1.Domain.com
Server1.Domain.com is making no outgoing DRS RPC calls at this time.
Repadmin: running command /showoutcalls against full DC Server2.Domain.com
Server2.Domain.com is making no outgoing DRS RPC calls at this time.
====================
Repadmin - Failcache
====================
Repadmin: running command /failcache against full DC Server1.Domain.com
==== KCC CONNECTION FAILURES ============================
(none)
==== KCC LINK FAILURES ==================================
(none)
Repadmin: running command /failcache against full DC Server2.Domain.com
==== KCC CONNECTION FAILURES ============================
(none)
==== KCC LINK FAILURES ==================================
No Failures.
====================
Repadmin - Showtrust
====================
Repadmin: running command /showtrust against full DC Server1.Domain.com
Domain Trust Info:
TRUSTED : DC=Domain,DC=com
Repadmin: running command /showtrust against full DC Server2.Domain.com
Domain Trust Info:
TRUSTED : DC=Domain,DC=com
===============
Repadmin - Bind
===============
Repadmin: running command /bind against full DC Server1.Domain.com
Bind to Server1.Domain.com succeeded.
NTDSAPI V1 BindState, printing extended members.
bindAddr: Server1.Domain.com
Extensions supported (cb=48):
BASE : Yes
ASYNCREPL : Yes
REMOVEAPI : Yes
MOVEREQ_V2 : Yes
GETCHG_COMPRESS : Yes
DCINFO_V1 : Yes
RESTORE_USN_OPTIMIZATION : Yes
KCC_EXECUTE : Yes
ADDENTRY_V2 : Yes
LINKED_VALUE_REPLICATION : Yes
DCINFO_V2 : Yes
INSTANCE_TYPE_NOT_REQ_ON_MOD : Yes
CRYPTO_BIND : Yes
GET_REPL_INFO : Yes
STRONG_ENCRYPTION : Yes
DCINFO_VFFFFFFFF : Yes
TRANSITIVE_MEMBERSHIP : Yes
ADD_SID_HISTORY : Yes
POST_BETA3 : Yes
GET_MEMBERSHIPS2 : Yes
GETCHGREQ_V6 (WHISTLER PREVIEW) : Yes
NONDOMAIN_NCS : Yes
GETCHGREQ_V8 (WHISTLER BETA 1) : Yes
GETCHGREPLY_V5 (WHISTLER BETA 2) : Yes
ADDENTRYREPLY_V3 (WHISTLER BETA 3): Yes
VERIFY_OBJECT (WHISTLER BETA 3) : Yes
XPRESS_COMPRESSION : Yes
DRS_EXT_ADAM : No
Site GUID: 164a7794-aa39-46ad-9094-424cce8cec5c
Repl epoch: 0
Forest GUID: 4588f830-1b1b-4300-8010-dc81e36b9209
Security information on the binding is as follows:
SPN Requested: LDAP/Server1.Domain.com
Authn Service: 9
Authn Level: 6
Authz Service: 0
Repadmin: running command /bind against full DC Server2.Domain.com
Bind to Server2.Domain.com succeeded.
NTDSAPI V1 BindState, printing extended members.
bindAddr: Server2.Domain.com
Extensions supported (cb=48):
BASE : Yes
ASYNCREPL : Yes
REMOVEAPI : Yes
MOVEREQ_V2 : Yes
GETCHG_COMPRESS : Yes
DCINFO_V1 : Yes
RESTORE_USN_OPTIMIZATION : Yes
KCC_EXECUTE : Yes
ADDENTRY_V2 : Yes
LINKED_VALUE_REPLICATION : Yes
DCINFO_V2 : Yes
INSTANCE_TYPE_NOT_REQ_ON_MOD : Yes
CRYPTO_BIND : Yes
GET_REPL_INFO : Yes
STRONG_ENCRYPTION : Yes
DCINFO_VFFFFFFFF : Yes
TRANSITIVE_MEMBERSHIP : Yes
ADD_SID_HISTORY : Yes
POST_BETA3 : Yes
GET_MEMBERSHIPS2 : Yes
GETCHGREQ_V6 (WHISTLER PREVIEW) : Yes
NONDOMAIN_NCS : Yes
GETCHGREQ_V8 (WHISTLER BETA 1) : Yes
ADDENTRYREPLY_V3 (WHISTLER BETA 3): Yes
VERIFY_OBJECT (WHISTLER BETA 3) : Yes
XPRESS_COMPRESSION : Yes
DRS_EXT_ADAM : No
Site GUID: 164a7794-aa39-46ad-9094-424cce8cec5c
Repl epoch: 0
Forest GUID: 4588f830-1b1b-4300-8010-dc81e36b9209
Security information on the binding is as follows:
SPN Requested: LDAP/Server2.Domain.com
Authn Service: 9
Authn Level: 6
Authz Service: 0
======
Dcdiag
======
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine Server2, is a Directory Server.
Home Server = Server2
* Connecting to directory service on server Server2.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Domain,DC=com,
LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name
,CN=Sites,CN=Configuration,DC=Domain,DC=com
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Domain,DC=com,
LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=
Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERVER1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER1 passed test Connectivity
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... SERVER2 passed test Connectivity
Doing primary tests

