[QUOTE]
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local machine dc3, is a DC.
* Connecting to directory service on server dc3.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: CH0\dc3
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... dc3 passed test Connectivity
Doing primary tests
Testing server: CH0\dc3
Starting test: Replications
* Replications Check
* Replication Latency Check
CN=Schema,CN=Configuration,DC=mydomain,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=mydomain,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=mydomain,DC=local
Latency information for 7 entries in the vector were ignored.
7 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... dc3 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... dc3 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=mydomain,DC=local.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... dc3 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC dc3.
* Security Permissions Check for
DC=ForestDnsZones,DC=mydomain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mydomain,DC=local
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydomain,DC=local
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mydomain,DC=local
(Configuration,Version 2)
* Security Permissions Check for
DC=mydomain,DC=local
(Domain,Version 2)
......................... dc3 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\dc3\netlogon
Verified share \\dc3\sysvol
......................... dc3 passed test NetLogons
Starting test: Advertising
The DC dc3 is advertising itself as a DC and having a DS.
The DC dc3 is advertising as an LDAP server
The DC dc3 is advertising as having a writeable directory
The DC dc3 is advertising as a Key Distribution Center
The DC dc3 is advertising as a time server
The DS dc3 is advertising as a GC.
......................... dc3 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DCCH0004,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Domain Owner = CN=NTDS Settings,CN=DCCH0004,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role PDC Owner = CN=NTDS Settings,CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Rid Owner = CN=NTDS Settings,CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local
......................... dc3 passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 8365 to 1073741823
* dc3.mydomain.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 7365 to 7864
* rIDPreviousAllocationPool is 7365 to 7864
* rIDNextRID: 7463
......................... dc3 passed test RidManager
Starting test: MachineAccount
Checking machine account for DC dc3 on DC dc3.
* SPN found :LDAP/dc3.mydomain.local/mydomain.local
* SPN found :LDAP/dc3.mydomain.local
* SPN found :LDAP/dc3
* SPN found :LDAP/dc3.mydomain.local/mydomainCH001
* SPN found :LDAP/52a6b77c-903a-4e3b-91e6-c29cb16955b2._msdcs.mydomain.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/52a6b77c-903a-4e3b-91e6-c29cb16955b2/mydomain.local
* SPN found :HOST/dc3.mydomain.local/mydomain.local
* SPN found :HOST/dc3.mydomain.local
* SPN found :HOST/dc3
* SPN found :HOST/dc3.mydomain.local/mydomainCH001
* SPN found :GC/dc3.mydomain.local/mydomain.local
......................... dc3 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... dc3 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... dc3 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
dc3 is in domain DC=mydomain,DC=local
Checking for CN=dc3,OU=Domain Controllers,DC=mydomain,DC=local in domain DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local in domain CN=Configuration,DC=mydomain,DC=local on 1 servers
Object is up-to-date on all servers.
......................... dc3 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... dc3 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... dc3 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... dc3 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/17/2007 14:04:41
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0002719
Time Generated: 12/17/2007 14:05:23
(Event String could not be retrieved)
......................... dc3 failed test systemlog
Starting test: VerifyReplicas
......................... dc3 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference) CN=dc3,OU=Domain Controllers,DC=mydomain,DC=local and backlink on CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local are correct.
The system object reference (frsComputerReferenceBL) CN=dc3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=local and backlink on CN=dc3,OU=Domain Controllers,DC=mydomain,DC=local are correct.
The system object reference (serverReferenceBL) CN=dc3,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=mydomain,DC=local and backlink on CN=NTDS Settings,CN=dc3,CN=Servers,CN=CH0,CN=Sites,CN=Configuration,DC=mydomain,DC=local are correct.
......................... dc3 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... dc3 passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
Found KDC dc3 for domain mydomain.local in site CH0
Checking machine account for DC dc3 on DC dc3.
