dcdiag doesn't look good

  • Thread starter Thread starter mike
  • Start date Start date
M

mike

Hi...hope someone can help me out. I am copying the
results of a dcdiag I ran. Some background....I just
inherited this admin job. I've been out of it for a
while. Anyway...it was explained to me that the server I
inherited had win2k installed and wasn't an upgrade and
that there were no former DC's. I'm thinking that isn't
the case judging by the results. I am also getting net
logon errors every 2 hours, directory services errors,
App errors and FRS errors and numerous client
problems..printing, logging on etc. This is a single
server domain. With about 25 clients..things shouldn't be
this difficult. The only reference I could find of server
NT1 is in sites and services under default-first-site-
name. I'm thinking whoever did this upgraded from NT and
then deployed this win2k server and made some mistakes.
If so, can this problem be the root of the other
problems?. The logs record errors back to april-may of
this year. Here are the results of the dcdiag..

Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Admin>dcdiag

DC Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER1
Starting test: Replications
[Replications Check,SERVER1] A recent
replication attempt failed:
From NT1 to SERVER1
Naming Context:
CN=Schema,CN=Configuration,DC=gsisharp,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failu
re.
The failure occurred at 2003-12-25 22:50.30.
The last success occurred at 2003-05-05
06:57.43.
5698 failures have occurred since the last
success.
The guid-based DNS name b3eb5fd5-4d0c-48c7-
93e9-7b2647518561._msdcs.
gsisharp.com
is not registered on one or more DNS servers.
[NT1] DsBind() failed with error 1722,
The RPC server is unavailable..
[Replications Check,SERVER1] A recent
replication attempt failed:
From NT1 to SERVER1
Naming Context:
CN=Configuration,DC=gsisharp,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failu
re.
The failure occurred at 2003-12-25 22:50.30.
The last success occurred at 2003-05-05
07:09.38.
5698 failures have occurred since the last
success.
The guid-based DNS name b3eb5fd5-4d0c-48c7-
93e9-7b2647518561._msdcs.
gsisharp.com
is not registered on one or more DNS servers.
[Replications Check,SERVER1] A recent
replication attempt failed:
From NT1 to SERVER1
Naming Context: DC=gsisharp,DC=com
The replication generated an error (8524):
The DSA operation is unable to proceed
because of a DNS lookup failu
re.
The failure occurred at 2003-12-25 22:50.30.
The last success occurred at 2003-05-05
07:19.15.
5698 failures have occurred since the last
success.
The guid-based DNS name b3eb5fd5-4d0c-48c7-
93e9-7b2647518561._msdcs.
gsisharp.com
is not registered on one or more DNS servers.
......................... SERVER1 passed test
Replications
Starting test: NCSecDesc
......................... SERVER1 passed test
NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test
NetLogons
Starting test: Advertising
......................... SERVER1 passed test
Advertising
Starting test: KnowsOfRoleHolders
Warning: NT1 is the Schema Owner, but is not
responding to DS RPC Bind.

[NT1] LDAP connection failed with error 58,
The specified server cannot perform the
requested operation..
Warning: NT1 is the Schema Owner, but is not
responding to LDAP Bind.
Warning: NT1 is the Domain Owner, but is not
responding to DS RPC Bind.

Warning: NT1 is the Domain Owner, but is not
responding to LDAP Bind.
Warning: NT1 is the PDC Owner, but is not
responding to DS RPC Bind.
Warning: NT1 is the PDC Owner, but is not
responding to LDAP Bind.
Warning: NT1 is the Rid Owner, but is not
responding to DS RPC Bind.
Warning: NT1 is the Rid Owner, but is not
responding to LDAP Bind.
Warning: NT1 is the Infrastructure Update Owner,
but is not responding
to DS RPC Bind.
Warning: NT1 is the Infrastructure Update Owner,
but is not responding
to LDAP Bind.
......................... SERVER1 failed test
KnowsOfRoleHolders
Starting test: RidManager
[SERVER1] DsBindWithCred() failed with error
1722. The RPC server is un
available.
......................... SERVER1 failed test
RidManager
Starting test: MachineAccount
......................... SERVER1 passed test
MachineAccount
Starting test: Services
......................... SERVER1 passed test
Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test
ObjectsReplicated
Starting test: frssysvol
There are errors after the SYSVOL has been
shared.
The SYSVOL can prevent the AD from starting.
......................... SERVER1 passed test
frssysvol
Starting test: kccevent
......................... SERVER1 passed test
kccevent
Starting test: systemlog
An Error Event occured. EventID: 0xC0001B77
Time Generated: 12/25/2003 22:00:54
Event String: The USQLSDMF3.10.0406 service
terminated
An Error Event occured. EventID: 0x00000C18
Time Generated: 12/25/2003 22:05:51
Event String: The Windows NT domain
controller for this domain
......................... SERVER1 failed test
systemlog

