error found after dc demote

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Thanks for your help.

Config
AD01 (First install DC) win 2000 sp3, all operation master are here and GC
also
AD05 (2nd install DC) win 2000 sp4, GC also
AD06 (3rd install DC) win 2000 sp4
Exchange 2003 run on win 2k3 (no any service pack)

Pusepose: I want to demote AD01 and transfer all FMSO to AD05.

Then I did the following steps:
1. use ntdsutil to transfer all FMSO to AD05 (no erro found)
2. Then I demote AD01.
3. Then I got the following errors in event viewer on windows servers and
XP: (Win2k3, winxp)

Windows cannot access the file gpt.ini for GPO
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=hkcec,DC=nws.
The file must be present at the location
<\\hkcec.nws\sysvol\hkcec.nws\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\gpt.ini>.
(The system cannot find the file specified. ). Group Policy processing
aborted.

What's the effect of this error?
How can I fix it?

Thanks for your help

Patrick
 
I'also found that I can't find the sysvol folder when I use the following
format in that server:

\\domain_name.test\

any ideas?

Thanks
Patrick
 
Thanks for your help, Meinolf,

AD01, AD05 and AD06 are AD Intergrated DNS server also.
Before demote AD01, all machine are poiting to AD01.

After demote AD01, I have changed all machine DNS setting point to AD05 and
AD06.

Any steps I miss?

Thanks

Patirck
 
Hello patrick,

What about dcdiag and netdiag on all dc's?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Thanks for your help.

The following are the result of dcdiag and network, I run it from
mail01(win2k3 with exchange 2003):

And I also found some errors on AD01's event log after demote (the DC I had
demoted). Please see at the end of DIAG result.

DIAG result start below:

-------------------------------------------------
DCDIAG RESULT:

AD05 (running on win2k3 with exchange 2003 insalled)
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD05 failed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: frsevent
......................... AD05 passed test frsevent
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Starting test: VerifyReferences
......................... AD05 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom

Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck

C:\Documents and Settings\Administrator.HKCEC>



DCDIAG RESULT

AD06(running on win2k3 with exchange 2003 insalled)
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD06 failed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: frsevent
......................... AD06 passed test frsevent
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Starting test: VerifyReferences
......................... AD06 passed test VerifyReferences

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom

Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck




NETDIAG RESULT (running on win2k3 with exchange 2003 insalled)

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

....................................

Computer Name: MAIL01
DNS Host Name: mail01.hkcec.nws
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB819696
KB822925
KB823182
KB823559
KB823728
KB823980
KB824105
KB824141
KB824145
KB824146
KB825119
KB828028
KB828035
KB828741
KB828750
KB830352
KB831464
KB832894
KB835732
KB837001
KB837009
KB837272
KB840374
KB893803v2
Q147222
Q828026


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection 4

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mail01
IP Address . . . . . . . . : 10.0.0.16
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.

NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Passed
Secure channel for domain 'HKCEC' is to '\\AD05.hkcec.nws'.


Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for host/mail01.hkcec.nws.


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
[WARNING] Failed to query SPN registration on DC 'adtest.hkcec.nws'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully



And errors found on AD01's event after demote (the DC I had demote), the
demote process was completed without warning


sYSTEM Event log
The Intersite Messaging service terminated unexpectedly. It has done this 1
time(s). The following corrective action will be taken in 0 milliseconds: No
action.


APPLICATION Event log

Replication warning: Couldn't allocate memory. Replication may be affected
until more memory is available. Increase the amount of virtual memory
available. Stop and restart this Windows Domain Controller and try again.

-----------------------------------

Thanks for your help again

Patrick
 
Hello patrick,

For the error on the exchange AD05 AD06 check this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829306

http://support.microsoft.com/default.aspx?scid=kb;en-us;821586

What is mail01 for a server? Do you have mor locations for the machines?
Please post an unedited ipconfig /all from all servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Thanks for your help.

The following are the result of dcdiag and network, I run it from
mail01(win2k3 with exchange 2003):

And I also found some errors on AD01's event log after demote (the DC
I had demoted). Please see at the end of DIAG result.

