DCDIAG error

  • Thread starter Thread starter Chris
  • Start date Start date
C

Chris

Someone kindly told me the dcdiag tool could help me with
my dns issues, being I'm new to win2k and DNS, I dont know
how to fix the the error.


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
SERVER's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name

(f2b81a75-9ee4-4a3b-bbea-
6317c107d292._msdcs.Bogy.local) couldn't be

resolved, the server name (server.Bogy.local)
resolved to the IP

address (192.168.0.121) and was pingable. Check
that the IP address

is registered correctly with the DNS server.
......................... SERVER failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests

Running enterprise tests on : Bogy.local
Starting test: Intersite
......................... Bogy.local passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.local passed test
FsmoCheck

Sorry for the dumb question, but I could really use some
help, the Windows help file is useless, or it could just
be my brain.

Chris
 
In
Chris said:
Someone kindly told me the dcdiag tool could help me with
my dns issues, being I'm new to win2k and DNS, I dont know
how to fix the the error.


Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
SERVER's server GUID DNS name could not be
resolved to an
IP address. Check the DNS server, DHCP, server
name, etc
Although the Guid DNS name

(f2b81a75-9ee4-4a3b-bbea-
6317c107d292._msdcs.Bogy.local) couldn't be

resolved, the server name (server.Bogy.local)
resolved to the IP

address (192.168.0.121) and was pingable. Check
that the IP address

is registered correctly with the DNS server.
......................... SERVER failed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Skipping all tests, because server SERVER is
not responding to directory service requests

Running enterprise tests on : Bogy.local
Starting test: Intersite
......................... Bogy.local passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.local passed test
FsmoCheck

Sorry for the dumb question, but I could really use some
help, the Windows help file is useless, or it could just
be my brain.

Chris
Click to expand...

Here's the basics of AD and DNS:
http://support.microsoft.com/?id=291382

Basically, in your IP properties of all your internal machines (DCs and
clients) point only to your DNS server. Do not use an ISP's or any other
external DNS server. LOTS and LOTS of errors will result if you do. TOo many
to list here, with yours being one of them.

Make sure that the Primary DNS Suffix is ste to the exact name of AD's
domain name and it is NOT a single label name. It should be "domain.com" or
domain.local" but not just "domain.

Make sure updates are set to YES on the zone property that you created in
DNS and is spelled exactly the same as the Primary DNS Suffix and the AD
domain name.

Make sure if you are in a routed environment with mutliple sites, that you
are not trying to go thru a NAT, since it doesn't support RPC, Kerberos or
LDAP communication, which AD requires. Evern though it can ping or resolve
to the name, once it tries to communicate thru LDAP with using RPC, and the
resulting Kerberos authentication tries to take place, it all fails and
returns an error saying it cannot establish communication with such and
such.

If using a VPN, DO NOT alter the MTU settings, or the results will also be
as a NAT issue above.

If you need Internet resolution, make sure your machines are pointing to
your own (as in the first paragraph above) and setup a forwarder on your own
DNS server to send the query to the ISP's. Shown how to here:
http://support.microsoft.com/?id=300202

The help files do not go into this detail and requires either taking courses
with a qualified instructor or actual JIT or OTJ (just in time or on the
job) training and learning the hard way!

:-)


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I'm back, still having issues.
I reinstalled Win Advanced Server, ran "dcpromo" created
the domain, "Bogy.Family"

IN System Properties-Network Identification states:
Full computer Name: Server.Bogy.Family
Domain: Bogy.Family

TCP/IT properties:
IP address: 192.168.0.121
Subnet: 255.255.255.0
Default Gateway: 192.168.0.1-----this is my router to isp.
Perferred DNS Server: 192.168.0.121

Installed DNS:
Zone Name: Server
Under Forward lookup zone I have
Bogy.Family in this I have these folders _msdc, _sites,
_tcp, _udp all with proper records within,
For records under Bogy.Family I have SOA, NS, and 2 "A"
host records.
I deleted the "." root.
I changed the "Allow Dynamic Updates" to "Yes" then I ran
net stop netlogon, then net start logon and finally
ipconfig /registerdns