Running enterprise tests on : mydomain.com
Starting test: Intersite
......................... mydomain.com passed
test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed,
error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
......................... gsisharp.com failed
test FsmoCheck

Thanks in advance,

Mike
 
In
mike said:
Hi...hope someone can help me out. I am copying the
results of a dcdiag I ran. Some background....I just
inherited this admin job. I've been out of it for a
while. Anyway...it was explained to me that the server I
inherited had win2k installed and wasn't an upgrade and
that there were no former DC's. I'm thinking that isn't
the case judging by the results. I am also getting net
logon errors every 2 hours, directory services errors,
App errors and FRS errors and numerous client
problems..printing, logging on etc. This is a single
server domain. With about 25 clients..things shouldn't be
this difficult. The only reference I could find of server
NT1 is in sites and services under default-first-site-
name. I'm thinking whoever did this upgraded from NT and
then deployed this win2k server and made some mistakes.
If so, can this problem be the root of the other
problems?. The logs record errors back to april-may of
this year. Here are the results of the dcdiag..
Click to expand...
Thanks in advance,

Mike
Click to expand...

Hi Mike, can you post us additional information, such as:

1. UNEDITED ipconfig /all from both servers please
2. The AD DNS Domain name (as it shows up in ADUC)
3. What Service Pack level they are on
4. The zone name in DNS.
5. Dynamic Updates set to at least YES in the zone properties?


Thanks!

Clue: My first thought is your using your ISP's DNS servers. That's a no-no
in AD. But let's see that info and we can give you a better concise answer.

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Hi,

Thanks for the reply. Ok...first I have changed all of
the DNS servers to internal only already. I can't give
you ipconfig on both servers because server NT1 does not
exist. Dynamic updates are on. Below is ipconfig on
Server1. Again it's the only server running. I had no
idea about server NT1 until I saw it show up on the
dcdiag. Zone name is gsisharp.com. Service pack 4. I also
have a 50/50 chance of accessing ADUC etc. Sometimes I
get an error that the path isnt there.

Thanks again...hope this info will shed more light.
Mike


Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Admin>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary DNS Suffix . . . . . . . : gsisharp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gsisharp.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-C0-9F-21-
A3-FE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.254
Primary WINS Server . . . . . . . : 192.168.0.254

C:\Documents and Settings\Admin>
 
In
Hi,

Thanks for the reply. Ok...first I have changed all of
the DNS servers to internal only already. I can't give
you ipconfig on both servers because server NT1 does not
exist. Dynamic updates are on. Below is ipconfig on
Server1. Again it's the only server running. I had no
idea about server NT1 until I saw it show up on the
dcdiag. Zone name is gsisharp.com. Service pack 4. I also
have a 50/50 chance of accessing ADUC etc. Sometimes I
get an error that the path isnt there.

Thanks again...hope this info will shed more light.
Mike


Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.

C:\Documents and Settings\Admin>ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : SERVER1
Primary DNS Suffix . . . . . . . : gsisharp.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gsisharp.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R)
PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-C0-9F-21-
A3-FE
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.254
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1
DNS Servers . . . . . . . . . . . : 192.168.0.254
Primary WINS Server . . . . . . . : 192.168.0.254

C:\Documents and Settings\Admin>
Click to expand...

Glad you removed your ISP's DNS. Setup a Forwarder for efficient Internet
resolution. If the option is grayed out, delete the Root zone and try again.
This article will show you these steps:
http://support.microsoft.com/?id=300202

Thanks for posting that info. Seems that NT1 is still in the AD database.
Follow this article to clean it's reference out of it:
HOW TO Remove Data in Active Directory After an Unsuccessful Domain
Controller Demotion Q216498:
http://support.microsoft.com/?id=216498

Now once you do that, perform these steps on the DNS server:
Rt-click on DNS server name, clear cache.

Then in a command prompt on the server, follow these steps:
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon

The SRV records should now show up. Let us know how you make out.



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.
This posting is provided "AS IS" with no warranties.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Back
Top