DIAG result start below:

-------------------------------------------------
DCDIAG RESULT:
AD05 (running on win2k3 with exchange 2003 insalled) C:\Documents and
Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD05 failed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: frsevent
......................... AD05 passed test frsevent
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Starting test: VerifyReferences
......................... AD05 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>

DCDIAG RESULT

AD06(running on win2k3 with exchange 2003 insalled) C:\Documents and
Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD06 failed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: frsevent
......................... AD06 passed test frsevent
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Starting test: VerifyReferences
......................... AD06 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
NETDIAG RESULT (running on win2k3 with exchange 2003 insalled)

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

...................................

Computer Name: MAIL01
DNS Host Name: mail01.hkcec.nws
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB819696
KB822925
KB823182
KB823559
KB823728
KB823980
KB824105
KB824141
KB824145
KB824146
KB825119
KB828028
KB828035
KB828741
KB828750
KB830352
KB831464
KB832894
KB835732
KB837001
KB837009
KB837272
KB840374
KB893803v2
Q147222
Q828026
Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection 4

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mail01
IP Address . . . . . . . . : 10.0.0.16
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Secure channel for domain 'HKCEC' is to '\\AD05.hkcec.nws'.
Kerberos test. . . . . . . . . . . : Failed
[FATAL] Kerberos does not have a ticket for
host/mail01.hkcec.nws.
LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
[WARNING] Failed to query SPN registration on DC
'adtest.hkcec.nws'.
Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

Note: run "netsh ipsec dynamic show /?" for more detailed
information

The command completed successfully

And errors found on AD01's event after demote (the DC I had demote),
the demote process was completed without warning

sYSTEM Event log
The Intersite Messaging service terminated unexpectedly. It has done
this 1
time(s). The following corrective action will be taken in 0
milliseconds: No
action.
APPLICATION Event log

Replication warning: Couldn't allocate memory. Replication may be
affected until more memory is available. Increase the amount of
virtual memory available. Stop and restart this Windows Domain
Controller and try again.

-----------------------------------

Thanks for your help again

Patrick

Meinolf Weber said:
Hello patrick,

What about dcdiag and netdiag on all dc's?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Click to expand...
Click to expand...
 
Thanks for your help Meinolf.

Please fnd the ipconfig /all result below:
Let me give more info about my config:

AD01 (is DC, DNS DHCP)
AD05 (is DC, DNS)
AD06 (is DC, DNS)
Mail01 (Exchange 2003 only)

And I did another test, I rollback all server to the stage that before
demote AD01.
Then I shutdown AD01 and boot only AD05, AD06 and MAIL01 (FMSO already
transfered to AD05), I still got those policy error from MAIL01 and others
member server and Win XP

I seens that mail01 still try to query AD01's policy file path. I have
verity that all policy files are also exist in AD05 and AD06 and also
accessible from mail01 and all other member servers. Why mail01 not query
AD05 or AD06?

Thanks for your help

ipconfig result below:
AD01
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ad01
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws

Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter

Physical Address. . . . . . . . . : 00-50-56-A1-27-0D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.6
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6

AD05
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : AD05
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter

Physical Address. . . . . . . . . : 00-50-56-A1-41-CC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.63
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.63




AD06
Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : AD06
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter

Physical Address. . . . . . . . . : 00-50-56-A1-54-D3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.68
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.68







MAIL01
Windows IP Configuration

Host Name . . . . . . . . . . . . : mail01
Primary Dns Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws

Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-A1-32-82
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.16
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.63
10.0.0.68







Meinolf Weber said:
Hello patrick,

For the error on the exchange AD05 AD06 check this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829306

http://support.microsoft.com/default.aspx?scid=kb;en-us;821586

What is mail01 for a server? Do you have mor locations for the machines?
Please post an unedited ipconfig /all from all servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Thanks for your help.

The following are the result of dcdiag and network, I run it from
mail01(win2k3 with exchange 2003):

And I also found some errors on AD01's event log after demote (the DC
I had demoted). Please see at the end of DIAG result.

