No Domain Controller - okdoky why do I keep gettin this?

  • Thread starter Thread starter James W. Long
  • Start date Start date
J

James W. Long

Okydoky why do keep getting this?
MY DC is right next to me,
it on, its up.
it was, it is.it shall be.

nonetheless this keeps happening in my event viewer on the client.
there must be some thing on the client or DC that isnt straight?


Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/4/2005
Time: 11:42:41 PM
User: N/A
Computer: HAL9000
Description:
No Windows NT or Windows 2000 Domain Controller is available for domain
JEWELCONSULTING. The following error occurred:
There are currently no logon servers available to service the logon request.
Data:
0000: 5e 00 00 c0 ^..À

Event Type: Warning
Event Source: BROWSER
Event Category: None

Event ID: 8021
Date: 1/5/2005
Time: 7:09:06 PM
User: N/A
Computer: HAL9000
Description:
The browser was unable to retrieve a list of servers from the browser master
\\JEWELNTSERVER on the network
\Device\NetBT_Tcpip_{76E87BCB-41A8-440C-95C4-8586665FE1BF}. The data is the
error code.
Data:
0000: 40 00 00 00 @...


Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 1/5/2005
Time: 7:11:06 PM
User: N/A
Computer: HAL9000
Description:
The browser service has failed to retrieve the backup list too many times on
transport \Device\NetBT_Tcpip_{76E87BCB-41A8-440C-95C4-8586665FE1BF}. The
backup browser is stopping.
Data:
0000: 40 00 00 00 @...
 
James W. Long said:
Okydoky why do keep getting this?
MY DC is right next to me,
it on, its up.
it was, it is.it shall be.

nonetheless this keeps happening in my event viewer on the client.
there must be some thing on the client or DC that isnt straight?
Click to expand...


It is almost always a DNS problem -- but
before we discuss DNS in general, please note
that SINGLE LABEL zone/domain names are
a "bad thing" (TM) and it appears you have one of
those, i.e., JEWELCONSULTING rather than
JEWELCONSULTING.com or
JEWELCONSULTING.something

Google:
[ "SINGLE LABEL" domain names DNS 2000 | 2003 microsoft: ]


General Active Director DNS support requires:

DNS for AD
1) Dynamic for the zone supporting AD
2) All internal DNS clients NIC\IP properties must specify SOLELY
that internal, dynamic DNS server (set.)
3) DCs and even DNS servers are DNS clients too -- see #2

Restart NetLogon on any DC if you change any of the above that
affects a DC and/or use:

nltest /dsregdns /server:DC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.

Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.
 
In
James W. Long said:
Okydoky why do keep getting this?
MY DC is right next to me,
it on, its up.
it was, it is.it shall be.

nonetheless this keeps happening in my event viewer on
the client.
there must be some thing on the client or DC that isnt
straight?
Click to expand...

James,
There are quite a few things that can cause 5719s, everything from a bad
switch to an NT4 DC with a FAT drive upgraded to a Win2k DC. We don't have
enough info to say exactly what it is.
Check this link, maybe you can narrow it down.
http://www.eventid.net/display.asp?eventid=5719&eventno=104&source=NETLOGON&phase=1
 
Herb Martin said:
It is almost always a DNS problem -- but
before we discuss DNS in general, please note
that SINGLE LABEL zone/domain names are
a "bad thing" (TM) and it appears you have one of
those, i.e., JEWELCONSULTING rather than
JEWELCONSULTING.com or
JEWELCONSULTING.something
Click to expand...


All about my DC:

couldnt find this
"nltest /dsregdns /server:DC-ServerNameGoesHere" on win2k.
no nltest/dsregdns (dsregdns was not an option in nltest (win2k),
can I use ipconfig/registerdns? so I did that instead.