DCDIAG now displays this:
Domain Controller Diagnosis

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
......................... SERVER passed test
Replications
Starting test: NCSecDesc
......................... SERVER passed test
NCSecDesc
Starting test: NetLogons
......................... SERVER passed test
NetLogons
Starting test: Advertising
......................... SERVER passed test
Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test
RidManager
Starting test: MachineAccount
......................... SERVER passed test
MachineAccount
Starting test: Services
......................... SERVER passed test
Services
Starting test: ObjectsReplicated
......................... SERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test
frssysvol
Starting test: kccevent
......................... SERVER passed test
kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 15:15:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 16:00:31
(Event String could not be retrieved)
......................... SERVER failed test
systemlog

Running enterprise tests on : Bogy.Family
Starting test: Intersite
......................... Bogy.Family passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.Family passed test
FsmoCheck


Now when I run the NSLOOKUP command I get this:

*** Can't find server namefor address 192.168.0.121: Non-
existent domain
***Default Server: UnKnown
Address: 192.168.0.1

And finally when I try to join any of my XP machines to
the domain, I receive the error: "The following error
occurred attempting to join the domain "Bogy.Family": the
network path was not found.

TCP/IP of XP machines
IP: are static ie.192.168.0.122
Default gateway: 192.168.0.1
DNS setting are set to 192.168.0.121

My question after all that is, why does NSLOOKUP not work
but DCDIAG work?? And why the domain error on the XP
machines?

I must be a dumb ass or something.
Thanks again.

Chris
 
In
Chris said:
I'm back, still having issues.
I reinstalled Win Advanced Server, ran "dcpromo" created
the domain, "Bogy.Family"

IN System Properties-Network Identification states:
Full computer Name: Server.Bogy.Family
Domain: Bogy.Family

TCP/IT properties:
IP address: 192.168.0.121
Subnet: 255.255.255.0
Default Gateway: 192.168.0.1-----this is my router to isp.
Perferred DNS Server: 192.168.0.121

Installed DNS:
Zone Name: Server
Under Forward lookup zone I have
Bogy.Family in this I have these folders _msdc, _sites,
_tcp, _udp all with proper records within,
For records under Bogy.Family I have SOA, NS, and 2 "A"
host records.
I deleted the "." root.
I changed the "Allow Dynamic Updates" to "Yes" then I ran
net stop netlogon, then net start logon and finally
ipconfig /registerdns

DCDIAG now displays this:
Domain Controller Diagnosis

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Connectivity
......................... SERVER passed test
Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\SERVER
Starting test: Replications
......................... SERVER passed test
Replications
Starting test: NCSecDesc
......................... SERVER passed test
NCSecDesc
Starting test: NetLogons
......................... SERVER passed test
NetLogons
Starting test: Advertising
......................... SERVER passed test
Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER passed test
RidManager
Starting test: MachineAccount
......................... SERVER passed test
MachineAccount
Starting test: Services
......................... SERVER passed test
Services
Starting test: ObjectsReplicated
......................... SERVER passed test
ObjectsReplicated
Starting test: frssysvol
......................... SERVER passed test
frssysvol
Starting test: kccevent
......................... SERVER passed test
kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 15:15:30
(Event String could not be retrieved)
An Error Event occured. EventID: 0x8000003E
Time Generated: 07/02/2003 16:00:31
(Event String could not be retrieved)
......................... SERVER failed test
systemlog

Running enterprise tests on : Bogy.Family
Starting test: Intersite
......................... Bogy.Family passed test
Intersite
Starting test: FsmoCheck
......................... Bogy.Family passed test
FsmoCheck


Now when I run the NSLOOKUP command I get this:

*** Can't find server namefor address 192.168.0.121: Non-
existent domain
***Default Server: UnKnown
Address: 192.168.0.1

And finally when I try to join any of my XP machines to
the domain, I receive the error: "The following error
occurred attempting to join the domain "Bogy.Family": the
network path was not found.

TCP/IP of XP machines
IP: are static ie.192.168.0.122
Default gateway: 192.168.0.1
DNS setting are set to 192.168.0.121

My question after all that is, why does NSLOOKUP not work
but DCDIAG work?? And why the domain error on the XP
machines?

I must be a dumb ass or something.
Thanks again.

Chris
Click to expand...


Also to add about XP and logons *if* using XP SP1:

331519 - Error Messages When You Open or Copy Network Files on Windows XP
SP1 Clients That Require SMB Signing [XP Login to AD issues with XP SP1]:
http://support.microsoft.com/?id=331519

--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Q) Is the Kerberos KDC service running?
A) I have no clue on how to check that.


