|
| PORTAIL | ANNUAIRE | ARTICLES | COMPARATEUR HÉBERGEURS | DEVIS | FORUMS | RÉDUCTEUR D'URL |
|
|
|
|
||||||
 |
|
|
LinkBack | Outils de la discussion |
08/04/2008, 22h22
|
#1 |
Messages: n/a
Hébergeur: |
adding 64-bit R2 DC to existing domain
Dcpromo fails trying to promote an Enterprise Edition R2 64-bit server to
domain controller. Current configuration: 2 Server 2003 standard edition 32-bit domain controllers. Service pack 2 installed and running at Native 2003 level. Adprep /forestprep fails with "Adprep was unable to extend the schema. The schema master did not complete a replication cycle ..." ( Adprep from disc 2 of the 32-bit, R2) I'm able to manually replicate with the AD Sites & Services application. What am I missing? Should I / can I upgrade the Standard Edition 2003 to R2 EE then add the new 64-bit servers? JK |
|
|
09/04/2008, 08h45
|
#2 |
|
Messages: n/a
Hébergeur: |
Re: adding 64-bit R2 DC to existing domain
JK wrote:
> Dcpromo fails trying to promote an Enterprise Edition R2 64-bit > server to domain controller. > > Current configuration: > 2 Server 2003 standard edition 32-bit domain controllers. Service > pack 2 installed and running at Native 2003 level. > > > Adprep /forestprep fails with "Adprep was unable to extend the > schema. The schema master did not complete a replication cycle ..." > > ( Adprep from disc 2 of the 32-bit, R2) > Run on the schema master using an account with schema admin membership? If so, probably want to run a dcdiag /c /v /e and look for problems before proceeding. > > > I'm able to manually replicate with the AD Sites & Services > application. > > What am I missing? Should I / can I upgrade the Standard Edition > 2003 to R2 EE then add the new 64-bit servers? > > JK -- /kj |
|
|
|
10/04/2008, 15h58
|
#3 |
|
Messages: n/a
Hébergeur: |
Re: adding 64-bit R2 DC to existing domain
kj [SBS MVP] wrote:
> JK wrote: >> Dcpromo fails trying to promote an Enterprise Edition R2 64-bit >> server to domain controller. >> >> Current configuration: >> 2 Server 2003 standard edition 32-bit domain controllers. Service >> pack 2 installed and running at Native 2003 level. >> >> >> Adprep /forestprep fails with "Adprep was unable to extend the >> schema. The schema master did not complete a replication cycle ..." >> >> ( Adprep from disc 2 of the 32-bit, R2) >> > > Run on the schema master using an account with schema admin membership? > > If so, probably want to run a dcdiag /c /v /e and look for problems before > proceeding. > >> >> >> I'm able to manually replicate with the AD Sites & Services >> application. >> >> What am I missing? Should I / can I upgrade the Standard Edition >> 2003 to R2 EE then add the new 64-bit servers? >> >> JK > Yep, running dcdiag /c /v /e shows several errors: server1 failed test KnowsOfRoleHolders server1 failed test VerifyReplicas server1 failed test VerifyEnterpriseReferences server2 failed test KnowsOfRoleHolders server2 failed test systemlog server2 failed test VerifyReplicas server2 failed test VerifyEnterpriseReferences ForestDnsZones failed test CrossRefValidation ForestDnsZones failed test CheckSDRefDom DomainDnsZones failed test CrossRefValidation DomainDnsZones failed test CheckSDRefDom Schema failed test CrossRefValidation Configuration failed test CrossRefValidation OurDomain failed test CrossRefValidation The KnowsOfRoleHolders test throws warnings about CN=server2 is the Schema Owner but is deleted and the Domain Owner but is deleted. This seems like a lot of errors! And I thought everything was just fine ... Should I run ntdsutil on server1 to seize all roles? Then try dcpromo from the new servers again. Thanks! JK |
|
|
|
10/04/2008, 21h54
|
#4 |
|
Messages: n/a
Hébergeur: |
Re: adding 64-bit R2 DC to existing domain