C:\winnt:ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : jewelntserver
Primary DNS Suffix . . . . . . . : jewelconsulting.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jewelconsulting.org

Ethernet adapter Inside:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C918 Integrated Fast
Ethernet
Controller (3C905B-TX Compatible)
Physical Address. . . . . . . . . : 00-C0-4F-8D-91-F2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.50

C:\winnt:

C:\winnt:dcdiag /v

DC Diagnosis

Performing initial setup:
* Verifing that the local machine jewelntserver, is a DC.
* Connecting to directory service on server jewelntserver.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
* Replications Check
......................... JEWELNTSERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
DC=jewelconsulting,DC=org
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
The DC JEWELNTSERVER is advertising itself as a DC and having a DS.
The DC JEWELNTSERVER is advertising as an LDAP server
The DC JEWELNTSERVER is advertising as having a writeable directory
The DC JEWELNTSERVER is advertising as a Key Distribution Center
The DC JEWELNTSERVER is advertising as a time server
The DS JEWELNTSERVER is advertising as a GC.
......................... JEWELNTSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN
=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsul
ting
,DC=org
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1637 to 1073741823
* jewelntserver.jewelconsulting.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1137 to 1636
* rIDNextRID: 1149
* rIDPreviousAllocationPool is 1137 to 1636
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
* SPN found
:LDAP/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :LDAP/jewelntserver.jewelconsulting.org
* SPN found :LDAP/JEWELNTSERVER
* SPN found :LDAP/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:LDAP/b2778bcb-b468-4780-83fb-cec5819f2abe._msdcs.jewelcons
ulting.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/b2778bcb-b468-4780-83
fb-cec5819f2abe/jewelconsulting.org
* SPN found
:HOST/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :HOST/jewelntserver.jewelconsulting.org
* SPN found :HOST/JEWELNTSERVER
* SPN found :HOST/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:GC/jewelntserver.jewelconsulting.org/jewelconsulting.org
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
JEWELNTSERVER is in domain DC=jewelconsulting,DC=org
Checking for CN=JEWELNTSERVER,OU=Domain
Controllers,DC=jewelconsulting,
DC=org in domain DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Default-Fi
rst-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org in domain
CN=C
onfiguration,DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... JEWELNTSERVER passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JEWELNTSERVER passed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
PDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
KDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
......................... jewelconsulting.org passed test FsmoCheck

C:\winnt:




nltest /dsregdns /server:DC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Click to expand...

ony the one present
 
Herb:

Never mind I think I found it.
my firewall exercises netbois protection
and that slaps the door shut.
so when I disable netbios protection,
the client talks to the dc again, but no
netbios protection. se la vie.

Thank you,
James W. Long

James W. Long said:
Herb Martin said:
It is almost always a DNS problem -- but
before we discuss DNS in general, please note
that SINGLE LABEL zone/domain names are
a "bad thing" (TM) and it appears you have one of
those, i.e., JEWELCONSULTING rather than
JEWELCONSULTING.com or
JEWELCONSULTING.something
Click to expand...


All about my DC:

couldnt find this
"nltest /dsregdns /server:DC-ServerNameGoesHere" on win2k.
no nltest/dsregdns (dsregdns was not an option in nltest (win2k),
can I use ipconfig/registerdns? so I did that instead.


C:\winnt:ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : jewelntserver
Primary DNS Suffix . . . . . . . : jewelconsulting.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jewelconsulting.org

Ethernet adapter Inside:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C918 Integrated Fast
Ethernet
Controller (3C905B-TX Compatible)
Physical Address. . . . . . . . . : 00-C0-4F-8D-91-F2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.50

C:\winnt:

