dcdiag server5 Directory Server Diagnosis Performing initial setup Con

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
dcdiag /v /c /s:server5
Directory Server Diagnosis
Performing initial setup:
* Connecting to directory service on server server5.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=mydomain,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERVER4,CN=Servers,CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SiteA\SERVER5
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... SERVER5 passed test Connectivity
Doing primary tests
Testing server: SiteA\SERVER5
Starting test: Advertising
The DC SERVER5 is advertising itself as a DC and having a DS.
The DC SERVER5 is advertising as an LDAP server
The DC SERVER5 is advertising as having a writeable directory
The DC SERVER5 is advertising as a Key Distribution Center
The DC SERVER5 is advertising as a time server
The DS SERVER5 is advertising as a GC.
......................... SERVER5 passed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC SERVER5 for domain mydomain.local in site SiteA
Checking machine account for DC SERVER5 on DC SERVER5.
* SPN found :LDAP/server5.mydomain.local/mydomain.local
* SPN found :LDAP/server5.mydomain.local
* SPN found :LDAP/SERVER5
* SPN found :LDAP/server5.mydomain.local/mydomain
* SPN found :LDAP/9eaee6e1-578f-4003-8981-a5e011a0a42e._msdcs.mydomain.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9eaee6e1-578f-4003-8981-a5e011a0a42e/mydomain.local
* SPN found :HOST/server5.mydomain.local/mydomain.local
* SPN found :HOST/server5.mydomain.local
* SPN found :HOST/SERVER5
* SPN found :HOST/server5.mydomain.local/mydomain
* SPN found :GC/server5.mydomain.local/mydomain.local
[SERVER5] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<DC>.
......................... SERVER5 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER5 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
A warning event occurred. EventID: 0x80003509
Time Generated: 03/03/2019 20:32:06
Event String:
File Replication Service (FRS) is deprecated. To continue replicating the SYSVOL folder, you should migrate to DFS Replication by using the DFSRMIG command.
If you continue to use FRS for SYSVOL replication in this domain, you might not be able to add domain controllers running a future version of Windows Server.
......................... SERVER5 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
Skip the test because the server is running FRS.
......................... SERVER5 passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER5 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVER5 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
A warning event occurred. EventID: 0x8000082C
Time Generated: 03/04/2019 18:32:51
Event String:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: DC=mydomain,DC=local
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/04/2019 18:36:52
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Directory partition:
DC=mydomain,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=local
An error event occurred. EventID: 0xC000051F
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=mydomain,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/04/2019 18:36:52
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Directory partition:
DC=ForestDnsZones,DC=mydomain,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=local
An error event occurred. EventID: 0xC000051F
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=ForestDnsZones,DC=mydomain,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/04/2019 18:36:52
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Directory partition:
DC=DomainDnsZones,DC=mydomain,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=local
An error event occurred. EventID: 0xC000051F
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
DC=DomainDnsZones,DC=mydomain,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
A warning event occurred. EventID: 0x8000061E
Time Generated: 03/04/2019 18:36:52
Event String:
All directory servers in the following site that can replicate the directory partition over this transport are currently unavailable.
Site:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Directory partition:
CN=Configuration,DC=mydomain,DC=local
Transport:
CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=mydomain,DC=local
An error event occurred. EventID: 0xC000051F
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) has detected problems with the following directory partition.
Directory partition:
CN=Configuration,DC=mydomain,DC=local
There is insufficient site connectivity information for the KCC to create a spanning tree replication topology. Or, one or more directory servers with this directory partition are unable to replicate the directory partition information. This is probably due to inaccessible directory servers.
User Action
Perform one of the following actions:
- Publish sufficient site connectivity information so that the KCC can determine a route by which this directory partition can reach this site. This is the preferred option.
- Add a Connection object to a directory service that contains the directory partition in this site from a directory service that contains the same directory partition in another site.
If neither of the tasks correct this condition, see previous events logged by the KCC that identify the inaccessible directory servers.
A warning event occurred. EventID: 0x80000749
Time Generated: 03/04/2019 18:36:52
Event String:
The Knowledge Consistency Checker (KCC) was unable to form a complete spanning tree network topology. As a result, the following list of sites cannot be reached from the local site.
Sites:
CN=SiteB,CN=Sites,CN=Configuration,DC=mydomain,DC=local
......................... SERVER5 failed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Domain Owner = CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role PDC Owner = CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Rid Owner = CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
......................... SERVER5 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVER5 on DC SERVER5.
