DNS Nightmare - Can't create forward zone

[BertramWilberforceWooster]

Hi,

I am having trouble with Active Directory and DNS on a new Windows 2003
box. The default entries (_ldap etc.) which are usually created by
netlogon are not there, nor can I manage to create them. I have tried
creating the forward zone from scratch, however I am not able to.

When I try to create a new forward zone, I get the message:

"The zone cannot be replicated to all DNS servers in the (null) Active
Directory domain because the required application directory partition
does not exist. Only Enterprise Administrators have the appropriate
permissions to create an application directory partition."

As I'm logged on as Administrator, which is in the Enterprise Admins
group, this is somewhat worrying!

The message goes on to advise me to try using "Replicate to All Domain
Controllers in the Active Directory Domain" option. When I do this I
get:

"The zone can not be created - The data is invalid"


netdiag /fix gives the following output:

<snip>

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on
DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration
on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server
'100.200.52.145' failed.

<snip>

Does anyone know what steps I can take to get me back on my feet with
regards to DNS? Just let me know if you want the output from any more
commands.

As I'm sure you can imagine, this lack of DNS is causing me all sorts
of problems with AD, so any advice you can give will be immensely
appreciated!

Thanks,

Berty

(I'm afraid I've also posted this in .sbs, as I wasn't sure which was
the best location)

 

[strongline]

try to create non-ad-integrated zones to see if that makes your DNS
work first. then you can work on other issues.

 

[Jorge Silva]

Hi

Follow this steps:

- Point the DNS properties of Dc to the root Dc.

- Type on cmd prompt
dnscmd /clearcache press enter
ipconfig /flushdns press enter

- Go to c:\windows\system32\config and delete the netlogon.dns and the
netlogon.dnb files.

- Create the Dns Zone (At this point no error is shown)

- Point the DNS properties of Dc to itself (Make sure that the server is
cable of resolving the root domain through Forward zones or stub Zones or
Secondary zones)

- Type on cmd prompt
ipconfig /registerdns

- Type - net stop netlogon & net start netlogon (confirm the creation of the
netlogon.dns and the netlogon.dnb files on c:\windows\system32\config )

- Type - Netdiag /fix

- Test replication.

It should be fine now.

--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator

Hi,

I am having trouble with Active Directory and DNS on a new Windows 2003
box. The default entries (_ldap etc.) which are usually created by
netlogon are not there, nor can I manage to create them. I have tried
creating the forward zone from scratch, however I am not able to.

When I try to create a new forward zone, I get the message:

"The zone cannot be replicated to all DNS servers in the (null) Active
Directory domain because the required application directory partition
does not exist. Only Enterprise Administrators have the appropriate
permissions to create an application directory partition."

As I'm logged on as Administrator, which is in the Enterprise Admins
group, this is somewhat worrying!

The message goes on to advise me to try using "Replicate to All Domain
Controllers in the Active Directory Domain" option. When I do this I
get:

"The zone can not be created - The data is invalid"


netdiag /fix gives the following output:

<snip>

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on
DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration
on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server
'100.200.52.145' failed.

<snip>

Does anyone know what steps I can take to get me back on my feet with
regards to DNS? Just let me know if you want the output from any more
commands.

As I'm sure you can imagine, this lack of DNS is causing me all sorts
of problems with AD, so any advice you can give will be immensely
appreciated!

Thanks,

Berty

(I'm afraid I've also posted this in .sbs, as I wasn't sure which was
the best location)

 

[Jorge de Almeida Pinto [MVP]]

Do the default DNS application partitions exist on the DC/DNS server or at
all?
under the ZONE domain.net you should see a subdomain called "DomainDNSZones"
and "ForestDNSZones".
Yes or no?
I no.. then -->
http://www.windowsitpro.com/Article/ArticleID/47199/47199.html

if the DNS app. partition does not exist on that particular DC/DNS server
but it does on others, check if replication is working.

if it does not exist (for some reason) on all DC/DNS servers then recreate
it.
http://technet2.microsoft.com/WindowsServer/en/Library/c2d2fcbd-c859-493e-a4fc-aef57a880db11033.mspx

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx
-----------------------------------------------------------------------------
* This posting is provided "AS IS" with no warranties and confers no rights!
* Always test before implementing!
-----------------------------------------------------------------------------


-----------------------------------------------------------------------------

Hi,

I am having trouble with Active Directory and DNS on a new Windows 2003
box. The default entries (_ldap etc.) which are usually created by
netlogon are not there, nor can I manage to create them. I have tried
creating the forward zone from scratch, however I am not able to.