Starting test: Advertising
The DC SERVER1 is advertising itself as a DC and having a DS.
The DC SERVER1 is advertising as an LDAP server
The DC SERVER1 is advertising as having a writeable directory
The DC SERVER1 is advertising as a Key Distribution Center
The DC SERVER1 is advertising as a time server
The DS SERVER1 is advertising as a GC.
......................... SERVER1 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERVER2 for domain Domain.com in site Default-First-Site-Name
Checking machine account for DC SERVER1 on DC SERVER2.
* SPN found :LDAP/Server1.Domain.com/Domain.com
* SPN found :LDAP/Server1.Domain.com
* SPN found :LDAP/SERVER1
* SPN found :LDAP/Server1.Domain.com/DOMAIN
* SPN found :LDAP/ae7edea7-7117-4677-ba3a-1173e9293052._msdcs.Domain.co
m
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ae7edea7-7117-4677-ba
3a-1173e9293052/Domain.com
* SPN found :HOST/Server1.Domain.com/Domain.com
* SPN found :HOST/Server1.Domain.com
* SPN found :HOST/SERVER1
* SPN found :HOST/Server1.Domain.com/DOMAIN
* SPN found :GC/Server1.Domain.com/Domain.com
Checking for CN=SERVER1,OU=Domain Controllers,DC=Domain,DC=com in domai
n DC=Domain,DC=com on 2 servers
Object is up-to-date on all servers.
[SERVER1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERVER1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones
,DC=Domain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones
,DC=Domain,DC=com.
* Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=Domain,DC=com.
* Analyzing the alive system replication topology for CN=Configuration,
DC=Domain,DC=com.
* Analyzing the alive system replication topology for DC=Domain,DC=com.
......................... SERVER1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SERVER1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x80001396
Time Generated: 10/03/2012 14:27:55
Event String:
The DFS Replication service is stopping communication with partner S
ERVER2 for replication group Roam Profile due to an error. The service will retr
y the connection periodically.
Additional Information:
Error: 1726 (The remote procedure call failed.)
Connection ID: 030023CA-F0ED-4190-A032-91BF219F5694
Replication Group ID: 5B7356A8-3FC5-4218-BE3C-AB4AF8747605
......................... SERVER1 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER1 passed test SysVolCheck
Starting test: FrsSysVol
......................... SERVER1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... SERVER1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-F
irst-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-F
Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-Firs
t-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-Firs
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
* SPN found :LDAP/ae7edea7-7117-4677-ba3a-1173e9293052._msdcs.Domain.co
m
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ae7edea7-7117-4677-ba
3a-1173e9293052/Domain.com
......................... SERVER1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER1.
* Security Permissions Check for
(NDNC,Version 3)
(NDNC,Version 3)
(Schema,Version 3)
(Configuration,Version 3)
DC=Domain,DC=com
(Domain,Version 3)
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVER1\netlogon
Verified share \\SERVER1\sysvol
......................... SERVER1 passed test NetLogons
Starting test: ObjectsReplicated
SERVER1 is in domain DC=Domain,DC=com
Checking for CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com in domain CN=Configuration,DC
=Domain,DC=com on 2 servers
......................... SERVER1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERVER1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... SERVER1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2600 to 1073741823
* Server1.Domain.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1106
......................... SERVER1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER1 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVER1 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=Domain,DC=
com.
* Analyzing the connection topology for DC=DomainDnsZones,DC=Domain,DC=
com.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=D
omain,DC=com.
* Analyzing the connection topology for CN=Configuration,DC=Domain,DC=c
om.
* Analyzing the connection topology for DC=Domain,DC=com.
......................... SERVER1 passed test Topology
Starting test: VerifyEnterpriseReferences
LDAP Error 0x5e (94) - No result present in message.
......................... SERVER1 failed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVER1,OU=Domain Controllers,DC=Domain,DC=com and backlink on
CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=Domain,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=SERVER1,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=Domain,DC=com
and backlink on
CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=Domain,DC=com
are correct.
......................... SERVER1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERVER1 passed test VerifyReplicas
Starting test: Advertising
The DC SERVER2 is advertising itself as a DC and having a DS.
The DC SERVER2 is advertising as an LDAP server
The DC SERVER2 is advertising as having a writeable directory
The DC SERVER2 is advertising as a Key Distribution Center
The DC SERVER2 is advertising as a time server
The DS SERVER2 is advertising as a GC.
......................... SERVER2 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERVER2 for domain Domain.com in site Default-First-Site-Name
* SPN found :LDAP/467d2a30-d459-4aec-a537-818c902ff397._msdcs.Domain.co
m
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/467d2a30-d459-4aec-a5
37-818c902ff397/Domain.com
[SERVER2] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERVER2 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones
,DC=Domain,DC=com.
* Analyzing the alive system replication topology for DC=DomainDnsZones
,DC=Domain,DC=com.
* Analyzing the alive system replication topology for CN=Schema,CN=Conf
iguration,DC=Domain,DC=com.
* Analyzing the alive system replication topology for CN=Configuration,
DC=Domain,DC=com.
* Analyzing the alive system replication topology for DC=Domain,DC=com.
......................... SERVER2 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C5
Time Generated: 10/03/2012 14:30:02
Event String:
The File Replication Service has enabled replication from SERVER1 to
SERVER2 for c:\windows\sysvol\domain after repeated retries.
......................... SERVER2 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SERVER2 passed test DFSREvent
Starting test: SysVolCheck
......................... SERVER2 passed test SysVolCheck
Starting test: FrsSysVol
......................... SERVER2 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 min
utes.
......................... SERVER2 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-F
Role Domain Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-F
Role PDC Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-Firs
Role Rid Owner = CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-Firs
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER1,CN=Serve
rs,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
* SPN found :LDAP/467d2a30-d459-4aec-a537-818c902ff397._msdcs.Domain.co
m
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/467d2a30-d459-4aec-a5
37-818c902ff397/Domain.com
......................... SERVER2 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER2.
(NDNC,Version 3)
(NDNC,Version 3)
(Schema,Version 3)
(Configuration,Version 3)
DC=Domain,DC=com
(Domain,Version 3)
......................... SERVER2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVER2\netlogon
Verified share \\SERVER2\sysvol
......................... SERVER2 passed test NetLogons
Starting test: ObjectsReplicated
SERVER2 is in domain DC=Domain,DC=com
Checking for CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Si
te-Name,CN=Sites,CN=Configuration,DC=Domain,DC=com in domain CN=Configuration,DC
=Domain,DC=com on 2 servers
......................... SERVER2 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERVER2 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... SERVER2 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 2600 to 1073741823
* Server1.Domain.com is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2100 to 2599
* rIDPreviousAllocationPool is 1600 to 2099
* rIDNextRID: 2099
* Warning :There is less than 0% available RIDs in the current pool
......................... SERVER2 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER2 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVER2 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=Domain,DC=
com.
* Analyzing the connection topology for DC=DomainDnsZones,DC=Domain,DC=
com.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=D
omain,DC=com.
* Analyzing the connection topology for CN=Configuration,DC=Domain,DC=c
om.
* Analyzing the connection topology for DC=Domain,DC=com.
......................... SERVER2 passed test Topology
Starting test: VerifyEnterpriseReferences
LDAP Error 0x5e (94) - No result present in message.
