Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine ServerA, is a Directory Server.
Home Server = ServerA
* Connecting to directory service on server ServerA.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us,LDAP
_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site
Settings,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us,LDAP
_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=SERVERB,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=SERVERC,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS
Settings,CN=SERVERD,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 4 of them.
Done gathering initial info.
Doing initial required tests
Testing server: DomainName\SERVERA
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERVERA passed test Connectivity
Testing server: DomainName\SERVERB
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERVERB passed test Connectivity
Testing server: DomainName\SERVERC
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERVERC passed test Connectivity
Testing server: DomainName\SERVERD
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERVERD passed test Connectivity
Doing primary tests
Testing server: DomainName\SERVERA
Starting test: Advertising
The DC SERVERA is advertising itself as a DC and having a DS.
The DC SERVERA is advertising as an LDAP server
The DC SERVERA is advertising as having a writeable directory
The DC SERVERA is advertising as a Key Distribution Center
The DC SERVERA is advertising as a time server
The DS SERVERA is advertising as a GC.
......................... SERVERA passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/26/2016 12:28:33
Event String:
The File Replication Service is having trouble enabling replication from SERVERB to SERVERA for c:\windows\sysvol\domain using the DNS name ServerB.domain.public.lib.ga.us. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name ServerB.domain.public.lib.ga.us from this computer.
[2] FRS is not running on ServerB.domain.public.lib.ga.us.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/27/2016 07:56:26
Event String:
The File Replication Service is having trouble enabling replication from SERVERD to SERVERA for c:\windows\sysvol\domain using the DNS name ServerD.domain.public.lib.ga.us. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name ServerD.domain.public.lib.ga.us from this computer.
[2] FRS is not running on ServerD.domain.public.lib.ga.us.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/27/2016 07:56:27
Event String:
The File Replication Service is having trouble enabling replication from SERVERB to SERVERA for c:\windows\sysvol\domain using the DNS name ServerB.domain.public.lib.ga.us. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name ServerB.domain.public.lib.ga.us from this computer.
[2] FRS is not running on ServerB.domain.public.lib.ga.us.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
An Warning Event occurred. EventID: 0x800034C5
Time Generated: 01/27/2016 08:02:21
Event String:
The File Replication Service has enabled replication from SERVERD to SERVERA for c:\windows\sysvol\domain after repeated retries.
......................... SERVERA passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SERVERA passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVERA passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
An Warning Event occurred. EventID: 0x8000082C
Time Generated: 01/27/2016 08:53:18
Event String:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Partitions,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group
Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
An Warning Event occurred. EventID: 0x8000082C
Time Generated: 01/27/2016 08:53:18
Event String:
This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role.
Operations which require contacting a FSMO operation master will fail until this condition is corrected.
FSMO Role: CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
User Action:
1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476.
2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in
question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication.
3. In the rare event that all replication partners being down is an expected occurance, perhaps because of maintenance or a disaster recovery, you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com.
The following operations may be impacted:
Schema: You will no longer be able to modify the schema for this forest.
Domain Naming: You will no longer be able to add or remove domains from this forest.
PDC: You will no longer be able to perform primary domain controller operations, such as Group
Policy updates and password resets for non-Active Directory Domain Services accounts.
RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups.
Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed.
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVERA passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Domain Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role PDC Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Rid Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
......................... SERVERA passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVERA on DC SERVERA.
* SPN found :LDAP/ServerA.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :LDAP/ServerA.domain.public.lib.ga.us
* SPN found :LDAP/SERVERA
* SPN found :LDAP/ServerA.domain.public.lib.ga.us/DOMAINNAME
* SPN found :LDAP/45ee8e1f-37ea-4a8b-bbd3-c738ee86c3de._msdcs.domain.public.lib.ga.us
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/45ee8e1f-37ea-4a8b-bbd3c738ee86c3de/domain.public.lib.ga.us
* SPN found :HOST/ServerA.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :HOST/ServerA.domain.public.lib.ga.us
* SPN found :HOST/SERVERA
* SPN found :HOST/ServerA.domain.public.lib.ga.us/DOMAINNAME
* SPN found :GC/ServerA.domain.public.lib.ga.us/domain.public.lib.ga.us
......................... SERVERA passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVERA.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Configuration,Version 3)
* Security Permissions Check for
DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Domain,Version 3)
......................... SERVERA passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVERA\netlogon
Verified share \\SERVERA\sysvol
[SERVERA] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SERVERA failed test NetLogons
Starting test: ObjectsReplicated
SERVERA is in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us
Checking for CN=SERVERA,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us in domain CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
......................... SERVERA passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
[Replications Check,SERVERA] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105 "Replication access was denied."