C:\winnt:dcdiag /v

DC Diagnosis

Performing initial setup:
* Verifing that the local machine jewelntserver, is a DC.
* Connecting to directory service on server jewelntserver.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
* Replications Check
......................... JEWELNTSERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
DC=jewelconsulting,DC=org
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
The DC JEWELNTSERVER is advertising itself as a DC and having a DS.
The DC JEWELNTSERVER is advertising as an LDAP server
The DC JEWELNTSERVER is advertising as having a writeable directory
The DC JEWELNTSERVER is advertising as a Key Distribution Center
The DC JEWELNTSERVER is advertising as a time server
The DS JEWELNTSERVER is advertising as a GC.
......................... JEWELNTSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN
=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsul
ting
,DC=org
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1637 to 1073741823
* jewelntserver.jewelconsulting.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1137 to 1636
* rIDNextRID: 1149
* rIDPreviousAllocationPool is 1137 to 1636
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
* SPN found
:LDAP/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :LDAP/jewelntserver.jewelconsulting.org
* SPN found :LDAP/JEWELNTSERVER
* SPN found :LDAP/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:LDAP/b2778bcb-b468-4780-83fb-cec5819f2abe._msdcs.jewelcons
ulting.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/b2778bcb-b468-4780-83
fb-cec5819f2abe/jewelconsulting.org
* SPN found
:HOST/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :HOST/jewelntserver.jewelconsulting.org
* SPN found :HOST/JEWELNTSERVER
* SPN found :HOST/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:GC/jewelntserver.jewelconsulting.org/jewelconsulting.org
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
JEWELNTSERVER is in domain DC=jewelconsulting,DC=org
Checking for CN=JEWELNTSERVER,OU=Domain
Controllers,DC=jewelconsulting,
DC=org in domain DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Default-Fi
rst-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org in domain
CN=C
onfiguration,DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... JEWELNTSERVER passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JEWELNTSERVER passed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
PDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
KDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
......................... jewelconsulting.org passed test FsmoCheck
C:\winnt:






nltest /dsregdns /server:DC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Click to expand...

ony the one present
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

--
Herb Martin

is
the times
Click to expand...
Click to expand...
 
I put the detail in the reply to Herb.
never mind though I think I found it.
my firewall exercises netbois protection
and that slaps the door shut.
so when I disable netbios protection,
the client talks to the dc again, but no
netbios protection. se la vie.

Thank you !
James W. Long
 
James W. Long said:
Herb:

Never mind I think I found it.
my firewall exercises netbois protection
and that slaps the door shut.
so when I disable netbios protection,
the client talks to the dc again, but no
netbios protection. se la vie.
Click to expand...

Contrary to the marketing for Win2000,
NetBIOS is still a practical necessity even
with Win2003.

BUT, it should not be necessary for your
authentication and I suspect the single
label DNS name for the domain.

--
Herb Martin

Thank you,
James W. Long

James W. Long said:
All about my DC:

couldnt find this
"nltest /dsregdns /server:DC-ServerNameGoesHere" on win2k.
no nltest/dsregdns (dsregdns was not an option in nltest (win2k),
can I use ipconfig/registerdns? so I did that instead.


C:\winnt:ipconfig /all

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : jewelntserver
Primary DNS Suffix . . . . . . . : jewelconsulting.org
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : jewelconsulting.org

Ethernet adapter Inside:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com 3C918 Integrated Fast
Ethernet
Controller (3C905B-TX Compatible)
Physical Address. . . . . . . . . : 00-C0-4F-8D-91-F2
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
DNS Servers . . . . . . . . . . . : 10.0.0.50

C:\winnt:

C:\winnt:dcdiag /v

DC Diagnosis

Performing initial setup:
* Verifing that the local machine jewelntserver, is a DC.
* Connecting to directory service on server jewelntserver.
* Collecting site info.
* Identifying all servers.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial non skippeable tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... JEWELNTSERVER passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\JEWELNTSERVER
Starting test: Replications
* Replications Check
......................... JEWELNTSERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
CN=Configuration,DC=jewelconsulting,DC=org
* Security Permissions Check for
DC=jewelconsulting,DC=org
......................... JEWELNTSERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... JEWELNTSERVER passed test NetLogons
Starting test: Advertising
The DC JEWELNTSERVER is advertising itself as a DC and having a DS.
The DC JEWELNTSERVER is advertising as an LDAP server
The DC JEWELNTSERVER is advertising as having a writeable directory
The DC JEWELNTSERVER is advertising as a Key Distribution Center
The DC JEWELNTSERVER is advertising as a time server
The DS JEWELNTSERVER is advertising as a GC.
......................... JEWELNTSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Domain Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Def
ault-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role PDC Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Rid Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Defaul
t-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=JEWELNTSERVER,CN
Click to expand...
=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsul
ting
,DC=org
......................... JEWELNTSERVER passed test
KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 1637 to 1073741823
* jewelntserver.jewelconsulting.org is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1137 to 1636
* rIDNextRID: 1149
* rIDPreviousAllocationPool is 1137 to 1636
......................... JEWELNTSERVER passed test RidManager
Starting test: MachineAccount
* SPN found
:LDAP/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :LDAP/jewelntserver.jewelconsulting.org
* SPN found :LDAP/JEWELNTSERVER
* SPN found :LDAP/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:LDAP/b2778bcb-b468-4780-83fb-cec5819f2abe._msdcs.jewelcons
ulting.org
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/b2778bcb-b468-4780-83
fb-cec5819f2abe/jewelconsulting.org
* SPN found
:HOST/jewelntserver.jewelconsulting.org/jewelconsulting.org

