Announcement

Collapse
No announcement yet.

DCdiag : Only FsmoCheck failed, other test fine but Client and Joint Domain and logon

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DCdiag : Only FsmoCheck failed, other test fine but Client and Joint Domain and logon

    Please help me.

    I have only one server [Win2000 Server(ActiveDirectory) + Exchange 2000 STD]
    Frist,I was try to Add new Win2k3 by do step in microsoft website.
    By use the ADSI Edit by Scenario 2 in this link

    http://support.microsoft.com/default...b;en-us;314649

    Do next step by following link

    http://support.microsoft.com/?id=325379

    Then run adprep /forestprep and adprep /domainprep , pass
    Then I try to DCPrmo in W2k3 but failed. It didn't see domain

    After all, Every computer in domain can't log-on to domain anymore.

    I test my DC Win2K by this,

    dcdiag /e /c /v /s:mail.mydomain.com /u:mydomain\myuser /p:mypassword /f:c:\dcdiag.log

    ---------------------------------------------------------------------------
    DC Diagnosis

    Performing initial setup:
    * Connecting to directory service on server mail.mydomain.com.
    * Collecting site info.
    * Identifying all servers.
    * Found 1 DC(s). Testing 1 of them.
    Done gathering initial info.

    Doing initial non skippeable tests

    Testing server: Default-First-Site-Name\MAIL
    Starting test: Connectivity
    * Active Directory LDAP Services Check
    * Active Directory RPC Services Check
    ......................... MAIL passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\MAIL
    Starting test: Replications
    * Replications Check
    ......................... MAIL passed test Replications
    Starting test: Topology
    * Configuration Topology Integrity Check
    * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for CN=Configuration,DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the connection topology for DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    ......................... MAIL passed test Topology
    Starting test: CutoffServers
    * Configuration Topology Aliveness Check
    * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for CN=Configuration,DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    * Analyzing the alive system replication topology for DC=mydomain,DC=org.
    * Performing upstream (of target) analysis.
    * Performing downstream (of target) analysis.
    ......................... MAIL passed test CutoffServers
    Starting test: NCSecDesc
    * Security Permissions Check for
    CN=Schema,CN=Configuration,DC=mydomain,DC=org
    * Security Permissions Check for
    CN=Configuration,DC=mydomain,DC=org
    * Security Permissions Check for
    DC=mydomain,DC=org
    ......................... MAIL passed test NCSecDesc
    Starting test: NetLogons
    * Network Logons Privileges Check
    ......................... MAIL passed test NetLogons
    Starting test: Advertising
    The DC MAIL is advertising itself as a DC and having a DS.
    The DC MAIL is advertising as an LDAP server
    The DC MAIL is advertising as having a writeable directory
    The DC MAIL is advertising as a Key Distribution Center
    The DC MAIL is advertising as a time server
    The DS MAIL is advertising as a GC.
    ......................... MAIL passed test Advertising
    Starting test: KnowsOfRoleHolders
    Role Schema Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Role Domain Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Role PDC Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Role Rid Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    Role Infrastructure Update Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org
    ......................... MAIL passed test KnowsOfRoleHolders
    Starting test: RidManager
    * Available RID Pool for the Domain is 1603 to 1073741823
    * mail.mydomain.com is the RID Master
    * DsBind with RID Master was successful
    * rIDAllocationPool is 1103 to 1602
    * rIDNextRID: 1349
    * rIDPreviousAllocationPool is 1103 to 1602
    ......................... MAIL passed test RidManager
    Starting test: MachineAccount
    * SPN found :LDAP/mail.mydomain.com/mydomain.com
    * SPN found :LDAP/mail.mydomain.com
    * SPN found :LDAP/MAIL
    * SPN found :LDAP/mail.mydomain.com/MYDOMAIN
    * SPN found :LDAP/3050cea6-24ec-4aac-9218-a4942903083c._msdcs.mydomain.com
    * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/3050cea6-24ec-4aac-9218-a4942903083c/mydomain.com
    * SPN found :HOST/mail.mydomain.com/mydomain.com
    * SPN found :HOST/mail.mydomain.com
    * SPN found :HOST/MAIL
    * SPN found :HOST/mail.mydomain.com/MYDOMAIN
    * SPN found :GC/mail.mydomain.com/mydomain.com
    ......................... MAIL passed test MachineAccount
    Starting test: Services
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    * Checking Service: IsmServ
    * Checking Service: kdc
    * Checking Service: SamSs
    * Checking Service: LanmanServer
    * Checking Service: LanmanWorkstation
    * Checking Service: RpcSs
    * Checking Service: RPCLOCATOR
    * Checking Service: w32time
    * Checking Service: TrkWks
    * Checking Service: TrkSvr
    * Checking Service: NETLOGON
    * Checking Service: Dnscache
    * Checking Service: NtFrs
    ......................... MAIL passed test Services
    Starting test: OutboundSecureChannels
    * The Outbound Secure Channels test
    ** Did not run Outbound Secure Channels test
    because /testdomain: was not entered
    ......................... MAIL passed test OutboundSecureChannels
    Starting test: ObjectsReplicated
    MAIL is in domain DC=mydomain,DC=org
    Checking for CN=MAIL,OU=Domain Controllers,DC=mydomain,DC=org in domain DC=mydomain,DC=org on 1 servers
    Object is up-to-date on all servers.
    Checking for CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=mydomain,DC=org in domain CN=Configuration,DC=mydomain,DC=org on 1 servers
    Object is up-to-date on all servers.
    ......................... MAIL passed test ObjectsReplicated
    Starting test: frssysvol
    * The File Replication Service Event log test
    The SYSVOL has been shared, and the AD is no longer
    prevented from starting by the File Replication Service.
    ......................... MAIL passed test frssysvol
    Starting test: kccevent
    * The KCC Event log test
    Found no KCC errors in Directory Service Event log in the last 15 minutes.
    ......................... MAIL passed test kccevent
    Starting test: systemlog
    * The System Event log test
    An Error Event occured. EventID: 0xC0009007
    Time Generated: 03/25/2008 22:34:07
    Event String: A fatal error occurred while creating an SSL
    server credential.
    An Error Event occured. EventID: 0xC0009007
    Time Generated: 03/25/2008 22:34:07
    Event String: A fatal error occurred while creating an SSL
    server credential.
    ......................... MAIL failed test systemlog