When I try to create a new forward zone, I get the message:

"The zone cannot be replicated to all DNS servers in the (null) Active
Directory domain because the required application directory partition
does not exist. Only Enterprise Administrators have the appropriate
permissions to create an application directory partition."

As I'm logged on as Administrator, which is in the Enterprise Admins
group, this is somewhat worrying!

The message goes on to advise me to try using "Replicate to All Domain
Controllers in the Active Directory Domain" option. When I do this I
get:

"The zone can not be created - The data is invalid"


netdiag /fix gives the following output:

<snip>

DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[WARNING] Cannot find a primary authoritative DNS server for
the name
'dbsvr.domain.net.'. [ERROR_TIMEOUT]
The name 'dbsvr.domain.net.' may not be registered in DNS.
[FATAL] Failed to fix: DC DNS entry domain.net. re-registeration on
DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry _ldap._tcp.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.Default-First-Site-Name._sites.domain.net. re-registeration
on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_ldap._tcp.ec198d88-e0cb-4344-8703-b17839ed5ebd.domains._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.domain.net.
re-registeration on DNS server '100.200.52.145' failed.
DNS Error code: 0x00002339
[FATAL] Failed to fix: DC DNS entry
_kerberos._tcp.dc._msdcs.domain.net. re-registeration on DNS server
'100.200.52.145' failed.

<snip>

Does anyone know what steps I can take to get me back on my feet with
regards to DNS? Just let me know if you want the output from any more
commands.

As I'm sure you can imagine, this lack of DNS is causing me all sorts
of problems with AD, so any advice you can give will be immensely
appreciated!

Thanks,

Berty

(I'm afraid I've also posted this in .sbs, as I wasn't sure which was
the best location)

 

[Bertram]

Hi,

Thank you all for your responses.

strongline - I was able to create the DNS zone, but I got the same
error message when I tried to convert the zone to AD-integrated.

Jorges Silva - I followed the recommended steps, however I got the same
error message when I tried to recreate the zone (step four).

Jorges de Almeida Pinto - This is the only DC in the domain, and the
zone does not exist at all. I am currently following the steps in the
windowsitpro.com article - if this meets with no success I shall try
the technet article.

Any more suggestions?

Thank you all for taking the time to respond.

 

[Bertram]

Further info:

C:\Documents and Settings\Administrator>dnscmd servername
/createbuiltindirectorypartitions /domain

Create built-in directory partitions failed
status = 13 (0x0000000d)

Command failed: ERROR_INVALID_DATA 13 (0000000d)

When I try dnscmd /enumdirectorypartitions

 

[Bertram]

Further info:

C:\Documents and Settings\Administrator>dnscmd servername
/createbuiltindirectorypartitions /domain

Create built-in directory partitions failed
status = 13 (0x0000000d)

Command failed: ERROR_INVALID_DATA 13 (0000000d)

When I try dnscmd /enumdirectorypartitions, I am told there are 0!!!

 

[strongline]

1. you can use ntdsutil to list all naming context you have
2. you can create a brand new user, make "enterprise admin" and "domain
admin" the only containing groups. use this user to create the zones
again. It's likely to fail again, but it rules out the permission issue
3. run "netdom query fsmo" to see that this DC is still the owner of
"domain naming master"
4. reboot the server and try again
5. check any errors in "dcdiag /v" (actually a full Directory Service
version of MPSreport is desired. if you want, you can send it to me)

 

[Jorge de Almeida Pinto [MVP]]

ok... back to basics...

is that DC the domain naming master FSMO?

NETDOM QUERY FSMO to find out who is the domain naming master FSMO?

is it that live DC or is it some other DC that does not exist anymore? if
true, you need to seize the FSMO role ans possibly other roles

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[strongline]

he did mention that he has only one DC.

 

[strongline]

sorry my bad, didn't realize that he could have multiple domains.

 

[Jorge de Almeida Pinto [MVP]]

yes, true...

I'm just checking, as the possibility is there he could have had another DC
which was the owner of the FSMOs and that DC has been pulled out the AD

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Jorge de Almeida Pinto [MVP]]

what i'm doing is checking any assumption before believing it...

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Jorge Silva]

Hi

hum... this is strange....

Only one Dc?

Please Try the following steps:

- Make sure that the Dns Settings of the Dc has the IPAddress of the Dc ->
Right Click My Network places choose properties -> Right click local area
connection choose properties -Select TCPIP and choose properties -> Make
sure that in Preferred DNS server you have the Same IP that you have in IP
Address.