* SPN found :LDAP/server5.mydomain.local/mydomain.local
* SPN found :LDAP/server5.mydomain.local
* SPN found :LDAP/SERVER5
* SPN found :LDAP/server5.mydomain.local/mydomain
* SPN found :LDAP/9eaee6e1-578f-4003-8981-a5e011a0a42e._msdcs.mydomain.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9eaee6e1-578f-4003-8981-a5e011a0a42e/mydomain.local
* SPN found :HOST/server5.mydomain.local/mydomain.local
* SPN found :HOST/server5.mydomain.local
* SPN found :HOST/SERVER5
* SPN found :HOST/server5.mydomain.local/mydomain
* SPN found :GC/server5.mydomain.local/mydomain.local
......................... SERVER5 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER5.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=mydomain,DC=local
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=mydomain,DC=local
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydomain,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=mydomain,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=mydomain,DC=local
(Domain,Version 3)
......................... SERVER5 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVER5\netlogon
Verified share \\SERVER5\sysvol
......................... SERVER5 passed test NetLogons
Starting test: ObjectsReplicated
SERVER5 is in domain DC=mydomain,DC=local
Checking for CN=SERVER5,OU=Domain Controllers,DC=mydomain,DC=local in domain DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local in domain CN=Configuration,DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... SERVER5 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SERVER5 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,SERVER5] A recent replication attempt failed:
From SERVER4 to SERVER5
Naming Context: DC=mydomain,DC=local
The replication generated an error (8457):
The destination server is currently rejecting replication requests.
The failure occurred at 2019-03-04 17:07:11.
The last success occurred at 2019-03-03 19:02:34.
9 failures have occurred since the last success.
Replication has been explicitly disabled through the server
options.
.... repeated several times
......................... SERVER5 failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 5100 to 1073741823
* server5.mydomain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 4600 to 5099
* rIDPreviousAllocationPool is 4600 to 5099
* rIDNextRID: 4645
......................... SERVER5 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVER5 passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVER5 passed test SystemLog
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERVER5 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SERVER5 passed test VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVER5,OU=Domain Controllers,DC=mydomain,DC=local and backlink on
CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
are correct.
The system object reference (serverReferenceBL)
CN=SERVER5,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=local
and backlink on
CN=NTDS Settings,CN=SERVER5,CN=Servers,CN=SiteA,CN=Sites,CN=Configuration,DC=mydomain,DC=local
are correct.
The system object reference (frsComputerReferenceBL)
CN=SERVER5,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=local
and backlink on CN=SERVER5,OU=Domain Controllers,DC=mydomain,DC=local
are correct.
......................... SERVER5 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SERVER5 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SERVER5 passed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running enterprise tests on : mydomain.local
Starting test: DNS
Test results for domain controllers:
DC: server5.mydomain.local
Domain: mydomain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2016 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000000] Broadcom NetXtreme Gigabit Ethernet:
MAC address is 18:66:DA:B5:C2:DE
IP Address is static
IP address: 192.168.100.109
DNS servers:
127.0.0.1 (SERVER5) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.100.2 (<name unavailable>) [Valid]
4.2.2.2 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone mydomain.local
Warning: Failed to delete the test record dcdiag-test-record in zone mydomain.local
[Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)]
TEST: Records registration (RReg)
Network Adapter
[00000000] Broadcom NetXtreme Gigabit Ethernet:
Matching CNAME record found at DNS server 192.168.100.109:
9eaee6e1-578f-4003-8981-a5e011a0a42e._msdcs.mydomain.local
Matching A record found at DNS server 192.168.100.109:
server5.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.740fff7d-348b-4841-bdbb-128305a33b52.domains._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kerberos._tcp.dc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.dc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kerberos._tcp.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kerberos._udp.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kpasswd._tcp.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.SiteA._sites.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kerberos._tcp.SiteA._sites.dc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.SiteA._sites.dc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_kerberos._tcp.SiteA._sites.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.gc._msdcs.mydomain.local
Matching A record found at DNS server 192.168.100.109:
gc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_gc._tcp.SiteA._sites.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.SiteA._sites.gc._msdcs.mydomain.local
Matching SRV record found at DNS server 192.168.100.109:
_ldap._tcp.pdc._msdcs.mydomain.local
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.100.109 (SERVER5)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.100.2 (<name unavailable>)
All tests passed on this DNS server
DNS server: 4.2.2.2 (<name unavailable>)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: mydomain.local
server5 PASS PASS PASS PASS WARN PASS n/a
......................... mydomain.local passed test DNS
Starting test: LocatorCheck
GC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
PDC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
Time Server Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
Preferred Time Server Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
KDC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
......................... mydomain.local passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
PDC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
Time Server Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
Preferred Time Server Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
KDC Name: \\server5.mydomain.local
Locator Flags: 0xe001f3fd
......................... mydomain.local passed test FsmoCheck
Starting test: Intersite
Skipping site SiteA, this site is outside the scope provided by the
command line arguments provided.
Skipping site SiteB, this site is outside the scope provided by
the command line arguments provided.
......................... mydomain.local passed test Intersite