Q)Are you using WINS?
A)NO


Q)DId you disable any services, such
as File and Print Services?
A)Client for Microsoft Networks, F&P is running.


Q)Did you recently change the clock? Logged on as
Enterprise Admin? Change anything at all,
even any minor settings, maybe even kill the MS Client
service or NetBIOS?
A) All I did was uncheck Client for Microsoft Networks,
Since I'm running Win 2K Server and Win XP I dont need
it. Or so I've read.


Q)Did you change any other settings as far as security,
group policy, local
security policy, etc?
A)I didn't change any policys, It was a fresh install,
all I've done is installed AD and DNS.



Q)What Errors are in your Event Viewer? Post the Event ID
# please.
A) Events 62, 5781, and 34

Q)If you joined by the NetBIOS name, which I'm assuming
is "BOGY", do you get the same error?
A) I've tried to join with Server.Bogy.Family,
Bogy.Family, and Bogy, nothing worked

Q)Try a netdiag /fix on the DC and re-run DCDIAG.
A) I ran netdiag /fix then ran dcdiag, dcdiag has the
same error.

I have re-installed twice now and the same crap keeps
happening, Its starting to piss me off.

Chris
 
In
Chris said:
Q) Is the Kerberos KDC service running?
A) I have no clue on how to check that.
Click to expand...

Check services. If it's "started", then it's running.
Q)Are you using WINS?
A)NO


Q)DId you disable any services, such
as File and Print Services?
A)Client for Microsoft Networks, F&P is running.


Q)Did you recently change the clock? Logged on as
Enterprise Admin? Change anything at all,
even any minor settings, maybe even kill the MS Client
service or NetBIOS?
A) All I did was uncheck Client for Microsoft Networks,
Since I'm running Win 2K Server and Win XP I dont need
it. Or so I've read.
Click to expand...

You'll need it. Enable it, start it, then run netdiag /fix, and then re-run
dcdiag.
Q)Did you change any other settings as far as security,
group policy, local
security policy, etc?
A)I didn't change any policys, It was a fresh install,
all I've done is installed AD and DNS.



Q)What Errors are in your Event Viewer? Post the Event ID
# please.
A) Events 62, 5781, and 34
Click to expand...

5781:
http://www.eventid.net/display.asp?eventid=5781&source=
Due to (most likely) your zone is AD Integrated and AD has not quite
initialized at boot while netlogon is trying to register into DNS, and/or
due to the Client Service being disabled.

You can either ignore the error, or change the zone to a Primary. Matter of
fact in your case, I would change it to a Primary and see if it helps with
the main issue. You say the SRVs show up, then let;s do this after you
change it to a Primary (in this order):

Delete the SRV records.
Hit refresh to make sure they're gone.
Delete the system32\config\netlogon.dns and netlogon.dnb files
ipconfig /registerdns
net stop netlogon
net start netlogon

Then tell me if the SRVs pop back up. If all is set correctly, they should
with no problem.

62
Has nothing to do with your problem, but to clean it up, as should be done
on a DC with the time service, do this:
net time /setsntp:192.5.41.41
net stop w32time
w32tm -once
net start w32time

34
NOrmal using IDE on a DC. It disabled the harddrive's cache so the AD
database is consistent and upto date due to transactional logging.
Q)If you joined by the NetBIOS name, which I'm assuming
is "BOGY", do you get the same error?
A) I've tried to join with Server.Bogy.Family,
Bogy.Family, and Bogy, nothing worked
Click to expand...

Due to probably the above service being disabled. Hopefully that is this
case.
Q)Try a netdiag /fix on the DC and re-run DCDIAG.
A) I ran netdiag /fix then ran dcdiag, dcdiag has the
same error.

I have re-installed twice now and the same crap keeps
happening, Its starting to piss me off.
Click to expand...

Don;t be pissed. It maybe due to killing that one service. I've installed AD
hundreds of times, and that is probably an understatement and NEVER have had
any problems. It just works. Once anyone starts changing the defaults,
things start happening. Understand what you want to disabled and it's impact
before doing so. I'm not saying the MS Client is not causing it, but the
machine MUST be a client of itself to be able to do it's job.