DIAG result start below:

-------------------------------------------------
DCDIAG RESULT:
AD05 (running on win2k3 with exchange 2003 insalled) C:\Documents and
Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD05 failed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: frsevent
......................... AD05 passed test frsevent
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Starting test: VerifyReferences
......................... AD05 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>

DCDIAG RESULT

AD06(running on win2k3 with exchange 2003 insalled) C:\Documents and
Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD06 failed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: frsevent
......................... AD06 passed test frsevent
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Starting test: VerifyReferences
......................... AD06 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
NETDIAG RESULT (running on win2k3 with exchange 2003 insalled)

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

...................................

Computer Name: MAIL01
DNS Host Name: mail01.hkcec.nws
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB819696
KB822925
KB823182
KB823559
KB823728
KB823980
KB824105
KB824141
KB824145
KB824146
KB825119
KB828028
KB828035
KB828741
KB828750
KB830352
KB831464
KB832894
KB835732
KB837001
KB837009
KB837272
KB840374
KB893803v2
Q147222
Q828026
Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection 4

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mail01
IP Address . . . . . . . . : 10.0.0.16
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Click to expand...
Click to expand...
 
Hello patrick,

The DNS on AD05 and AD06 is not the best solution. Check this document for
the DNS configuration:
http://support.microsoft.com/kb/825036

After that run dcdiag and netdiag on all Dc's. If you have errors, please
post the complete output.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Thanks for your help Meinolf.

Please fnd the ipconfig /all result below:
Let me give more info about my config:
AD01 (is DC, DNS DHCP)
AD05 (is DC, DNS)
AD06 (is DC, DNS)
Mail01 (Exchange 2003 only)
And I did another test, I rollback all server to the stage that before
demote AD01.
Then I shutdown AD01 and boot only AD05, AD06 and MAIL01 (FMSO already
transfered to AD05), I still got those policy error from MAIL01 and
others
member server and Win XP
I seens that mail01 still try to query AD01's policy file path. I have
verity that all policy files are also exist in AD05 and AD06 and also
accessible from mail01 and all other member servers. Why mail01 not
query AD05 or AD06?

Thanks for your help

ipconfig result below:
AD01
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : ad01
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws
Ethernet adapter Local Area Connection 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet
Adapter
Physical Address. . . . . . . . . : 00-50-56-A1-27-0D
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.6
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.6
AD05
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : AD05
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet
Adapter
Physical Address. . . . . . . . . : 00-50-56-A1-41-CC
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.63
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.63
AD06
Windows 2000 IP Configuration
Host Name . . . . . . . . . . . . : AD06
Primary DNS Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws
Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD
PCNet
Adapter
Physical Address. . . . . . . . . : 00-50-56-A1-54-D3
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.68
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.68
MAIL01
Windows IP Configuration
Host Name . . . . . . . . . . . . : mail01
Primary Dns Suffix . . . . . . . : hkcec.nws
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : hkcec.nws
Ethernet adapter Local Area Connection 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
Adapter
Physical Address. . . . . . . . . : 00-50-56-A1-32-82
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.16
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Default Gateway . . . . . . . . . : 10.0.0.2
DNS Servers . . . . . . . . . . . : 10.0.0.63
10.0.0.68
Meinolf Weber said:
Hello patrick,

For the error on the exchange AD05 AD06 check this:
http://support.microsoft.com/default.aspx?scid=kb;en-us;829306

http://support.microsoft.com/default.aspx?scid=kb;en-us;821586

What is mail01 for a server? Do you have mor locations for the
machines? Please post an unedited ipconfig /all from all servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Thanks for your help.

The following are the result of dcdiag and network, I run it from
mail01(win2k3 with exchange 2003):

And I also found some errors on AD01's event log after demote (the
DC I had demoted). Please see at the end of DIAG result.