- Uninstall Dns - Go to Start -> Settings -> Control Painel -> Add remove
Programs -> Add/Remove Windows Components -> Select Networking Services ->
Choose details -> Unselect Dns -> click Ok -> then Next -> next...

- Go to c:\windows\system32\config and delete the netlogon.dns and the
netlogon.dnb files.

- Go to c:\windows\system32\config and delete the Dns Folder.

- Install Dns - Go to Start -> Settings -> Control Painel -> Add remove
Programs -> Add/Remove Windows Components -> Select Networking Services ->
Choose details -> Select Dns -> click Ok -> then Next -> next...

- Create Dns Zone - Go to Start -> Settings -> Control Painel -> open DNS
console -> create the zone.

- go to the command prompt

- type in the following order:

ipconfig /registerdns (press enter)
net stop netlogon & net start netlogon (press enter confirm the creation
of the netlogon.dns and the netlogon.dnb files on
c:\windows\system32\config )
Netdiag /fix

It should be fine now.

- After this if you still having problems please post the results here for:
netdiag /q


--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator

 

[Bertram]

Hi guys,

This is indeed the only DC in the domain. There was another DC, which
have since been removed. FSMO roles were transferred successfully
before the old server was removed. netdom query fsmo confirms that this
server is holding all five roles - let me know if you want me to post
the output for your verification.

I have tried uninstalling and reinstalling DNS, however I did not
delete netlogon.dns and dns/, so I'll try that now.

Not sure if it's relevant, but now the server keeps shutting down every
hour as it seems to think it is not licensed!

Also, I think this is somewhere near the root of the problem:

When I try to recreate the active directory partition (using ntdsutil)
I am told that I do not have permission to do so, even when I'm logged
on as administrator. I added my personal account to enterprise admins
and had the same problem. Any advice?

Thanks again, I really appreciate the help you guys are giving me!

Berty

 

[Bertram]

Update: I've just tried reinstalling DNS, and I'm still having the same
problem. When I try to create the zone, I am told the active directory
partition doesn't exist. I have tried recreating this partition, but am
told I do not have the requisite permissions.

Argh!

 

[Jorge Silva]

Hi

Which account are you using to create the Dns Part are you using the
Administrator Account (Member Off Enterprise admins and member of Domain
admins, etc..?

Check:
1. Reboot the server and press F8. Choose Directory Services Restore Mode
from the Menu.
2. Check the physical location of the Winnt\NTDS\ folder.
3. Check the permissions on the \Winnt\NTDS folder.

The default permissions are (confirm this):
Administrators - Full Control
System - Full Control
4. Open a command prompt and run NTDSUTIL to verify the paths for the
NTDS.dit file. These should match the physical structure from Step 2


To check the file paths type the following commands:

NTDSUTIL <enter>
Files <enter>
Info <enter>

The output should look similar to:

Drive Information:

C:\ NTFS (Fixed Drive) free (2.9 Gb) total (3.9 Gb)
D:\ NTFS (Fixed Drive) free (3.6 Gb) total (3.9 Gb)

DS Path Information:

Database : C:\WINNT\NTDS\ntds.dit - 10.1 Mb
Backup dir: C:\WINNT\NTDS\dsadata.bak
Working dir: C:\WINNT\NTDS
Log dir : C:\WINNT\NTDS - 30.0 Mb total
res2.log - 10.0 Mb
res1.log - 10.0 Mb
edb.log - 10.0 Mb
5. Reboot the server to Normal Mode.









--
I hop that helps

Good Luck
Jorge Silva
MCSA
Systems Administrator

 

[Bertram]

Hi Jorge,

I have followed your instructions, and can confirm the following:

c:\windows\ntds exists, and Administrator has Full Control over it and
it's contents, as does System.

Output from ntdsutil seems to match yours:

Drive Information:

C:\ NTFS (Fixed Drive ) free(242.3 Gb) total(271.3 Gb)

DS Path Information:

Database : C:\WINDOWS\NTDS\ntds.dit - 14.1 Mb
Backup dir : C:\WINDOWS\NTDS\dsadata.bak
Working dir: C:\WINDOWS\NTDS
Log dir : C:\WINDOWS\NTDS - 50.0 Mb total
res2.log - 10.0 Mb
res1.log - 10.0 Mb
edb00003.log - 10.0 Mb
edb00002.log - 10.0 Mb
edb.log - 10.0 Mb

Server is now back to normal mode, but giving the same problem. Are
there any further steps you can recommend, in addition to the
impressive amount of help you've given me so far?