* SPN found :LDAP/dc3.mydomain.local/mydomain.local
* SPN found :LDAP/dc3.mydomain.local
* SPN found :LDAP/dc3
* SPN found :LDAP/dc3.mydomain.local/mydomainCH001
* SPN found :LDAP/52a6b77c-903a-4e3b-91e6-c29cb16955b2._msdcs.mydomain.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/52a6b77c-903a-4e3b-91e6-c29cb16955b2/mydomain.local
* SPN found :HOST/dc3.mydomain.local/mydomain.local
* SPN found :HOST/dc3.mydomain.local
* SPN found :HOST/dc3
* SPN found :HOST/dc3.mydomain.local/mydomainCH001
* SPN found :GC/dc3.mydomain.local/mydomain.local
[dc3] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:<DC>.
......................... dc3 passed test CheckSecurityError
DNS Tests are running and not hung. Please wait a few minutes...
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydomain
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Running enterprise tests on : mydomain.local
Starting test: Intersite
Skipping site CH0, this site is outside the scope provided by the command line arguments provided.
......................... mydomain.local passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc3.mydomain.local
Locator Flags: 0xe00003fd
PDC Name: \\dc3.mydomain.local
Locator Flags: 0xe00003fd
Time Server Name: \\dc3.mydomain.local
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\dc3.mydomain.local
Locator Flags: 0xe00003fd
KDC Name: \\dc3.mydomain.local
Locator Flags: 0xe00003fd
......................... mydomain.local passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: dc3.mydomain.local
Domain: mydomain.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Standard Edition (Service Pack level: 2.0) is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000001] VMware Accelerated AMD PCNet Adapter:
MAC address is 00:50:56:81:58:1D
IP address is static
IP address: 10.128.2.3
DNS servers:
10.128.2.4 (<name unavailable>) [Valid]
10.128.2.3 (<name unavailable>) [Valid]
The A record for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found (primary)
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
217.8.192.51 (<name unavailable>) [Valid]
217.8.192.52 (<name unavailable>) [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Warning: Dynamic update is enabled on the zone but not secure mydomain.local.
Test record _dcdiag_test_record added successfully in zone mydomain.local.
Test record _dcdiag_test_record deleted successfully in zone mydomain.local.
TEST: Records registration (RReg)
Network Adapter [00000001] VMware Accelerated AMD PCNet Adapter:
Matching A record found at DNS server 10.128.2.4:
dc3.mydomain.local
Matching CNAME record found at DNS server 10.128.2.4:
52a6b77c-903a-4e3b-91e6-c29cb16955b2._msdcs.mydomain.local
Matching DC SRV record found at DNS server 10.128.2.4:
_ldap._tcp.dc._msdcs.mydomain.local
Matching GC SRV record found at DNS server 10.128.2.4:
_ldap._tcp.gc._msdcs.mydomain.local
Matching PDC SRV record found at DNS server 10.128.2.4:
_ldap._tcp.pdc._msdcs.mydomain.local
Matching A record found at DNS server 10.128.2.3:
dc3.mydomain.local
Matching CNAME record found at DNS server 10.128.2.3:
52a6b77c-903a-4e3b-91e6-c29cb16955b2._msdcs.mydomain.local
Matching DC SRV record found at DNS server 10.128.2.3:
_ldap._tcp.dc._msdcs.mydomain.local
Matching GC SRV record found at DNS server 10.128.2.3:
_ldap._tcp.gc._msdcs.mydomain.local
Matching PDC SRV record found at DNS server 10.128.2.3:
_ldap._tcp.pdc._msdcs.mydomain.local
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 10.128.2.3 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 10.128.2.4 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Name resolution is funtional. _ldap._tcp SRV record for the forest root domain is registered
DNS server: 217.8.192.51 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
DNS server: 217.8.192.52 (<name unavailable>)
All tests passed on this DNS server
This is a valid DNS server.
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: mydomain.local
dc3 PASS PASS PASS PASS WARN PASS n/a
......................... mydomain.local passed test DNS
[/QUOTE]