DIAG result start below:

-------------------------------------------------
DCDIAG RESULT:
AD05 (running on win2k3 with exchange 2003 insalled) C:\Documents
and
Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD05 failed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: frsevent
......................... AD05 passed test frsevent
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Starting test: VerifyReferences
......................... AD05 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>
DCDIAG RESULT

AD06(running on win2k3 with exchange 2003 insalled) C:\Documents and
Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Schema,CN=Configuration,DC=hkcec,DC=nws
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
Error BUILTIN\Administrators doesn't have
Replicating Directory Changes All
access rights for the naming context:
CN=Configuration,DC=hkcec,DC=nws
......................... AD06 failed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: frsevent
......................... AD06 passed test frsevent
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Starting test: VerifyReferences
......................... AD06 passed test VerifyReferences
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test
CheckSDRefDom
Running partition tests on : hkcec
Starting test: CrossRefValidation
......................... hkcec passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... hkcec passed test CheckSDRefDom
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
NETDIAG RESULT (running on win2k3 with exchange 2003 insalled)
C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

...................................

Computer Name: MAIL01
DNS Host Name: mail01.hkcec.nws
System info : Windows 2000 Server (Build 3790)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB819696
KB822925
KB823182
KB823559
KB823728
KB823980
KB824105
KB824141
KB824145
KB824146
KB825119
KB828028
KB828035
KB828741
KB828750
KB830352
KB831464
KB832894
KB835732
KB837001
KB837009
KB837272
KB840374
KB893803v2
Q147222
Q828026
Netcard queries test . . . . . . . : Passed
Per interface results:

Adapter : Local Area Connection 4

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : mail01
IP Address . . . . . . . . : 10.0.0.16
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messenge
r Service', <20> 'WINS' names is missing.
No remote names have been found.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00>
'WorkStation
Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{1685F764-98AF-4F78-B7A4-0ACC841B66CF}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Passed
Click to expand...
Click to expand...
Click to expand...
 
Thanks for your help.

At last, I will demote and disconnect AD01.
How about I set DNS on DC as follow:
AD01: DNS point to AD05 and then itself
AD05: DNS point to itself and AD06
AD06: DNS point to AD05 and itself.

Thanks

Patrick
 
Hello patrick,

That's one option, but keep in mind if AD05 is down it will take longer for
AD06 to react. With my servers i have it like first itself and second the
other. For AD01 do first itself and second one of the other two.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
 
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog

Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog

Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog

Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck



Netdiag result

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

.......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1


Netcard queries test . . . . . . . : Passed



Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68


AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.

NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.

List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
[WARNING] Failed to query SPN registration on DC 'adtest.hkcec.nws'.


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.


The command completed successfully

C:\Documents and Settings\Administrator.HKCEC>
------------------------------------

Thanks

Patrick
 
Hello patrick,

You have to machines ad02 and adtest. Are they still active or removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
[WARNING] Failed to query SPN registration on DC
'adtest.hkcec.nws'.
Bindings test. . . . . . . . . . . : Passed

WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.
The command completed successfully

C:\Documents and Settings\Administrator.HKCEC>
------------------------------------
Thanks

Patrick

Meinolf Weber said:
Hello patrick,

That's one option, but keep in mind if AD05 is down it will take
longer for AD06 to react. With my servers i have it like first itself
and second the other. For AD01 do first itself and second one of the
other two.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Click to expand...
Click to expand...
 
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick


Meinolf Weber said:
Hello patrick,

You have to machines ad02 and adtest. Are they still active or removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests

Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests

Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result

C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed

Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed

Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed

WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:

Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed

IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed

Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.

Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed

DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
Click to expand...
Click to expand...
 
Hello patrick,

And they are not longer visible in DNS and AD? So now you are more or less
at the point before removing AD01?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

You have to machines ad02 and adtest. Are they still active or
removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result
C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed
Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'ad02.hkcec.nws'.
Click to expand...
Click to expand...
Click to expand...
 
Hi Meinolf,

Because that 2 DC were out of order, I just use ntdsutil to remove it. DNS
records are removed. Computer object still there.

