dcdiag Question

  • Thread starter Thread starter FriscoKid
  • Start date Start date
F

FriscoKid

Hi, I'm just starting with Active Directory. I'd like to get an expert
opinion as to the dcdiag output shown below.

I will note that I'm having no problems (that I'm aware of yet) with this
new test domain, but became a bit unsettled by the output of dcdiag. Perhaps
it's nothing to worry about. I can verify that the windows time service is
disabled. I don't understand the part about the PDC being down, though.

Thank you for your time & experience.


C:\>dcdiag /n:domain.local
The distinguished name of the domain is DC=domain,DC=local.

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: domain\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: domain\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... domain.local failed test FsmoCheck
 
The PDC not found is probably caused by the time service being disabled.
Disabling this service can cause some issues when contacting domain
resources (Kerberos) if the time skews. I would enable the time service and
re-run the dcdiag to determine if that is the cause of the PDC message.

--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


FriscoKid said:
Hi, I'm just starting with Active Directory. I'd like to get an expert
opinion as to the dcdiag output shown below.

I will note that I'm having no problems (that I'm aware of yet) with this
new test domain, but became a bit unsettled by the output of dcdiag. Perhaps
it's nothing to worry about. I can verify that the windows time service is
disabled. I don't understand the part about the PDC being down, though.

Thank you for your time & experience.


C:\>dcdiag /n:domain.local
The distinguished name of the domain is DC=domain,DC=local.

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: domain\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: domain\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... domain.local failed test FsmoCheck
Click to expand...
 
Thank you for your prompt reply. I will try re-enabling the time service to
see whether it resolves the issue.

This leads me to a question. If I enable the time service on each of my
active directory peers, will they automatically know to sync the time with
each other, or need I set up a dedicated time server on the network? My
understanding was that the time service sync'd with Microsoft by default.
Since we have a firewall, I disabled the service. I have three peers and I
have been running a "net time" command once a week (via batch script) to
keep the other two sync'd with the third.

Thank you.

Steve Dodson said:
The PDC not found is probably caused by the time service being disabled.
Disabling this service can cause some issues when contacting domain
resources (Kerberos) if the time skews. I would enable the time service and
re-run the dcdiag to determine if that is the cause of the PDC message.

--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


FriscoKid said:
Hi, I'm just starting with Active Directory. I'd like to get an expert
opinion as to the dcdiag output shown below.

I will note that I'm having no problems (that I'm aware of yet) with this
new test domain, but became a bit unsettled by the output of dcdiag. Perhaps
it's nothing to worry about. I can verify that the windows time service is
disabled. I don't understand the part about the PDC being down, though.

Thank you for your time & experience.


C:\>dcdiag /n:domain.local
The distinguished name of the domain is DC=domain,DC=local.

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: domain\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: domain\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... domain.local failed test FsmoCheck
Click to expand...
Click to expand...
 
I would keep the service running and set one DC to be the authortative time
server. You can then do a net time /setsntp to set an external time server.
This is described in the following article:

216734 How to Configure an Authoritative Time Server in Windows 2000
http://support.microsoft.com/?id=216734


--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


FriscoKid said:
Thank you for your prompt reply. I will try re-enabling the time service to
see whether it resolves the issue.

This leads me to a question. If I enable the time service on each of my
active directory peers, will they automatically know to sync the time with
each other, or need I set up a dedicated time server on the network? My
understanding was that the time service sync'd with Microsoft by default.
Since we have a firewall, I disabled the service. I have three peers and I
have been running a "net time" command once a week (via batch script) to
keep the other two sync'd with the third.

Thank you.

Steve Dodson said:
The PDC not found is probably caused by the time service being disabled.
Disabling this service can cause some issues when contacting domain
resources (Kerberos) if the time skews. I would enable the time service and
re-run the dcdiag to determine if that is the cause of the PDC message.

--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


FriscoKid said:
Hi, I'm just starting with Active Directory. I'd like to get an expert
opinion as to the dcdiag output shown below.

I will note that I'm having no problems (that I'm aware of yet) with this
new test domain, but became a bit unsettled by the output of dcdiag. Perhaps
it's nothing to worry about. I can verify that the windows time
Click to expand...
service
is
disabled. I don't understand the part about the PDC being down, though.

Thank you for your time & experience.


C:\>dcdiag /n:domain.local
The distinguished name of the domain is DC=domain,DC=local.

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: domain\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: domain\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
......................... domain.local failed test FsmoCheck
Click to expand...
Click to expand...
Click to expand...
 
Thanks for the pointers! The error went away after enabling the time
service; I will look at the link you provided.

Thank you.

Steve Dodson said:
I would keep the service running and set one DC to be the authortative time
server. You can then do a net time /setsntp to set an external time server.
This is described in the following article:

216734 How to Configure an Authoritative Time Server in Windows 2000
http://support.microsoft.com/?id=216734


--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


FriscoKid said:
Thank you for your prompt reply. I will try re-enabling the time
Click to expand...
service
to
see whether it resolves the issue.

This leads me to a question. If I enable the time service on each of my
active directory peers, will they automatically know to sync the time with
each other, or need I set up a dedicated time server on the network? My
understanding was that the time service sync'd with Microsoft by default.
Since we have a firewall, I disabled the service. I have three peers
Click to expand...
and
I
have been running a "net time" command once a week (via batch script) to
keep the other two sync'd with the third.

Thank you.

Steve Dodson said:
The PDC not found is probably caused by the time service being disabled.
Disabling this service can cause some issues when contacting domain
resources (Kerberos) if the time skews. I would enable the time
Click to expand...
service
and
re-run the dcdiag to determine if that is the cause of the PDC message.

--
Steve Dodson [MSFT]
Directory Services
Please do not send e-mail directly to my alias. This alias is for newsgroup
purposes only.

This posting is provided "AS IS" with no warranties, and confers no rights


Hi, I'm just starting with Active Directory. I'd like to get an expert
opinion as to the dcdiag output shown below.

I will note that I'm having no problems (that I'm aware of yet) with this
new test domain, but became a bit unsettled by the output of dcdiag.
Perhaps
it's nothing to worry about. I can verify that the windows time service
is
disabled. I don't understand the part about the PDC being down, though.

Thank you for your time & experience.


C:\>dcdiag /n:domain.local
The distinguished name of the domain is DC=domain,DC=local.

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: domain\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity

Doing primary tests

Testing server: domain\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
Warning: SERVER1 is not advertising as a time server.
......................... SERVER1 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
w32time Service is stopped on [SERVER1]
......................... SERVER1 failed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog

Running enterprise tests on : domain.local
Starting test: Intersite
......................... domain.local passed test Intersite
Starting test: FsmoCheck
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed,
error
1355
A Good Time Server could not be located.
......................... domain.local failed test FsmoCheck
Click to expand...
Click to expand...
Click to expand...
 
Back
Top