Announcement

Collapse
No announcement yet.

Dcdiag /test:Checksecurityerror is failed

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Dcdiag /test:Checksecurityerror is failed

    Hi All,

    I have a 2003 DC and an ADC and facing some issues with replication.

    when I run DCDIAG /test:Checksecurityerror, the application is getting failed by logging event id 1000.

    Description:
    Faulting application dcdiag.exe, version 5.2.3790.1830, faulting module msvcrt.dll, version 7.0.3790.2825, fault address 0x000376b4.
    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

    The same command is working fine on ADC and the result is here:

    Domain Controller Diagnosis
    Performing initial setup:
    Done gathering initial info.
    Doing initial required tests
    Testing server: Default-First-Site-Name\ERIC-ADC1
    Starting test: Connectivity
    ......................... ERIC-ADC1 passed test Connectivity
    Doing primary tests
    Testing server: Default-First-Site-Name\ERIC-ADC1
    Starting test: CheckSecurityError
    * Missing SPN :LDAP/ERIC-ADC1.ERICDOM/ERICDOM
    * Missing SPN :LDAP/ERIC-ADC1.ERICDOM
    * Missing SPN :LDAP/ERIC-ADC1
    * Missing SPN :LDAP/ERIC-ADC1.ERICDOM/ERICDOM
    * Missing SPN :LDAP/d11d040b-b7f0-457f-bcee-8d091157c8a7._msdcs.ERICDOM
    * Missing SPN :HOST/ERIC-ADC1.ERICDOM/ERICDOM
    * Missing SPN :HOST/ERIC-ADC1.ERICDOM/ERICDOM
    * Missing SPN :GC/ERIC-ADC1.ERICDOM/ERICDOM
    Unable to verify the machine account (CN=ERIC-ADC1,OU=Domain Controller
    s,DC=ERICDOM) for ERIC-ADC1 on ERIC-PDC.
    [ERIC-ADC1] No security related replication errors were found on this D
    C! To target the connection to a specific source DC use /ReplSource:<DC>.
    ......................... ERIC-ADC1 passed test CheckSecurityError
    Running partition tests on : Schema
    Running partition tests on : Configuration
    Running partition tests on : ERICDOM
    Running enterprise tests on : ERICDOM

    When I run dcdiag /test:CheckSecurityError /s:ERIC-PDC (it is my Primary DC) command on ADC, The same event id 1000 is logged with 4097 id.

    As I have issues with replication from DC to ADC, I want to troubleshoot it. I request you to help.

    I think it is not the problem either with dcdiag.exe or with
    msvcrt.dll, because I am able to execute dcdiag with other parameters successfully except /test:Checksecurityerror.

    I feel some security related stuff in DC is stopping to replicate with ADC.

    When I checked repadmin /showrepl on ADC, I am getting successful information like below

    repadmin running command /showrepl against server localhost
    Default-First-Site-Name\ERIC-ADC1
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: d11d040b-b7f0-457f-bcee-8d091157c8a7
    DC invocationID: a2693b56-6caf-4124-951d-ec73a7b8efaf
    ==== INBOUND NEIGHBORS ======================================
    DC=ERICDOM
    Default-First-Site-Name\ERIC-PDC via RPC
    DC object GUID: d74afdf7-4971-4995-a20e-ce3973c22c91
    Last attempt @ 2009-02-05 12:44:52 was successful.
    Default-First-Site-Name\ERIC-DC via RPC
    DC object GUID: b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
    Last attempt @ 2009-02-05 12:45:22 was successful.
    CN=Configuration,DC=ERICDOM
    Default-First-Site-Name\ERIC-PDC via RPC
    DC object GUID: d74afdf7-4971-4995-a20e-ce3973c22c91
    Last attempt @ 2009-02-05 12:44:52 was successful.
    Default-First-Site-Name\ERIC-DC via RPC
    DC object GUID: b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
    Last attempt @ 2009-02-05 12:44:52 was successful.
    CN=Schema,CN=Configuration,DC=ERICDOM
    Default-First-Site-Name\ERIC-DC via RPC
    DC object GUID: b3dfc45c-71ce-4fae-9c3c-cbda9a6e572d
    Last attempt @ 2009-02-05 12:44:52 was successful.
    Default-First-Site-Name\ERIC-PDC via RPC
    DC object GUID: d74afdf7-4971-4995-a20e-ce3973c22c91
    Last attempt @ 2009-02-05 12:44:52 was successful.

    When I run the same command on DC (eric-pdc), I am getting the below result.

    repadmin running command /showrepl against server localhost
    Default-First-Site-Name\ERIC-PDC
    DC Options: IS_GC
    Site Options: (none)
    DC object GUID: d74afdf7-4971-4995-a20e-ce3973c22c91
    DC invocationID: 17c9d65c-64c6-48cf-bf1b-0594ea5292db

    Source: Default-First-Site-Name\ERIC-ADC1
    ******* 92 CONSECUTIVE FAILURES since 2009-02-04 14:07:04
    Last error: 5 (0x5):
    Access is denied.
    Naming Context: CN=Configuration,DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-ADC1
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
    Naming Context: DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-ADC1
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
    Naming Context: CN=Schema,CN=Configuration,DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-ADC1
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
    Source: Default-First-Site-Name\ERIC-DC
    ******* 92 CONSECUTIVE FAILURES since 2009-02-04 14:07:04
    Last error: 5 (0x5):
    Access is denied.
    Naming Context: CN=Configuration,DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-DC
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
    Naming Context: DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-DC
    ******* WARNING: KCC could not add this REPLICA LINK due to error.
    Naming Context: CN=Schema,CN=Configuration,DC=ERICDOM
    Source: Default-First-Site-Name\ERIC-DC
    ******* WARNING: KCC could not add this REPLICA LINK due to error.

    Please ask me if you need more information..

    Thanks in advance and apprecite your help and time..

    Thanks,
    Raju P



Working...
X