DNS issues

  • Thread starter Thread starter Larry Holt
  • Start date Start date
L

Larry Holt

we seem to be experiencing some latency today, evidenced by slow
internal Exchange Mail. Our DC was throwing off some 7063 errors, which
I corrected by removing the incorrect forwarders. Our second DC has a
few 4004 errors (Server was rebooted Saturday). Both are W2k, SP4.
Below is a DCDIAG, which looks ok other than TrkSvr (Terminal Server?)
being off.
Larry


Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine bdcbcoc, is a DC.
* Connecting to directory service on server bdcbcoc.
* Collecting site info.
* Identifying all servers.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\W2KBCOC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... W2KBCOC passed test Connectivity

Testing server: Default-First-Site-Name\BDCBCOC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... BDCBCOC passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\W2KBCOC
Starting test: Replications
* Replications Check
......................... W2KBCOC passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=bcoc,DC=pvt
* Security Permissions Check for
CN=Configuration,DC=bcoc,DC=pvt
* Security Permissions Check for
DC=bcoc,DC=pvt
......................... W2KBCOC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... W2KBCOC passed test NetLogons
Starting test: Advertising
The DC W2KBCOC is advertising itself as a DC and having a DS.
The DC W2KBCOC is advertising as an LDAP server
The DC W2KBCOC is advertising as having a writeable directory
The DC W2KBCOC is advertising as a Key Distribution Center
The DC W2KBCOC is advertising as a time server
The DS W2KBCOC is advertising as a GC.
......................... W2KBCOC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Domain Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role PDC Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Rid Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
......................... W2KBCOC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2105 to 1073741823
* w2kbcoc.bcoc.pvt is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1105 to 1604
* rIDNextRID: 1240
* rIDPreviousAllocationPool is 1105 to 1604
......................... W2KBCOC passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/w2kbcoc.bcoc.pvt/bcoc.pvt
* SPN found :LDAP/w2kbcoc.bcoc.pvt
* SPN found :LDAP/W2KBCOC
* SPN found :LDAP/w2kbcoc.bcoc.pvt/BCOC
* SPN found
:LDAP/411345d9-7491-413b-ba83-955f09e71449._msdcs.bcoc.pvt
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/411345d9-7491-413b-ba83-955f09e71449/bcoc.pvt
* SPN found :HOST/w2kbcoc.bcoc.pvt/bcoc.pvt
* SPN found :HOST/w2kbcoc.bcoc.pvt
* SPN found :HOST/W2KBCOC
* SPN found :HOST/w2kbcoc.bcoc.pvt/BCOC
* SPN found :GC/w2kbcoc.bcoc.pvt/bcoc.pvt
......................... W2KBCOC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
TrkSvr Service is stopped on [W2KBCOC]
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... W2KBCOC failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
W2KBCOC is in domain DC=bcoc,DC=pvt
Checking for CN=W2KBCOC,OU=Domain Controllers,DC=bcoc,DC=pvt
in domain DC=bcoc,DC=pvt on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
in domain CN=Configuration,DC=bcoc,DC=pvt on 2 servers
Object is up-to-date on all servers.
......................... W2KBCOC passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... W2KBCOC passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... W2KBCOC passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... W2KBCOC passed test systemlog

Testing server: Default-First-Site-Name\BDCBCOC
Starting test: Replications
* Replications Check
......................... BDCBCOC passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=bcoc,DC=pvt
* Security Permissions Check for
CN=Configuration,DC=bcoc,DC=pvt
* Security Permissions Check for
DC=bcoc,DC=pvt
......................... BDCBCOC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... BDCBCOC passed test NetLogons
Starting test: Advertising
The DC BDCBCOC is advertising itself as a DC and having a DS.
The DC BDCBCOC is advertising as an LDAP server
The DC BDCBCOC is advertising as having a writeable directory
The DC BDCBCOC is advertising as a Key Distribution Center
The DC BDCBCOC is advertising as a time server
The DS BDCBCOC is advertising as a GC.
......................... BDCBCOC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Domain Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role PDC Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Rid Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=W2KBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
......................... BDCBCOC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2105 to 1073741823
* w2kbcoc.bcoc.pvt is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1605 to 2104
* rIDNextRID: 1635
* rIDPreviousAllocationPool is 1605 to 2104
......................... BDCBCOC passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/bdcbcoc.bcoc.pvt/bcoc.pvt
* SPN found :LDAP/bdcbcoc.bcoc.pvt
* SPN found :LDAP/BDCBCOC
* SPN found :LDAP/bdcbcoc.bcoc.pvt/BCOC
* SPN found
:LDAP/3f3e6fb5-2790-43f6-aa92-411b338d43ba._msdcs.bcoc.pvt
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/3f3e6fb5-2790-43f6-aa92-411b338d43ba/bcoc.pvt
* SPN found :HOST/bdcbcoc.bcoc.pvt/bcoc.pvt
* SPN found :HOST/bdcbcoc.bcoc.pvt
* SPN found :HOST/BDCBCOC
* SPN found :HOST/bdcbcoc.bcoc.pvt/BCOC
* SPN found :GC/bdcbcoc.bcoc.pvt/bcoc.pvt
......................... BDCBCOC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
TrkSvr Service is stopped on [BDCBCOC]
* Checking Service: NETLOGON
* Checking Service: Dnscache
* Checking Service: NtFrs
......................... BDCBCOC failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
BDCBCOC is in domain DC=bcoc,DC=pvt
Checking for CN=BDCBCOC,OU=Domain Controllers,DC=bcoc,DC=pvt
in domain DC=bcoc,DC=pvt on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=BDCBCOC,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=bcoc,DC=pvt
in domain CN=Configuration,DC=bcoc,DC=pvt on 2 servers
Object is up-to-date on all servers.
......................... BDCBCOC passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... BDCBCOC passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last
15 minutes.
......................... BDCBCOC passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... BDCBCOC passed test systemlog