Chris
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
In
Chris said:
Check services. If it's "started", then it's running.

(reply)How do I do that?
Click to expand...

Go into the Services Console. Look at the service name. To the right of it,
it should say "started" if it actually is, and that means that it's
ruinning.
You'll need it. Enable it, start it, then run
netdiag /fix, and then

re-run dcdiag.

(reply) dcdiag shows the same error.


(reply) I have some new errors in the event log/ system
they are:
11 and 5781

5781:
http://www.eventid.net/display.asp?eventid=5781&source=
Due to (most likely) your zone is AD Integrated and AD has
not quite
initialized at boot while netlogon is trying to register
into DNS,

and/or
due to the Client Service being disabled.

You can either ignore the error, or change the zone to a
Primary.

Matter of
fact in your case, I would change it to a Primary and see
if it helps

with
the main issue. You say the SRVs show up, then let;s do
this after you
change it to a Primary (in this order):

Delete the SRV records.
Hit refresh to make sure they're gone.
Delete the system32\config\netlogon.dns and netlogon.dnb
files
ipconfig /registerdns
net stop netlogon
net start netlogon

Then tell me if the SRVs pop back up. If all is set
correctly, they

should with no problem.

(reply) I created a primany when I installed DNS. I did
all the above

anyway, and yes the SRV records came back

Do you think any of this would of happened if I installed
DNS before AD??
Click to expand...

No, it wouldn't have anything to do with it. You can completely delete DNS
and reinstall it if you like to give it a shot. But I need you to check if
you turned off any services. I also need you to renable the Microsoft Client
Service and FIle & Print Service (if you disalbed that too) to renable them
and try this all over again. That is done in the Network Card's properties.
If you want to try to delete DNS and reinstall it, let me know.

As I said, AD usually just works. I'm surprised that you';re having this
much difficutly with it. If certain services are disabled, then that would
cause problems.
Chris
Click to expand...



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
I just want to say, "Thanks for all your help!"
Kerberos KDC is running, and there are no other services
turned off, all are at default settings.

The Microsoft Client is checked and running.

Here is the list I'm getting now.
System: 5781 and 11
Application: 1000

I was finally able to logon to the domain (Bogy.Family)
from my XP computers! So I think the major problems were
fixed. What a pain in the ass!


Chris
 
In
Chris said:
I just want to say, "Thanks for all your help!"
Kerberos KDC is running, and there are no other services
turned off, all are at default settings.

The Microsoft Client is checked and running.

Here is the list I'm getting now.
System: 5781 and 11
Application: 1000

I was finally able to logon to the domain (Bogy.Family)
from my XP computers! So I think the major problems were
fixed. What a pain in the ass!


Chris
Click to expand...

Good
As for 5781, re-read my previous post.

As for Ebent ID 11, there are numerous Sources. So it depends. See here and
let me know the "Source".
http://www.eventid.net/display.asp?eventid=11&source=


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
Event ID 11, this is being created because of my Adaptec
SCSI 19160 card. Adaptect says this card is not supported
my Windows 2000. The only fix is to remove it.
Boy am I glad I spent all that money on that card!

I went to Eventid.net and looked at error 5781 (thanks for
the link), couldn't get to the fix page cauz they want me
to pay, so I'll just ignor it.

Chris
 
In
Chris said:
Event ID 11, this is being created because of my Adaptec
SCSI 19160 card. Adaptect says this card is not supported
my Windows 2000. The only fix is to remove it.
Boy am I glad I spent all that money on that card!

I went to Eventid.net and looked at error 5781 (thanks for
the link), couldn't get to the fix page cauz they want me
to pay, so I'll just ignor it.

Chris
Click to expand...
Well, $$ for good hardware usually is a good investment, provided that it
*works*.

You can ignore that error. No harm done. Or change it to a Primary zone and
it will go away.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory
 
That's the strange part, DNS is set as Primary and not AD
intergrated!
I found some info on Microsoft's site, they have a regedit
fix and a TCP/IP fix. I went to the NIC properties(on the
server) and changed the TCP/IP DSN setting, it was set at
192.168.0.121 which is the address of my server or its
self, microsoft recemmonds that this not be set to it
self. When I removed the IP it changed to 127.0.0.1,
however I'm still getting the error.

Chris
 
Back
Top