Announcement

Collapse
No announcement yet.

Error: DCDIAG in new domain controller in new forest showing Errors.

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error: DCDIAG in new domain controller in new forest showing Errors.

    Hi,

    Yesterday I created a new forest for my new office. After created new Domain (currently only 1 domain controller only running) i ran DCDIAG command to verify simply. Suddenly some of errors are populated as below.. Some of the error were rectified by enabling reverse zone.. When today i came to office and checked DCDIAG i only see 2 Event in DCDIAG output.. I here attaches my DCDIAG out please help with this.. I couldnt understand why there were many errors as I deployed AD in fresh installed server and once one connected client member server.

    Today i facing 2 issues..

    1) Starting test: DFSREvent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems.
    ......................... PDC failed test DFSREvent

    2) Starting test: SystemLog
    A warning event occurred. EventID: 0x00001796
    Time Generated: 10/30/2015 09:45:26
    Event String:
    Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
    ......................... PDC passed test SystemLog

    Please help me guys..


    DCDIAG ATTACHMENT couldnt because of some error.. So i am pasting here...



    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = pdc
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\PDC
    Starting test: Connectivity
    ......................... PDC passed test Connectivity

    Doing primary tests
    Testing server: Default-First-Site-Name\PDC
    Starting test: Advertising
    ......................... PDC passed test Advertising
    Starting test: FrsEvent
    ......................... PDC passed test FrsEvent
    Starting test: DFSREvent
    There are warning or error events within the last 24 hours after the
    SYSVOL has been shared. Failing SYSVOL replication problems may cause
    Group Policy problems.
    ......................... PDC failed test DFSREvent
    Starting test: SysVolCheck
    ......................... PDC passed test SysVolCheck
    Starting test: KccEvent
    ......................... PDC passed test KccEvent
    Starting test: KnowsOfRoleHolders
    ......................... PDC passed test KnowsOfRoleHolders
    Starting test: MachineAccount
    ......................... PDC passed test MachineAccount
    Starting test: NCSecDesc
    ......................... PDC passed test NCSecDesc
    Starting test: NetLogons
    ......................... PDC passed test NetLogons
    Starting test: ObjectsReplicated
    ......................... PDC passed test ObjectsReplicated
    Starting test: Replications
    ......................... PDC passed test Replications
    Starting test: RidManager
    ......................... PDC passed test RidManager
    Starting test: Services
    ......................... PDC passed test Services
    Starting test: SystemLog
    A warning event occurred. EventID: 0x00001796
    Time Generated: 10/30/2015 09:45:26
    Event String:
    Microsoft Windows Server has detected that NTLM authentication is presently being used between clients and this server. This event occurs once per boot of the server on the first time a client uses NTLM with this server.
    ......................... PDC passed test SystemLog
    Starting test: VerifyReferences
    ......................... PDC passed test VerifyReferences


    Running partition tests on : ForestDnsZones
    Starting test: CheckSDRefDom
    ......................... ForestDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... ForestDnsZones passed test
    CrossRefValidation

    Running partition tests on : DomainDnsZones
    Starting test: CheckSDRefDom
    ......................... DomainDnsZones passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... DomainDnsZones passed test
    CrossRefValidation

    Running partition tests on : Schema
    Starting test: CheckSDRefDom
    ......................... Schema passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Schema passed test CrossRefValidation

    Running partition tests on : Configuration
    Starting test: CheckSDRefDom
    ......................... Configuration passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... Configuration passed test CrossRefValidation

    Running partition tests on : hgpt
    Starting test: CheckSDRefDom
    ......................... hgpt passed test CheckSDRefDom
    Starting test: CrossRefValidation
    ......................... hgpt passed test CrossRefValidation

    Running enterprise tests on : hgpt.biz
    Starting test: LocatorCheck
    ......................... hgpt.biz passed test LocatorCheck
    Starting test: Intersite
    ......................... hgpt.biz passed test Intersite



    Regards
    Shamil, Malaysia.
    Last edited by shamilsystems; 30th October 2015, 03:41. Reason: #Windows Server 2012 #Domain Controller, Windows Server 2012, Domain Controller, Active Directory

  • #2
    I remember seeing this before and I think it simply refers to the fact there are Warning/Error events in the Event Logs. You need to review your event logs and decide if you need to take action.
    A recent poll suggests that 6 out of 7 dwarfs are not happy

    Comment


    • #3
      Your error about DFSREvents talks about replication--which you won't have any of with only a single domain controller running. Replication involves at least 2 DCs, but you haven't gotten that far, yet. As for the NTLM authentication, you can specify thru Group Policy whether or not to allow NTLM basic authentication between clients and the DC. As well, since those events exist now, they'll still show up if you re-run the test after correcting the issue. So be sure and clear out the event logs before re-running the test.
      *RicklesP*
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **

      Comment


      • #4
        Dear Rickles, Would mind provide me steps to disable NTLM or a link for how to disable.. My search leading to NTLM traffic restictions.. Thank you.

        Comment


        • #5
          If you have a read of this MS Technet article: 'https://technet.microsoft.com/en-us/library/jj852207.aspx', you'll find a description of what & why, and the Group Policy path to the setting you need to change. My advice is to try it out on a test system first, and once you're satisfied with the results, then roll it out to your production workstations and servers.
          *RicklesP*
          MSCA (2003/XP), Security+, CCNA

          ** Remember: credit where credit is due, and reputation points as appropriate **

          Comment


          • #6
            As pointed out, DCDIAG flagged alerts from the event viewer that I have found in the past has been there simply as I have been rebooting the server, so are by Design. The service did go down and was effected. As for NTLM, this is used for older Clients and OS, These days, we tend to leave the default configuration (I believe it is) as NTLM v2 only as NTLM/LM is rarely needed now but of course it depends on the environment. I assume you are ensuring some clean logs as oppose to this causing an issue?

            Comment

            Working...
            X