Thanks,

Berty

 

[Jorge de Almeida Pinto [MVP]]

what are event IDs with errors?

do a DCDIAG /V /C /D

--

Cheers,
(HOPEFULLY THIS INFORMATION HELPS YOU!)

# Jorge de Almeida Pinto # MVP Windows Server - Directory Services

BLOG --> http://blogs.dirteam.com/blogs/jorge/default.aspx

 

[Bertram]

OK, I'm not sure what's pertinent and what's not, so I thought I'd post
the entire output for your perusal:

===========================


Command Line: "dcdiag.exe /v /c /d"

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine ag-dbsvr, is a DC.
* Connecting to directory service on server ag-dbsvr.
ag-dbsvr.currentTime = 20060505081315.0Z
ag-dbsvr.highestCommittedUSN = 301466
ag-dbsvr.isSynchronized = 1
ag-dbsvr.isGlobalCatalogReady = 1
* Collecting site info.
* Identifying all servers.
AG-DBSVR.currentTime = 20060505081315.0Z
AG-DBSVR.highestCommittedUSN = 301466
AG-DBSVR.isSynchronized = 1
AG-DBSVR.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.


===============================================Printing out pDsInfo

GLOBAL:
ulNumServers=2
pszRootDomain=mydomain.net
pszNC=
pszRootDomainFQDN=DC=mydomain,DC=net
pszConfigNc=CN=Configuration,DC=mydomain,DC=net
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=mydomain,DC=net
iSiteOptions=0
dwTombstoneLifeTimeDays=60

dwForestBehaviorVersion=0

HomeServer=1, AG-DBSVR

SERVER: pServer[0].pszName=TEMPSVR
pServer[0].pszGuidDNSName=7ae70e6f-3be2-45c3-a013-04661ca67912._msdcs.mydomain.net
pServer[0].pszDNSName=tempsvr.mydomain.net
pServer[0].pszDn=CN=NTDS
Settings,CN=TEMPSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pServer[0].pszComputerAccountDn=(null)
pServer[0].uuidObjectGuid=7ae70e6f-3be2-45c3-a013-04661ca67912
pServer[0].uuidInvocationId=7ae70e6f-3be2-45c3-a013-04661ca67912
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=00000000 00000000

pServer[0].ftRemoteConnectTime=00000000 00000000

pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[2]=DC=mydomain,DC=net

SERVER: pServer[1].pszName=AG-DBSVR
pServer[1].pszGuidDNSName=1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net
pServer[1].pszDNSName=ag-dbsvr.mydomain.net
pServer[1].pszDn=CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pServer[1].pszComputerAccountDn=CN=AG-DBSVR,OU=Domain
Controllers,DC=mydomain,DC=net
pServer[1].uuidObjectGuid=1750286d-b0a6-4633-a9d0-63967c9a5fcb
pServer[1].uuidInvocationId=45155c5d-16a3-4ddf-952c-325ec78e6707
pServer[1].iSite=0 (Default-First-Site-Name)
pServer[1].iOptions=1
pServer[1].ftLocalAcquireTime=c29a5540 01c6701b

pServer[1].ftRemoteConnectTime=c220df80 01c6701b

pServer[1].ppszMasterNCs:
ppszMasterNCs[0]=CN=Schema,CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[1]=CN=Configuration,DC=mydomain,DC=net
ppszMasterNCs[2]=DC=mydomain,DC=net

SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site
Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pSites[0].pszISTG=CN=NTDS
Settings,CN=AG-DBSVR,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=net
pSites[0].iSiteOption=0

pSites[0].cServers=2

NC: pNCs[0].pszName=Schema
pNCs[0].pszDn=CN=Schema,CN=Configuration,DC=mydomain,DC=net

pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=Enterprise
Schema,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[0].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[0].aCrInfo[0].iSourceServer=1
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].cReplicas=-1
pNCs[0].aCrInfo[0].aszReplicas=


NC: pNCs[1].pszName=Configuration
pNCs[1].pszDn=CN=Configuration,DC=mydomain,DC=net

pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=Enterprise
Configuration,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[1].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[1].aCrInfo[0].iSourceServer=1
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].cReplicas=-1
pNCs[1].aCrInfo[0].aszReplicas=


NC: pNCs[2].pszName=mydomain
pNCs[2].pszDn=DC=mydomain,DC=net

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=IBUSINESS,CN=Partitions,CN=Configuration,DC=mydomain,DC=net
pNCs[2].aCrInfo[0].pszDnsRoot=mydomain.net
pNCs[2].aCrInfo[0].iSourceServer=1
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000
pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].cReplicas=-1
pNCs[2].aCrInfo[0].aszReplicas=