"JK" <jk@jhu.edu> wrote in message news:eQ2azLxmIHA.4712@TK2MSFTNGP04.phx.gbl... > kj [SBS MVP] wrote: > >> JK wrote: >>> Dcpromo fails trying to promote an Enterprise Edition R2 64-bit >>> server to domain controller. >>> >>> Current configuration: >>> 2 Server 2003 standard edition 32-bit domain controllers. Service >>> pack 2 installed and running at Native 2003 level. >>> >>> >>> Adprep /forestprep fails with "Adprep was unable to extend the >>> schema. The schema master did not complete a replication cycle ..." >>> >>> ( Adprep from disc 2 of the 32-bit, R2) >>> >> >> Run on the schema master using an account with schema admin membership? >> >> If so, probably want to run a dcdiag /c /v /e and look for problems >> before >> proceeding. >> >>> >>> >>> I'm able to manually replicate with the AD Sites & Services >>> application. >>> >>> What am I missing? Should I / can I upgrade the Standard Edition >>> 2003 to R2 EE then add the new 64-bit servers? >>> >>> JK >> > > > > Yep, running dcdiag /c /v /e shows several errors: > > > server1 failed test KnowsOfRoleHolders > server1 failed test VerifyReplicas > server1 failed test VerifyEnterpriseReferences > server2 failed test KnowsOfRoleHolders > server2 failed test systemlog > server2 failed test VerifyReplicas > server2 failed test VerifyEnterpriseReferences > ForestDnsZones failed test CrossRefValidation > ForestDnsZones failed test CheckSDRefDom > DomainDnsZones failed test CrossRefValidation > DomainDnsZones failed test CheckSDRefDom > Schema failed test CrossRefValidation > Configuration failed test CrossRefValidation > OurDomain failed test CrossRefValidation > > The KnowsOfRoleHolders test throws warnings about CN=server2 is the Schema > Owner but is deleted and the Domain Owner but is deleted. > > This seems like a lot of errors! And I thought everything was just fine > ... > > I'd start out with troubleshooting DNS problems and go for there. Making AD structure changes where AD already has problems isn't likely to be beneficial. You might also want to spring for the PSS/CSS call to Microsoft for rapid resolution. If you post the unedit dcdiag output, some additional diagnosis may be possible. > Should I run ntdsutil on server1 to seize all roles? Then try dcpromo > from > the new servers again. > > Thanks! > > JK > > |
|
|
|
11/04/2008, 14h49
|
#5 |
|
Messages: n/a
Hébergeur: |
Re: adding 64-bit R2 DC to existing domain
kj [MVP SBS] wrote:
> > "JK" <jk@jhu.edu> wrote in message > news:eQ2azLxmIHA.4712@TK2MSFTNGP04.phx.gbl... >> kj [SBS MVP] wrote: >> >>> JK wrote: >>>> Dcpromo fails trying to promote an Enterprise Edition R2 64-bit >>>> server to domain controller. >>>> >>>> Current configuration: >>>> 2 Server 2003 standard edition 32-bit domain controllers. Service >>>> pack 2 installed and running at Native 2003 level. >>>> >>>> >>>> Adprep /forestprep fails with "Adprep was unable to extend the >>>> schema. The schema master did not complete a replication cycle ..." >>>> >>>> ( Adprep from disc 2 of the 32-bit, R2) >>>> >>> >>> Run on the schema master using an account with schema admin membership? >>> >>> If so, probably want to run a dcdiag /c /v /e and look for problems >>> before >>> proceeding. >>> >>>> >>>> >>>> I'm able to manually replicate with the AD Sites & Services >>>> application. >>>> >>>> What am I missing? Should I / can I upgrade the Standard Edition >>>> 2003 to R2 EE then add the new 64-bit servers? >>>> >>>> JK >>> >> >> >> >> Yep, running dcdiag /c /v /e shows several errors: >> >> >> server1 failed test KnowsOfRoleHolders >> server1 failed test VerifyReplicas >> server1 failed test VerifyEnterpriseReferences >> server2 failed test KnowsOfRoleHolders >> server2 failed test systemlog >> server2 failed test VerifyReplicas >> server2 failed test VerifyEnterpriseReferences >> ForestDnsZones failed test CrossRefValidation >> ForestDnsZones failed test CheckSDRefDom >> DomainDnsZones failed test CrossRefValidation >> DomainDnsZones failed test CheckSDRefDom >> Schema failed test CrossRefValidation >> Configuration failed test CrossRefValidation >> OurDomain failed test CrossRefValidation >> >> The KnowsOfRoleHolders test throws warnings about CN=server2 is the >> Schema Owner but is deleted and the Domain Owner but is deleted. >> >> This seems like a lot of errors! And I thought everything was just fine >> ... >> >> > > I'd start out with troubleshooting DNS problems and go for there. Making > AD structure changes where AD already has problems isn't likely to be > beneficial. > > > You might also want to spring for the PSS/CSS call to Microsoft for rapid > resolution. > > If you post the unedit dcdiag output, some additional diagnosis may be > possible. > >> Should I run ntdsutil on server1 to seize all roles? Then try dcpromo >> from >> the new servers again. >> >> Thanks! >> >> JK >> >> kj good advice. In the meantime here's the raw dcdiag output from server2 (real name == somsrv4, PDC is somsrv3) and thanks very much. JK ================================================== ========================== Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine somsrv4, is a DC. * Connecting to directory service on server somsrv4. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 2 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\SOMSRV3 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... SOMSRV3 passed test Connectivity Testing server: Default-First-Site-Name\SOMSRV4 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... SOMSRV4 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\SOMSRV3 Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... SOMSRV3 passed test Replications Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SOMSRV3 passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SOMSRV3 passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC SOMSRV3. * Security Permissions Check for DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu (NDNC,Version 2) * Security Permissions Check for DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu (NDNC,Version 2) * Security Permissions Check for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=somato,DC=mb,DC=jhu,DC=edu (Domain,Version 2) ......................... SOMSRV3 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\SOMSRV3\netlogon Verified share \\SOMSRV3\sysvol ......................... SOMSRV3 passed test NetLogons Starting test: Advertising The DC SOMSRV3 is advertising itself as a DC and having a DS. The DC SOMSRV3 is advertising as an LDAP server The DC SOMSRV3 is advertising as having a writeable directory The DC SOMSRV3 is advertising as a Key Distribution Center The DC SOMSRV3 is advertising as a time server The DS SOMSRV3 is advertising as a GC. ......................... SOMSRV3 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu Warning: CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu Warning: CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu is the Domain Owner, but is deleted. Role PDC Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu ......................... SOMSRV3 failed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 3093 to 1073741823 * somsrv3.somato.mb.jhu.edu is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2093 to 2592 * rIDPreviousAllocationPool is 2093 to 2592 * rIDNextRID: 2193 ......................... SOMSRV3 passed test RidManager Starting test: MachineAccount Checking machine account for DC SOMSRV3 on DC SOMSRV3. * SPN found :LDAP/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :LDAP/somsrv3.somato.mb.jhu.edu * SPN found :LDAP/SOMSRV3 * SPN found :LDAP/somsrv3.somato.mb.jhu.edu/SOMATO * SPN found :LDAP/6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ 6198d96a-7623-4d8f-a1f4-70ec31dc0794/somato.mb.jhu.edu * SPN found :HOST/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :HOST/somsrv3.somato.mb.jhu.edu * SPN found :HOST/SOMSRV3 * SPN found :HOST/somsrv3.somato.mb.jhu.edu/SOMATO * SPN found :GC/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu ......................... SOMSRV3 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... SOMSRV3 passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... SOMSRV3 passed test OutboundSecureChannels Starting test: ObjectsReplicated SOMSRV3 is in domain DC=somato,DC=mb,DC=jhu,DC=edu Checking for CN=SOMSRV3,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu in domain DC=somato,DC=mb,DC=jhu,DC=edu on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu in domain CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu on 2 servers Object is up-to-date on all servers. ......................... SOMSRV3 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... SOMSRV3 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... SOMSRV3 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... SOMSRV3 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... SOMSRV3 passed test systemlog Starting test: VerifyReplicas For the partition (DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). For the partition (DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... SOMSRV3 failed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=SOMSRV3,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=SOMSRV3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=SOMSRV3,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu are correct. The system object reference (serverReferenceBL) CN=SOMSRV3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu are correct. ......................... SOMSRV3 passed test VerifyReferences Starting test: VerifyEnterpriseReferences Can't determine the age of the cross-ref CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu for the partition DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu for the partition DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=so mato,DC=mb,DC=jhu,DC=edu for the partition CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=somato,DC =mb,DC=jhu,DC=edu for the partition CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=SOMATO,CN=Partitions,CN=Configuration,DC=somato ,DC=mb,DC=jhu,DC=edu for the partition DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. ......................... SOMSRV3 failed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC SOMSRV4 for domain somato.mb.jhu.edu in site Default-First-Site-Name Checking machine account for DC SOMSRV3 on DC SOMSRV4. * SPN found :LDAP/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :LDAP/somsrv3.somato.mb.jhu.edu * SPN found :LDAP/SOMSRV3 * SPN found :LDAP/somsrv3.somato.mb.jhu.edu/SOMATO * SPN found :LDAP/6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ 6198d96a-7623-4d8f-a1f4-70ec31dc0794/somato.mb.jhu.edu * SPN found :HOST/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :HOST/somsrv3.somato.mb.jhu.edu * SPN found :HOST/SOMSRV3 * SPN found :HOST/somsrv3.somato.mb.jhu.edu/SOMATO * SPN found :GC/somsrv3.somato.mb.jhu.edu/somato.mb.jhu.edu Checking for CN=SOMSRV3,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu in domain DC=somato,DC=mb,DC=jhu,DC=edu on 2 servers Object is up-to-date on all servers. [SOMSRV3] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>. ......................... SOMSRV3 passed test CheckSecurityError Testing server: Default-First-Site-Name\SOMSRV4 Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=somato,DC=mb,DC=jhu,DC=edu Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... SOMSRV4 passed test Replications Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SOMSRV4 passed test Topology Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=somato,DC=mb,DC=jhu,DC=edu. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SOMSRV4 passed test CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC SOMSRV4. * Security Permissions Check for CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu (Configuration,Version 2) * Security Permissions Check for DC=somato,DC=mb,DC=jhu,DC=edu (Domain,Version 2) ......................... SOMSRV4 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\SOMSRV4\netlogon Verified share \\SOMSRV4\sysvol ......................... SOMSRV4 passed test NetLogons Starting test: Advertising The DC SOMSRV4 is advertising itself as a DC and having a DS. The DC SOMSRV4 is advertising as an LDAP server The DC SOMSRV4 is advertising as having a writeable directory The DC SOMSRV4 is advertising as a Key Distribution Center The DC SOMSRV4 is advertising as a time server ......................... SOMSRV4 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu Warning: CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu is the Schema Owner, but is deleted. Role Domain Owner = CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu Warning: CN=NTDS Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, DC=edu is the Domain Owner, but is deleted. Role PDC Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Role Rid Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu Role Infrastructure Update Owner = CN=NTDS Settings,CN=SOMSRV3,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu ......................... SOMSRV4 failed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 3093 to 1073741823 * somsrv3.somato.mb.jhu.edu is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2593 to 3092 * rIDPreviousAllocationPool is 2593 to 3092 * rIDNextRID: 2619 ......................... SOMSRV4 passed test RidManager Starting test: MachineAccount Checking machine account for DC SOMSRV4 on DC SOMSRV4. * SPN found :LDAP/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :LDAP/somsrv4.somato.mb.jhu.edu * SPN found :LDAP/SOMSRV4 * SPN found :LDAP/somsrv4.somato.mb.jhu.edu/SOMATO * SPN found :LDAP/bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915._msdcs.somato.mb.jhu.edu * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915/somato.mb.jhu.edu * SPN found :HOST/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :HOST/somsrv4.somato.mb.jhu.edu * SPN found :HOST/SOMSRV4 * SPN found :HOST/somsrv4.somato.mb.jhu.edu/SOMATO * SPN found :GC/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu ......................... SOMSRV4 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... SOMSRV4 passed test Services Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... SOMSRV4 passed test OutboundSecureChannels Starting test: ObjectsReplicated SOMSRV4 is in domain DC=somato,DC=mb,DC=jhu,DC=edu Checking for CN=SOMSRV4,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu in domain DC=somato,DC=mb,DC=jhu,DC=edu on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=SOMSRV4,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu in domain CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu on 2 servers Object is up-to-date on all servers. ......................... SOMSRV4 passed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... SOMSRV4 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... SOMSRV4 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... SOMSRV4 passed test kccevent Starting test: systemlog * The System Event log test An Error Event occured. EventID: 0xC0002719 Time Generated: 04/10/2008 08:24:53 (Event String could not be retrieved) ......................... SOMSRV4 failed test systemlog Starting test: VerifyReplicas For the partition (DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). For the partition (DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... SOMSRV4 failed test VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=SOMSRV4,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=SOMSRV4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu are correct. The system object reference (frsComputerReferenceBL) CN=SOMSRV4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=SOMSRV4,OU=Domain Controllers,DC=somato,DC=mb,DC=jhu,DC=edu are correct. The system object reference (serverReferenceBL) CN=SOMSRV4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=somato,DC=mb,DC=jhu,DC=edu and backlink on CN=NTDS Settings,CN=SOMSRV4,CN=Servers,CN=Default-First-Site-Name,CN=Sites, CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu are correct. ......................... SOMSRV4 passed test VerifyReferences Starting test: VerifyEnterpriseReferences Can't determine the age of the cross-ref CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu for the partition DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu for the partition DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=so mato,DC=mb,DC=jhu,DC=edu for the partition CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=somato,DC =mb,DC=jhu,DC=edu for the partition CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu, DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. Can't determine the age of the cross-ref CN=SOMATO,CN=Partitions,CN=Configuration,DC=somato ,DC=mb,DC=jhu,DC=edu for the partition DC=somato,DC=mb,DC=jhu,DC=edu, so following errors relating to this cross-ref/partition may disappear after replication coalesces. Please ensure that replication is working from the Domain Naming FSMO to this DC, and retry this test to see if errors continue. ......................... SOMSRV4 failed test VerifyEnterpriseReferences Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC SOMSRV4 for domain somato.mb.jhu.edu in site Default-First-Site-Name Checking machine account for DC SOMSRV4 on DC SOMSRV4. * SPN found :LDAP/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :LDAP/somsrv4.somato.mb.jhu.edu * SPN found :LDAP/SOMSRV4 * SPN found :LDAP/somsrv4.somato.mb.jhu.edu/SOMATO * SPN found :LDAP/bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915._msdcs.somato.mb.jhu.edu * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915/somato.mb.jhu.edu * SPN found :HOST/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu * SPN found :HOST/somsrv4.somato.mb.jhu.edu * SPN found :HOST/SOMSRV4 * SPN found :HOST/somsrv4.somato.mb.jhu.edu/SOMATO * SPN found :GC/somsrv4.somato.mb.jhu.edu/somato.mb.jhu.edu [SOMSRV4] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>. ......................... SOMSRV4 passed test CheckSecurityError DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Starting test: CrossRefValidation For the partition (DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... ForestDnsZones failed test CrossRefValidation Starting test: CheckSDRefDom For the partition (DC=ForestDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=1be9e8f5-de74-4626-b1fd-f4fe5efab512,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... ForestDnsZones failed test CheckSDRefDom Running partition tests on : DomainDnsZones Starting test: CrossRefValidation For the partition (DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... DomainDnsZones failed test CrossRefValidation Starting test: CheckSDRefDom For the partition (DC=DomainDnsZones,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=d57f7da8-eccf-4ef6-a75c-afcc3e002c04,CN=Partitions,CN=Configuration, DC=somato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... DomainDnsZones failed test CheckSDRefDom Running partition tests on : Schema Starting test: CrossRefValidation For the partition (CN=Schema,CN=Configuration,DC=somato,DC=mb,DC=jhu ,DC=edu) we encountered the following error retrieving the cross-ref's (CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=somato,DC =mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... Schema failed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation For the partition (CN=Configuration,DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=so mato,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... Configuration failed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : somato Starting test: CrossRefValidation For the partition (DC=somato,DC=mb,DC=jhu,DC=edu) we encountered the following error retrieving the cross-ref's (CN=SOMATO,CN=Partitions,CN=Configuration,DC=somat o,DC=mb,DC=jhu,DC=edu) information: LDAP Error 0x60 (96). ......................... somato failed test CrossRefValidation Starting test: CheckSDRefDom ......................... somato passed test CheckSDRefDom Running enterprise tests on : somato.mb.jhu.edu Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... somato.mb.jhu.edu passed test Intersite Starting test: FsmoCheck GC Name: \\somsrv3.somato.mb.jhu.edu Locator Flags: 0xe00003fd PDC Name: \\somsrv3.somato.mb.jhu.edu Locator Flags: 0xe00003fd Time Server Name: \\somsrv4.somato.mb.jhu.edu Locator Flags: 0xe00001f8 Preferred Time Server Name: \\somsrv3.somato.mb.jhu.edu Locator Flags: 0xe00003fd KDC Name: \\somsrv4.somato.mb.jhu.edu Locator Flags: 0xe00001f8 ......................... somato.mb.jhu.edu passed test FsmoCheck Starting test: DNS Test results for domain controllers: DC: somsrv4.somato.mb.jhu.edu Domain: somato.mb.jhu.edu TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DC is not a DNS server Network adapters information: Adapter [00000001] Intel(R) PRO/1000 MT Dual Port Network Connection: MAC address is 00:09:6B:F1:F5:82 IP address: 172.30.4.14 DNS servers: 172.30.4.3 (<name unavailable>) [Valid] Warning: 128.220.2.7 (<name unavailable>) [Invalid] Adapter [00000002] Intel(R) PRO/1000 MT Dual Port Network Connection: MAC address is 00:09:6B:F1:F5:83 IP address: 172.30.4.4 DNS servers: 172.30.4.3 (<name unavailable>) [Valid] 172.30.1.150 (<name unavailable>) [Valid] Error: The A record for this DC was not found [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.) - somato.mb.jhu.edu] The SOA record for the Active Directory zone was not found TEST: Records registration (RReg) Network Adapter [00000001] Intel(R) PRO/1000 MT Dual Port Network Connection: Matching A record found at DNS server 172.30.4.3: somsrv4.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.4.3: bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.4.3: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu Network Adapter [00000002] Intel(R) PRO/1000 MT Dual Port Network Connection: Matching A record found at DNS server 172.30.4.3: somsrv4.