Running enterprise tests on : bcoc.pvt
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope

provided by the command line arguments provided.
......................... bcoc.pvt passed test Intersite
Starting test: FsmoCheck
GC Name: \\bdcbcoc.bcoc.pvt
Locator Flags: 0xe00001fc
PDC Name: \\w2kbcoc.bcoc.pvt
Locator Flags: 0xe00001fd
Time Server Name: \\bdcbcoc.bcoc.pvt
Locator Flags: 0xe00001fc
Preferred Time Server Name: \\bdcbcoc.bcoc.pvt
Locator Flags: 0xe00001fc
KDC Name: \\bdcbcoc.bcoc.pvt
Locator Flags: 0xe00001fc
......................... bcoc.pvt passed test FsmoCheck
 
In Larry Holt <[email protected]> made a post then I commented below
:: we seem to be experiencing some latency today, evidenced by slow
:: internal Exchange Mail. Our DC was throwing off some 7063 errors,
:: which I corrected by removing the incorrect forwarders. Our second
:: DC has a few 4004 errors (Server was rebooted Saturday). Both are
:: W2k, SP4.
:: Below is a DCDIAG, which looks ok other than TrkSvr (Terminal
:: Server?) being off.
:: Larry


The TrkSvr is the Distrubuted Link Tracking service:
http://www.e-systems.ro/download-dll/trksvr.dll/

Info on Distrubuted Link Tracking:
http://www.jsiinc.com/SUBJ/tip4700/rh4714.htm

What services do you have disabled on the machine, if any?

Otherwise, unless I missed something, everything else looks fine.


--
Regards,
Ace

G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
Ace said:
What services do you have disabled on the machine, if any?

Otherwise, unless I missed something, everything else looks fine.

no these are pretty vanilla setups. what is the best way to test the
Global Catalog? it is running on both of the DC's.
lh
 
In Larry Holt <[email protected]> made a post then I commented below
:: Ace Fekay [MVP] wrote:
::
::: What services do you have disabled on the machine, if any?
:::
::: Otherwise, unless I missed something, everything else looks fine.
::
:: no these are pretty vanilla setups. what is the best way to test the
:: Global Catalog? it is running on both of the DC's.
:: lh

For services, I guess I should have been more specific. Is the Distrubuted
Link Tracking service running? Are there any errors in the Event logs?

GC tests are easy. Just perform a search for a user object. If the search
request doesn't respond, the GC is not accessible.

Ace
 
Ace said:
For services, I guess I should have been more specific. Is the Distrubuted
Link Tracking service running? Are there any errors in the Event logs?

GC tests are easy. Just perform a search for a user object. If the search
request doesn't respond, the GC is not accessible.

Ace

thanks again for the info-an application for spam was responsible for my
slow e-mail issue.
lh
 
In Larry Holt <[email protected]> made a post then I commented below
:: Ace Fekay [MVP] wrote:
::
::: For services, I guess I should have been more specific. Is the
::: Distrubuted Link Tracking service running? Are there any errors in
::: the Event logs?
:::
::: GC tests are easy. Just perform a search for a user object. If the
::: search request doesn't respond, the GC is not accessible.
:::
::: Ace
::
:: thanks again for the info-an application for spam was responsible
:: for my slow e-mail issue.
:: lh

No problem for the help.

Curious, what app are you using? Is this app causing a slow-down or is it
the volume of spam?

Ace
 
Back
Top