......................... SERVER2 failed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVER2,OU=Domain Controllers,DC=Domain,DC=com and backlink on
CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configurat
ion,DC=Domain,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=SERVER2,CN=Domain System Volume (SYSVOL share),CN=File Replication S
ervice,CN=System,DC=Domain,DC=com
and backlink on
CN=NTDS Settings,CN=SERVER2,CN=Servers,CN=Default-First-Site-Name,CN=Si
tes,CN=Configuration,DC=Domain,DC=com
are correct.
......................... SERVER2 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERVER2 passed test VerifyReplicas
Starting test: DNS
Starting test: DNS
DNS Tests are running and not hung. Please wait a few
minutes...
See DNS test in enterprise tests section for results
......................... SERVER1 passed test DNS
See DNS test in enterprise tests section for results
......................... SERVER2 passed test DNS
Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
......................... DomainDnsZones passed test CheckSDRefDom
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
......................... Schema passed test CheckSDRefDom
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
......................... Configuration passed test CheckSDRefDom
......................... Configuration passed test CrossRefValidation
Running partition tests on : Domain
......................... Domain passed test CheckSDRefDom
......................... Domain passed test CrossRefValidation
Running enterprise tests on : Domain.com
Starting test: DNS
Test results for domain controllers:
DC: Server1.Domain.com
Domain: Domain.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Enterprise (Service Pack leve
l: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000006] Intel 21140-Based PCI Fast Ethernet Adapter (Emulat
ed):
MAC address is 00:03:FF:F4:E6:0B
IP Address is static
IP address: 192.168.99.1
DNS servers:
192.168.99.1 (server1.domain.com.) [Valid]
192.168.99.2 (SERVER2) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records fo
und for given DNS query.) - Domain.com]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found prim
ary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid
(unreachable)]
Error: Root hints list has invalid root hint server:
a.root-servers.net. (2001:503:ba3e::2:30)
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreach
able)]
b.root-servers.net. (128.9.0.107)
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unre
achable)]
d.root-servers.net. (2001:500:2d::d)
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unre
achable)]
f.root-servers.net. (2001:500:2f::f)
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unrea
chable)]
j.root-servers.net. (192.58.128.30)
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreac
hable)]
l.root-servers.net. (198.32.64.12)
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: Domain.com.
Delegated domain name: _msdcs.Domain.com.
DNS server: server1.domain.com. IP:192.168.99.1 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone Dom
ain.com
Test record _dcdiag_test_record deleted successfully in zone D
omain.com
TEST: Records registration (RReg)
Network Adapter
ed):
Matching CNAME record found at DNS server 192.168.99.1:
ae7edea7-7117-4677-ba3a-1173e9293052._msdcs.Domain.com
Matching A record found at DNS server 192.168.99.1:
Server1.Domain.com
Warning:
Missing AAAA record at DNS server 192.168.99.1:
Server1.Domain.com
[Error details: 9501 (Type: Win32 - Description: No records
found for given DNS query.)]
Matching SRV record found at DNS server 192.168.99.1:
_ldap._tcp.Domain.com
_ldap._tcp.db9e4eec-7227-412d-a14f-0772edf8c11b.domains._ms
dcs.Domain.com
_kerberos._tcp.dc._msdcs.Domain.com
_ldap._tcp.dc._msdcs.Domain.com
_kerberos._tcp.Domain.com
_kerberos._udp.Domain.com
_kpasswd._tcp.Domain.com
_ldap._tcp.Default-First-Site-Name._sites.Domain.com
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.Dom
ain.com
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.Domain.
com
_kerberos._tcp.Default-First-Site-Name._sites.Domain.com
_ldap._tcp.gc._msdcs.Domain.com
gc._msdcs.Domain.com
Warning:
_gc._tcp.Default-First-Site-Name._sites.Domain.com
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.Domain.
com
_ldap._tcp.pdc._msdcs.Domain.com
ae7edea7-7117-4677-ba3a-1173e9293052._msdcs.Domain.com
Server1.Domain.com
Warning:
Server1.Domain.com
dcs.Domain.com
ain.com
com
Warning:
com
_ldap._tcp.pdc._msdcs.Domain.com
Warning: Record Registrations not found in some network adapters
DC: Server2.Domain.com
Domain: Domain.com
TEST: Authentication (Auth)

Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoftr Windows Serverr 2008 Enterprise (Service Pack leve
l: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
ed):
MAC address is 00:03:FF:F7:E6:0B
IP Address is static
IP address: 192.168.99.2
DNS servers:
192.168.99.1 (server1.domain.com.) [Valid]
192.168.99.2 (SERVER2) [Valid]
Adapter
ed):
MAC address is 00:03:FF:FE:E6:0B
Warning IP address is dynamic (can be a misconfiguration)
Warning: Adapter 00:03:FF:FE:E6:0B has dynamic IP address
(can be a misconfiguration)
IP address: 10.1.69.72, fe80::d94:d199:5984:64b3
DNS servers:
Warning:
10.1.69.252 (<name unavailable>) [Invalid]
Warning: adapter
[00000009] Intel 21140-Based PCI Fast Ethernet Adapter (
Emulated)
has invalid DNS server: 10.1.69.252
(<name unavailable>)
Warning:
10.1.69.231 (<name unavailable>) [Invalid]
Warning: adapter
[00000009] Intel 21140-Based PCI Fast Ethernet Adapter (
Emulated)
has invalid DNS server: 10.1.69.231
(<name unavailable>)
Warning: The A record for this DC was not found
[Error details: 9003 (Type: Win32 - Description: DNS name does
not exist.) - Domain.com]
Warning: The AAAA record for this DC was not found
[Error details: 9003 (Type: Win32 - Description: DNS name does
not exist.) - Domain.com]
No host records (A or AAAA) were found for this DC
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found prim
ary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid
(unreachable)]
a.root-servers.net. (2001:503:ba3e::2:30)
Name: b.root-servers.net. IP: 128.9.0.107 [Invalid (unreach
able)]
b.root-servers.net. (128.9.0.107)
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unre
achable)]
d.root-servers.net. (2001:500:2d::d)
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unre
achable)]
f.root-servers.net. (2001:500:2f::f)
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: j.root-servers.net. IP: 192.58.128.30 [Invalid (unrea
chable)]
j.root-servers.net. (192.58.128.30)
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: l.root-servers.net. IP: 198.32.64.12 [Invalid (unreac
hable)]
l.root-servers.net. (198.32.64.12)
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: Domain.com.
Delegated domain name: _msdcs.Domain.com.
DNS server: server1.domain.com. IP:192.168.99.1 [Valid]
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone Dom
ain.com
Test record _dcdiag_test_record deleted successfully in zone D
omain.com
TEST: Records registration (RReg)
Network Adapter
ed):
467d2a30-d459-4aec-a537-818c902ff397._msdcs.Domain.com
Server2.Domain.com
Warning:
Server2.Domain.com
dcs.Domain.com
ain.com
com
Warning:
com
467d2a30-d459-4aec-a537-818c902ff397._msdcs.Domain.com
Server2.Domain.com
Warning:
Server2.Domain.com
dcs.Domain.com
ain.com
com
Warning:
com
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 128.9.0.107 (b.root-servers.net.)
2 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DN
S server 128.9.0.107 [Error details: 1460 (Type: Win32 - Descripti
on: This operation returned because the timeout period expired.)]
DNS server: 192.58.128.30 (j.root-servers.net.)
S server 192.58.128.30 [Error details: 1460 (Type: Win32 - Descrip
tion: This operation returned because the timeout period expired.)]
DNS server: 198.32.64.12 (l.root-servers.net.)
S server 198.32.64.12 [Error details: 1460 (Type: Win32 - Descript
ion: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2d::d (d.root-servers.net.)
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d
[Error details: 1460 (Type: Win32 - Description: This operation returned
because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
[Error details: 1460 (Type: Win32 - Description: This operation returned
because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
[Error details: 1460 (Type: Win32 - Description: This operation retu
rned because the timeout period expired.)]
DNS server: 10.1.69.231 (<name unavailable>)
Name resolution is not functional. _ldap._tcp.Domain.com. failed
on the DNS server 10.1.69.231
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]
DNS server: 10.1.69.252 (<name unavailable>)
Name resolution is not functional. _ldap._tcp.Domain.com. failed
on the DNS server 10.1.69.252
[Error details: 9003 (Type: Win32 - Description: DNS name does no
t exist.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
DNS server: 192.112.36.4 (g.root-servers.net.)
DNS server: 192.168.99.1 (server1.domain.com.)
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS delegation for the domain _msdcs.Domain.com. is operational
on IP 192.168.99.1
DNS server: 192.168.99.2 (SERVER2)

Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS server: 192.203.230.10 (e.root-servers.net.)
DNS server: 192.228.79.201 (b.root-servers.net.)
DNS server: 192.33.4.12 (c.root-servers.net.)
DNS server: 192.36.148.17 (i.root-servers.net.)
DNS server: 192.5.5.241 (f.root-servers.net.)
DNS server: 193.0.14.129 (k.root-servers.net.)
DNS server: 198.41.0.4 (a.root-servers.net.)

DNS server: 202.12.27.33 (m.root-servers.net.)
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: Domain.com
Server1 PASS WARN FAIL PASS PASS WARN n/a
Server2 PASS FAIL FAIL PASS PASS WARN n/a
......................... Domain.com failed test DNS
Starting test: LocatorCheck
GC Name: \\Server2.Domain.com
Locator Flags: 0xe00011fc
PDC Name: \\Server1.Domain.com
Locator Flags: 0xe00013fd
Time Server Name: \\Server2.Domain.com
Preferred Time Server Name: \\Server1.Domain.com
KDC Name: \\Server2.Domain.com
......................... Domain.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\Server2.Domain.com
PDC Name: \\Server1.Domain.com
Time Server Name: \\Server2.Domain.com
Preferred Time Server Name: \\Server1.Domain.com
KDC Name: \\Server2.Domain.com
......................... Domain.com passed test FsmoCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... Domain.com passed test Intersite

Ad Health

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ad Health

Uploaded by

Copyright:

Available Formats

================================

Domain Controllers In the Domain

Source DSA largest delta fails/total %% error

Destination DSA largest delta fails/total %% error

Testing server: Default-First-Site-Name\SERVER1

Running partition tests on : ForestDnsZones

TEST: Authentication (Auth)

DNS server: 192.168.99.2 (SERVER2)

DNS server: 198.41.0.4 (a.root-servers.net.)

You might also like