    Running enterprise tests on : mydomain.com
    Starting test: Intersite
    Skipping site Default-First-Site-Name, this site is outside the scope
    provided by the command line arguments provided.
    ......................... mydomain.com passed test Intersite
    Starting test: FsmoCheck
    GC Name: \\mail.mydomain.com
    Locator Flags: 0xe00001fd
    Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
    A Primary Domain Controller could not be located.
    The server holding the PDC role is down.
    Time Server Name: \\mail.mydomain.com
    Locator Flags: 0xe00001fd
    Preferred Time Server Name: \\mail.mydomain.com
    Locator Flags: 0xe00001fd
    KDC Name: \\mail.mydomain.com
    Locator Flags: 0xe00001fd
    ......................... mydomain.com failed test FsmoCheck

    --> Warning: DcGetDcName(PDC_REQUIRED) I dont' know how to do next?
    To fix this error, for now every one can't log-on
    Last edited by ojung; 25th March 2008, 17:34. Reason: Wrong typo

  • #2
    Another Test

    C:\Documents and Settings\Administrator>netdiag /fix

    ...................................

    Computer Name: MAIL
    DNS Host Name: mail.mydomain.com
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 7, GenuineIntel
    List of installed hotfixes :
    KB329115
    KB822343
    KB823182
    KB823559
    KB823980
    KB824105
    KB824141
    KB824146
    KB824151
    KB825119
    KB826232
    KB828028
    KB828035
    KB828741
    KB828749
    KB832353
    KB832359
    KB835732
    KB837001
    KB839643
    KB839645
    KB840315
    KB840987
    KB841356
    KB841533
    KB841872
    KB841873
    KB842526
    KB842773
    KB867282-IE6SP1-20050127.163319
    KB871250
    KB873333
    KB873339
    KB883935
    KB883939-IE6SP1-20050428.125228
    KB885834
    KB885835
    KB885836
    KB888113
    KB889293-IE6SP1-20041111.235619
    KB890046
    KB890175
    KB890859
    KB890923-IE6SP1-20050225.103456
    KB891711
    KB891781
    KB893066
    KB893086
    KB893803v2
    KB894320
    KB896358
    KB896422
    KB897715-OE6SP1-20050503.210336
    KB901214
    KB908531
    KB911564
    KB911567-OE6SP1-20060316.165634
    KB912812-IE6SP1-20060322.182418
    KB913580
    KB917008
    KB917422
    KB918899-IE6SP1-20060725.123917
    KB920670
    KB920683
    KB920958
    KB921398
    KB921883
    KB922616
    Q147222
    Q329115
    Q816093
    Q828026
    Update Rollup 1