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.4.3: bff9a1bd-57d3-4a2d-a46d-c5bdea7a9915._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.4.3: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu DC: somsrv3.somato.mb.jhu.edu Domain: somato.mb.jhu.edu TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000001] Intel(R) PRO/1000 MT Dual Port Network Connection: MAC address is 00:09:6B:F1:72:E0 IP address is static IP address: 172.30.4.3 DNS servers: 172.30.4.3 (<name unavailable>) [Valid] 172.30.1.150 (<name unavailable>) [Valid] Adapter [00000002] Intel(R) PRO/1000 MT Dual Port Network Connection: MAC address is 00:09:6B:F1:72:E1 IP address is static IP address: 172.30.4.13 DNS servers: 172.30.4.3 (<name unavailable>) [Valid] 172.30.1.150 (<name unavailable>) [Valid] The A record for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found (primary) Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 128.220.2.7 (<name unavailable>) [Invalid] 172.30.1.150 (<name unavailable>) [Valid] TEST: Delegations (Del) No delegations were found in this zone on this DNS server TEST: Dynamic update (Dyn) Warning: Dynamic update is enabled on the zone but not secure somato.mb.jhu.edu. Test record _dcdiag_test_record added successfully in zone somato.mb.jhu.edu. Test record _dcdiag_test_record deleted successfully in zone somato.mb.jhu.edu. TEST: Records registration (RReg) Network Adapter [00000001] Intel(R) PRO/1000 MT Dual Port Network Connection: Matching A record found at DNS server 172.30.4.3: somsrv3.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.4.3: 6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.4.3: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu Matching GC SRV record found at DNS server 172.30.4.3: _ldap._tcp.gc._msdcs.somato.mb.jhu.edu Matching PDC SRV record found at DNS server 172.30.4.3: _ldap._tcp.pdc._msdcs.somato.mb.jhu.edu Matching A record found at DNS server 172.30.1.150: somsrv3.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.1.150: 6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.1.150: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu Matching GC SRV record found at DNS server 172.30.1.150: _ldap._tcp.gc._msdcs.somato.mb.jhu.edu Matching PDC SRV record found at DNS server 172.30.1.150: _ldap._tcp.pdc._msdcs.somato.mb.jhu.edu Network Adapter [00000002] Intel(R) PRO/1000 MT Dual Port Network Connection: Matching A record found at DNS server 172.30.4.3: somsrv3.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.4.3: 6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.4.3: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu Matching GC SRV record found at DNS server 172.30.4.3: _ldap._tcp.gc._msdcs.somato.mb.jhu.edu Matching PDC SRV record found at DNS server 172.30.4.3: _ldap._tcp.pdc._msdcs.somato.mb.jhu.edu Matching A record found at DNS server 172.30.1.150: somsrv3.somato.mb.jhu.edu Matching CNAME record found at DNS server 172.30.1.150: 6198d96a-7623-4d8f-a1f4-70ec31dc0794._msdcs.somato.mb.jhu.edu Matching DC SRV record found at DNS server 172.30.1.150: _ldap._tcp.dc._msdcs.somato.mb.jhu.edu Matching GC SRV record found at DNS server 172.30.1.150: _ldap._tcp.gc._msdcs.somato.mb.jhu.edu Matching PDC SRV record found at DNS server 172.30.1.150: _ldap._tcp.pdc._msdcs.somato.mb.jhu.edu Summary of test results for DNS servers used by the above domain controllers: DNS server: 128.220.2.7 (<name unavailable>) 2 test failures on this DNS server This is a valid DNS server Name resolution is not functional. _ldap._tcp.somato.mb.jhu.edu. failed on the DNS server 128.220.2.7 [Error details: 9003 (Type: Win32 - Description: DNS name does not exist.)] DNS server: 172.30.1.150 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered DNS server: 172.30.4.3 (<name unavailable>) All tests passed on this DNS server This is a valid DNS server Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext __________________________________________________ ______________ Domain: somato.mb.jhu.edu somsrv4 PASS FAIL n/a n/a n/a PASS n/a somsrv3 PASS PASS PASS PASS WARN PASS n/a ......................... somato.mb.jhu.edu failed test DNS ================================================== ========================== |
|
|
|
11/04/2008, 17h34
|
#6 |
|
Messages: n/a
Hébergeur: |
Re: adding 64-bit R2 DC to existing domain