Thanks

Patrick



Meinolf Weber said:
Hello patrick,

And they are not longer visible in DNS and AD? So now you are more or less
at the point before removing AD01?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

You have to machines ad02 and adtest. Are they still active or
removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06
Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result
C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws

......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed
Per interface results:

Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed

NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed

Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed

DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed

Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed
Click to expand...
Click to expand...
Click to expand...
 
Hello patrick,

Are the objects in computers container or DC OU?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Hi Meinolf,

Because that 2 DC were out of order, I just use ntdsutil to remove it.
DNS records are removed. Computer object still there.

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

And they are not longer visible in DNS and AD? So now you are more or
less at the point before removing AD01?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick

:

Hello patrick,

You have to machines ad02 and adtest. Are they still active or
removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result
C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws
......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.68' a
nd other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped

Kerberos test. . . . . . . . . . . : Passed
Click to expand...
Click to expand...
Click to expand...
 
yes, that 2 DC object are in DC OU.

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

Are the objects in computers container or DC OU?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
Hi Meinolf,

Because that 2 DC were out of order, I just use ntdsutil to remove it.
DNS records are removed. Computer object still there.

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

And they are not longer visible in DNS and AD? So now you are more or
less at the point before removing AD01?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick

:

Hello patrick,

You have to machines ad02 and adtest. Are they still active or
removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result
C:\Documents and Settings\Administrator.HKCEC>netdiag /d:hkcec.nws
......................................

Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection

Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed

[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
Click to expand...
Click to expand...
Click to expand...
 
Hello patrick,

Seems that your removal with ntdsutil was not complete. Also possible that
they come back after rolling back AD01. Check with that article again, if
they will NEVER come back.
http://support.microsoft.com/?kbid=555846&SD=tech

Also check again that the FSMO roles are on AD05 or AD06 and that both machines
are GC's. Just to be sure that AD01 is completely ready for the removal.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
yes, that 2 DC object are in DC OU.

Thanks

Patrick

Meinolf Weber said:
Hello patrick,

Are the objects in computers container or DC OU?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers
no rights.
Hi Meinolf,

Because that 2 DC were out of order, I just use ntdsutil to remove
it. DNS records are removed. Computer object still there.

Thanks

Patrick

:

Hello patrick,

And they are not longer visible in DNS and AD? So now you are more
or less at the point before removing AD01?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
ad02 and adtest had been removed by ntdsutil (not by dcpromo)

Thanks

Patrick

:

Hello patrick,

You have to machines ad02 and adtest. Are they still active or
removed?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties,
and
confers
no rights.
Thanks for your help.