* SPN found :HOST/jewelntserver.jewelconsulting.org
* SPN found :HOST/JEWELNTSERVER
* SPN found :HOST/jewelntserver.jewelconsulting.org/JEWELCONSULTING
* SPN found
:GC/jewelntserver.jewelconsulting.org/jewelconsulting.org
......................... JEWELNTSERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
* Checking Service: Dnscache
Could not open IISADMIN Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
* Checking Service: NtFrs
Could not open SMTPSVC Service on [JEWELNTSERVER]:failed with
1060:
The specified service does not exist as an installed service.
......................... JEWELNTSERVER failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
JEWELNTSERVER is in domain DC=jewelconsulting,DC=org
Checking for CN=JEWELNTSERVER,OU=Domain
Controllers,DC=jewelconsulting,
DC=org in domain DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=JEWELNTSERVER,CN=Servers,CN=Default-Fi
rst-Site-Name,CN=Sites,CN=Configuration,DC=jewelconsulting,DC=org in domain
CN=C
onfiguration,DC=jewelconsulting,DC=org on 1 servers
Object is up-to-date on all servers.
......................... JEWELNTSERVER passed test
ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
......................... JEWELNTSERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15
minut
es.
......................... JEWELNTSERVER passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... JEWELNTSERVER passed test systemlog

Running enterprise tests on : jewelconsulting.org
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the
scope
provided by the command line arguments provided.
......................... jewelconsulting.org passed test Intersite
Starting test: FsmoCheck
GC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
PDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
KDC Name: \\jewelntserver.jewelconsulting.org
Locator Flags: 0xe00001fd
......................... jewelconsulting.org passed test FsmoCheck
C:\winnt:






nltest /dsregdns /server:DC-ServerNameGoesHere

Ensure that DNS zones/domains are fully replicated to all DNS
servers for that (internal) zone/domain.
Click to expand...

ony the one present
Also useful may be running DCDiag on each DC, sending the
output to a text file, and searching for FAIL, ERROR, WARN.

--
Herb Martin



Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 1/4/2005
Time: 11:42:41 PM
User: N/A
Computer: HAL9000
Description:
No Windows NT or Windows 2000 Domain Controller is available for domain
JEWELCONSULTING. The following error occurred:
There are currently no logon servers available to service the logon
request.
Data:
0000: 5e 00 00 c0 ^..À

Event Type: Warning
Event Source: BROWSER
Event Category: None

Event ID: 8021
Date: 1/5/2005
Time: 7:09:06 PM
User: N/A
Computer: HAL9000
Description:
The browser was unable to retrieve a list of servers from the browser
master
\\JEWELNTSERVER on the network
\Device\NetBT_Tcpip_{76E87BCB-41A8-440C-95C4-8586665FE1BF}. The data is
the
error code.
Data:
0000: 40 00 00 00 @...


Event Type: Error
Event Source: BROWSER
Event Category: None
Event ID: 8032
Date: 1/5/2005
Time: 7:11:06 PM
User: N/A
Computer: HAL9000
Description:
The browser service has failed to retrieve the backup list too many times
on
transport
Click to expand...
\Device\NetBT_Tcpip_{76E87BCB-41A8-440C-95C4-8586665FE1BF}.
The
backup browser is stopping.
Data:
0000: 40 00 00 00 @...
Click to expand...
Click to expand...
Click to expand...
 
In
Herb Martin said:
BUT, it should not be necessary for your
authentication and I suspect the single
label DNS name for the domain.
Click to expand...

Herb, James is a somewhat regular poster here and it has already been
verified that he does not have a Single-label domain name.
 
Back
Top