3 NC TARGETS: Schema, Configuration, mydomain,
1 TARGETS: AG-DBSVR,

=============================================Done Printing pDsInfo

Doing initial required tests

Testing server: Default-First-Site-Name\AG-DBSVR
Starting test: Connectivity
* Active Directory LDAP Services Check
The host
1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net could not be
resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name

(1750286d-b0a6-4633-a9d0-63967c9a5fcb._msdcs.mydomain.net)

couldn't be resolved, the server name (ag-dbsvr.mydomain.net)

resolved to the IP address (100.200.52.145) and was pingable.
Check

that the IP address is registered correctly with the DNS
server.
......................... AG-DBSVR failed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AG-DBSVR
Skipping all tests, because server AG-DBSVR is
not responding to directory service requests

DNS Tests are running and not hung. Please wait a few minutes...

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom

Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom

Running enterprise tests on : mydomain.net
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside
the scope

provided by the command line arguments provided.
......................... mydomain.net passed test Intersite
Starting test: FsmoCheck
GC Name: \\ag-dbsvr.mydomain.net
Locator Flags: 0xe00003fc
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Time Server Name: \\ag-dbsvr.mydomain.net
Locator Flags: 0xe00003fc
Preferred Time Server Name: \\ag-dbsvr.mydomain.net
Locator Flags: 0xe00003fc
KDC Name: \\ag-dbsvr.mydomain.net
Locator Flags: 0xe00003fc
......................... mydomain.net failed test FsmoCheck
Starting test: DNS
Test results for domain controllers:

DC: ag-dbsvr.mydomain.net
Domain: mydomain.net


TEST: Authentication (Auth)
Authentication test: Successfully completed

TEST: Basic (Basc)
Error: No LDAP connectivity
Microsoft(R) Windows(R) Server 2003 for Small
Business Server (Service Pack level: 1.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000002] Compaq NC3123 Fast Ethernet NIC:
MAC address is 00:02:A5:43:ED:53
IP address is static
IP address: 100.200.52.145
DNS servers:
Warning: 100.200.52.145 (<name unavailable>)
[Invalid]
Error: all DNS servers are invalid
The A record for this DC was found
The SOA record for the Active Directory zone was
found
Warning: The Active Directory zone on this DC/DNS
server was not found (probably a misconfiguration)
Root zone on this DC/DNS server was not found

TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Invalid]
Name: b.root-servers.net. IP: 192.228.79.201
[Invalid]
Name: c.root-servers.net. IP: 192.33.4.12
[Invalid]
Name: d.root-servers.net. IP: 128.8.10.90
[Invalid]
Name: e.root-servers.net. IP: 192.203.230.10
[Invalid]
Name: f.root-servers.net. IP: 192.5.5.241
[Invalid]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53
[Invalid]
Name: i.root-servers.net. IP: 192.36.148.17
[Invalid]
Name: j.root-servers.net. IP: 192.58.128.30
[Invalid]
Name: k.root-servers.net. IP: 193.0.14.129
[Invalid]
Name: l.root-servers.net. IP: 198.32.64.12
[Invalid]
Name: m.root-servers.net. IP: 202.12.27.33
[Invalid]

TEST: Records registration (RReg)
Error: Record registrations cannot be found for all the
network adapters
Total query time:0 min. 2 sec.. Total RPC connection
time:0 min. 0 sec.
Total WMI connection time:0 min. 0 sec. Total Netuse
connection time:0 min. 0 sec.

Summary of test results for DNS servers used by the above
domain controllers:

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.228.79.201 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.228.79.201
[Error details: 9002 (Type: Win32 - Description: DNS
server failure.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30
[Error details: 9002 (Type: Win32 - Description: DNS
server failure.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 100.200.52.145 (<name unavailable>)
1 test failure on this DNS server
This is a valid DNS server.
Name resolution is not functional.
_ldap._tcp.mydomain.net. failed on the DNS server 100.200.52.145
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the
1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33
[Error details: 9003 (Type: Win32 - Description: DNS
name does not exist.)]
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
This is a valid DNS server.
Total query time:0 min. 0 sec., Total WMI connection
time:0 min. 0 sec.

Summary of DNS test results:

Auth Basc Forw Del Dyn
RReg Ext

________________________________________________________________
Domain: mydomain.net
ag-dbsvr PASS FAIL PASS n/a PASS
FAIL n/a

Total Time taken to test all the DCs:0 min. 2 sec.
......................... mydomain.net failed test DNS


====================

Thanks,

Berty