"JK" <jk@jhu.edu> wrote in message news:eeVFeL9mIHA.484@TK2MSFTNGP06.phx.gbl... > kj [MVP SBS] wrote: > >> Snipping out the details, So, it looks like you once had a domain controller "edu" that had the schema master and the PDC FSMO roles. AD is not able to locate this DC anymore. It may have been 'unplugged' from the domain without being demoted, a failed rename, or a catastrophic failure. AD metadata cleanup of the this needs to be performed to resolve your issues. First perform a full and verified backup of all domain controllers, including 'system states', all business data, email, etc. Then either contact Microsoft Support, or proceed as follows if your comfortable with these diretions; Install the support tools on both domain controllers. type and record the output from netdom query fsmo Seize the missing fsmo roles (Schema master, PDCe) to one of the remainin DC's (later you can decide which is best). http://support.microsoft.com/kb/255504/en-us Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller allow replication to complete and verify that both DC's agree to the FSMO role holders and that all roles are accounted for by active domain controllers; (netdom query fsmo) Then cleanup from the orphaned DC *very carefully* following the direction in this document; How to remove data in Active Directory after an unsuccessful domain controller demotion http://support.microsoft.com/kb/216498/en-us > Starting test: KnowsOfRoleHolders > Role Schema Owner = CN=NTDS > Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, > DC=edu > Warning: CN=NTDS > Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, > DC=edu is the Schema Owner, but is deleted. > Role Domain Owner = CN=NTDS > Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, > DC=edu > Warning: CN=NTDS > Settings\0ADEL:d8a01af1-a80f-4860-b520-2c7130d33b38,CN=SOMSRV4,CN=Servers, > CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=somato,DC=mb,DC= jhu, > DC=edu is the Domain Owner, but is deleted. > Role PDC Owner = CN=NTDS > we encountered the following error retrieving the cross-ref's > > replication coalesces. Please ensure that replication is working > > from the Domain Naming FSMO to this DC, and retry this test to see > if > > errors continue. > Can't determine the age of the cross-ref > |
|
|
|
21/10/2008, 20h58
|
#7 |
|
Messages: n/a
Hébergeur: |
Introducing a 64bit DC into a 32bit Windows 2003 ADenvironment
So what are the concerns / steps to bringing up a 64bit DC into a 32bit 2003 environment? The endstate is to replace all existing 32bit DCs with 64bit machines.
Thanks, JON |
|
|
|
21/10/2008, 23h51
|
#8 |
|
Messages: n/a
Hébergeur: |
Re: Introducing a 64bit DC into a 32bit Windows 2003 ADenvironment
Hello Jon,
No concerns, it works. Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > So what are the concerns / steps to bringing up a 64bit DC into a > 32bit 2003 environment? The endstate is to replace all existing 32bit > DCs with 64bit machines. > > Thanks, > JON |
|
|
|
07/11/2008, 14h59
|
#9 |
|
Messages: n/a
Hébergeur: |
Re: Introducing a 64bit DC into a 32bit Windows 2003 ADenvironment
Hello Jon,
According to your email (at the end), a bit more detailed about the schema upgrade. You can either install a hotfix to use the 64bit adprep: http://support.microsoft.com/kb/919151/en-us or download the 32bit trial version and do it form that one: http://technet.microsoft.com/en-us/w.../bb430831.aspx What so you mean with "will it assume any roles or take on new authentication immediately"? FSMO roles are not automatically moved, you have to do it by hand. Authentication requests from clients it will answer when it has fully replicated the AD database. Make sure it is also DNS/GC server and the clients are configured on the NIC to use it as DNS server. >Meinolf, >Short and sweet  > >So all I do is run dcpromo on the 64bit machine and select to join existing domain? >I have seen some articles out there talking about having to run adprep and run the 32bit version form R2 CD2 etc. >None of this matters? >Also, what happens after I bring it online, will it assume any roles or take on new authentication immediately? >I want to make sure that all is well before transferring FSMO roles etc. > >Thanks, >JON Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. ** Please do NOT email, only reply to Newsgroups ** us YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm > So what are the concerns / steps to bringing up a 64bit DC into a > 32bit 2003 environment? The endstate is to replace all existing 32bit > DCs with 64bit machines. > > Thanks, > JON |
|
|
|
| Outils de la discussion | |
|
|