    Netcard queries test . . . . . . . : Passed



    Per interface results:

    Adapter : Local Area Connection

    Netcard queries test . . . : Passed

    Host Name. . . . . . . . . : mail.mydomain.com
    IP Address . . . . . . . . : 192.168.1.1
    Subnet Mask. . . . . . . . : 255.255.255.0
    Default Gateway. . . . . . : 192.168.1.111
    Dns Servers. . . . . . . . : 192.168.1.1


    AutoConfiguration results. . . . . . : Passed

    Default gateway test . . . : Passed

    NetBT name test. . . . . . : Passed
    [WARNING] At least one of the <00> 'WorkStation Service', <03> 'Messenge
    r Service', <20> 'WINS' names is missing.
    No remote names have been found.

    WINS service test. . . . . : Skipped
    There are no WINS servers configured for this interface.


    Global results:


    Domain membership test . . . . . . : Passed


    NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
    NetBT_Tcpip_{C5993A76-D8E1-4F67-B889-3DD327095876}
    1 NetBt transport currently configured.


    Autonet address test . . . . . . . : Passed


    IP loopback ping test. . . . . . . : Passed


    Default gateway test . . . . . . . : Passed


    NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
    ce', <03> 'Messenger Service', <20> 'WINS' names defined.


    Winsock test . . . . . . . . . . . : Passed


    DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.1.1'
    .


    Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
    NetBT_Tcpip_{C5993A76-D8E1-4F67-B889-3DD327095876}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
    NetBT_Tcpip_{C5993A76-D8E1-4F67-B889-3DD327095876}
    The browser is bound to 1 NetBt transport.


    DC discovery test. . . . . . . . . : Failed
    [FATAL] Cannot find DC in domain 'MYDOMAIN'. [ERROR_NO_SUCH_DOMAIN]


    DC list test . . . . . . . . . . . : Failed
    'MYDOMAIN': Cannot find DC to get DC list from [test skipped].


    Trust relationship test. . . . . . : Skipped


    Kerberos test. . . . . . . . . . . : Skipped
    'MYDOMAIN': Cannot find DC to get DC list from [test skipped].


    LDAP test. . . . . . . . . . . . . : Failed
    Cannot find DC to run LDAP tests on. The error occurred was: The specified d
    omain either does not exist or could not be contacted.



    Bindings test. . . . . . . . . . . : Passed


    WAN configuration test . . . . . . : Skipped
    No active remote access connections.


    Modem diagnostics test . . . . . . : Passed

    IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


    The command completed successfully



    ---> Every thing look fine but only "DOMAIN"

    Thank you in advance for any help.

    Comment


    • #3
      Re: DCdiag : Only FsmoCheck failed, other test fine but Client and Joint Domain and l

      Check if the net logon service is running on the Domain Controller.

      Try the following sequence of steps:

      1. Stop netlogon service.

      2. Run ipconfig / flushdns

      3. Run ipconfig /registerdns

      4. Start the netlogon service.

      5. Confirm in dns if the SRV records are regsitered for the DC.

      This probably aint the best time to say this but......Exchange and DC on the same server.....Very Bad practice!!!


      MurTuzA
      The Never Ending Loop of User Rights
      START
      Q. Why is Windows so insecure?
      A. Because everyone runs as Administrator.
      Q. Why does everyone run as Administrator (even when they know better)?
      A. Because they don't understand security and are afraid they will be prevented from doing things.
      Q. Why don't they understand security?
      A. Because they run as Administrator, bypassing all security.
      LOOP TO START

      Comment

      Working...
      X