Below are the reuslt again that I ran netdiag and dcdiag on AD05

--------------------

DCDIAG RESULT

C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad01

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD01
Starting test: Connectivity
......................... AD01 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD01
Starting test: Replications
......................... AD01 passed test Replications
Starting test: NCSecDesc
......................... AD01 passed test NCSecDesc
Starting test: NetLogons
......................... AD01 passed test NetLogons
Starting test: Advertising
......................... AD01 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD01 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD01 passed test RidManager
Starting test: MachineAccount
......................... AD01 passed test MachineAccount
Starting test: Services
......................... AD01 passed test Services
Starting test: ObjectsReplicated
......................... AD01 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD01 passed test frssysvol
Starting test: kccevent
......................... AD01 passed test kccevent
Starting test: systemlog
......................... AD01 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad05
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD05
Starting test: Connectivity
......................... AD05 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD05
Starting test: Replications
......................... AD05 passed test Replications
Starting test: NCSecDesc
......................... AD05 passed test NCSecDesc
Starting test: NetLogons
......................... AD05 passed test NetLogons
Starting test: Advertising
......................... AD05 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD05 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD05 passed test RidManager
Starting test: MachineAccount
......................... AD05 passed test MachineAccount
Starting test: Services
......................... AD05 passed test Services
Starting test: ObjectsReplicated
......................... AD05 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD05 passed test frssysvol
Starting test: kccevent
......................... AD05 passed test kccevent
Starting test: systemlog
......................... AD05 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
C:\Documents and Settings\Administrator.HKCEC>dcdiag /s:ad06
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD06
Starting test: Connectivity
......................... AD06 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD06
Starting test: Replications
......................... AD06 passed test Replications
Starting test: NCSecDesc
......................... AD06 passed test NCSecDesc
Starting test: NetLogons
......................... AD06 passed test NetLogons
Starting test: Advertising
......................... AD06 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... AD06 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... AD06 passed test RidManager
Starting test: MachineAccount
......................... AD06 passed test MachineAccount
Starting test: Services
......................... AD06 passed test Services
Starting test: ObjectsReplicated
......................... AD06 passed test ObjectsReplicated
Starting test: frssysvol
......................... AD06 passed test frssysvol
Starting test: kccevent
......................... AD06 passed test kccevent
Starting test: systemlog
......................... AD06 passed test systemlog
Running enterprise tests on : hkcec.nws
Starting test: Intersite
......................... hkcec.nws passed test Intersite
Starting test: FsmoCheck
......................... hkcec.nws passed test FsmoCheck
Netdiag result
C:\Documents and Settings\Administrator.HKCEC>netdiag
/d:hkcec.nws
......................................
Computer Name: AD05
DNS Host Name: AD05.hkcec.nws
System info : Windows 2000 Server (Build 2195)
Processor : x86 Family 15 Model 6 Stepping 8, GenuineIntel
List of installed hotfixes :
KB329115
KB822343
KB823182
KB823559
KB824105
KB825119
KB826232
KB828035
KB828749
KB832353
KB832359
KB841356
KB842773
KB885836
KB890046
KB893756
KB893803v2
KB896358
KB896422
KB896423
KB899587
KB899589
KB899591
KB900725
KB901017
KB901214
KB904706
KB905414
KB905495-IE6SP1-20050805.184113
KB905749
KB908519
KB908531
KB911280
KB911564
KB913580
KB914388
KB914389
KB917008
KB917344
KB917736
KB917953
KB918118
KB920213
KB920670
KB920683
KB920685
KB921398
KB922582
KB923191
KB923414
KB923694-OE55SP2-20061106.120000
KB923694-OE6SP1-20061106.120000
KB923980
KB924191
KB924270
KB924667
KB925398_WMP64
KB925902
KB926436
KB927891
KB928843
KB929969-IE501SP4-20061220.120000
KB929969-IE6SP1-20061220.120000
KB930178
KB931784
KB932168
KB933566-IE501SP4-20070530.120000
KB933566-IE6SP1-20070417.120000
KB935839
KB935840
Q147222
Q828026
Update Rollup 1
Netcard queries test . . . . . . . : Passed
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed

Host Name. . . . . . . . . : AD05
IP Address . . . . . . . . : 10.0.0.63
Subnet Mask. . . . . . . . : 255.255.252.0
Default Gateway. . . . . . : 10.0.0.2
Dns Servers. . . . . . . . : 10.0.0.63
10.0.0.68
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Failed
No gateway reachable for this adapter.
NetBT name test. . . . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{8268BFDD-D7F3-4439-8068-E2F294E8B417}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Failed
[FATAL] NO GATEWAYS ARE REACHABLE.
You have no connectivity to other network segments.
If you configured the IP protocol manually then
you need to add at least one valid gateway.
NetBT name test. . . . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.63' a
nd other DCs also have some of the names registered.
PASS - All the DNS entries for DC are registered on DNS server
Click to expand...
Click to expand...
Click to expand...
 
Hi Meinolf,

Thanks for your help.
I got the right direction to solve the problem right now. I will update you
the result

Thanks

Patrick
 
Hi Meinolf,

After demote AD01, I just delte the AD01 container IN "AD Sites and
services"-> "Default-First-Sites-Name"->"Servers"--AD01"
Then no more group policy errors found on any machine that i logon.

AD01 is a first install DC, it is something bound to first insatall DC?

I'll try to remove DC completely according to your doc?

Thanks again

Patrick
 
Back
Top