......................... SERVERA failed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 10603 to 1073741823
* ServerA.domain.public.lib.ga.us is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 6603 to 7102
* rIDPreviousAllocationPool is 6603 to 7102
* rIDNextRID: 6830
......................... SERVERA passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
Could not open NTDS Service on SERVERA, error 0x5 "Access is denied."
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVERA failed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVERA passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVERA,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,D
C=ga,DC=us
are correct.
The system object reference (serverReferenceBL)
CN=SERVERA,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
are correct.
......................... SERVERA passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: DomainName\SERVERB
Starting test: Advertising
The DC SERVERB is advertising itself as a DC and having a DS.
The DC SERVERB is advertising as an LDAP server
The DC SERVERB is advertising as having a writeable directory
The DC SERVERB is advertising as a Key Distribution Center
The DC SERVERB is advertising as a time server
The DS SERVERB is advertising as a GC.
......................... SERVERB passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SERVERB passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SERVERB passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVERB passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVERB passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Domain Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role PDC Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Rid Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
......................... SERVERB passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVERB on DC SERVERB.
* SPN found :LDAP/ServerB.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :LDAP/ServerB.domain.public.lib.ga.us
* SPN found :LDAP/SERVERB
* SPN found :LDAP/ServerB.domain.public.lib.ga.us/DOMAINNAME
* SPN found :LDAP/e239844c-6b9b-4037-bf72-b8c4d366bd38._msdcs.domain.public.lib.ga.us
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e239844c-6b9b-4037-bf72b8c4d366bd38/domain.public.lib.ga.us
* SPN found :HOST/ServerB.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :HOST/ServerB.domain.public.lib.ga.us
* SPN found :HOST/SERVERB
* SPN found :HOST/ServerB.domain.public.lib.ga.us/DOMAINNAME
* SPN found :GC/ServerB.domain.public.lib.ga.us/domain.public.lib.ga.us
......................... SERVERB passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVERB.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Configuration,Version 3)
* Security Permissions Check for
DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Domain,Version 3)
......................... SERVERB passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVERB\netlogon
Verified share \\SERVERB\sysvol
......................... SERVERB passed test NetLogons
Starting test: ObjectsReplicated
SERVERB is in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us
Checking for CN=SERVERB,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERVERB,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us in domain CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
......................... SERVERB passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SERVERB passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 10603 to 1073741823
* ServerA.domain.public.lib.ga.us is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 8603 to 9102
* rIDPreviousAllocationPool is 8603 to 9102
* rIDNextRID: 8638
......................... SERVERB passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVERB passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVERB passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVERB,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=SERVERB,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,D
C=ga,DC=us
are correct.
The system object reference (serverReferenceBL)
CN=SERVERB,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=NTDS
Settings,CN=SERVERB,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
are correct.
......................... SERVERB passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: DomainName\SERVERC
Starting test: Advertising
The DC SERVERC is advertising itself as a DC and having a DS.
The DC SERVERC is advertising as an LDAP server
The DC SERVERC is advertising as having a writeable directory
The DC SERVERC is advertising as a Key Distribution Center
The DC SERVERC is advertising as a time server
The DS SERVERC is advertising as a GC.
......................... SERVERC passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occurred. EventID: 0x800034C4
Time Generated: 01/26/2016 09:50:24
Event String:
The File Replication Service is having trouble enabling replication from SERVERB to SERVERC for c:\windows\sysvol\domain using the DNS name ServerB.domain.public.lib.ga.us. FRS will keep retrying.
Following are some of the reasons you would see this warning.
[1] FRS can not correctly resolve the DNS name ServerB.domain.public.lib.ga.us from this computer.
[2] FRS is not running on ServerB.domain.public.lib.ga.us.
[3] The topology information in the Active Directory Domain Services for this replica has not yet replicated to all the Domain Controllers.
This event log message will appear once per connection, After the problem is fixed you will see another event log message indicating that the connection has been established.
......................... SERVERC passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SERVERC passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVERC passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVERC passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Domain Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role PDC Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Rid Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
......................... SERVERC passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVERC on DC SERVERC.
* SPN found :LDAP/ServerC.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :LDAP/ServerC.domain.public.lib.ga.us
* SPN found :LDAP/SERVERC
* SPN found :LDAP/ServerC.domain.public.lib.ga.us/DOMAINNAME
* SPN found :LDAP/d8da3ba9-a8eb-4bc0-ba62-0b1e6e1c65c0._msdcs.domain.public.lib.ga.us
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d8da3ba9-a8eb-4bc0-ba62-
0b1e6e1c65c0/domain.public.lib.ga.us
* SPN found :HOST/ServerC.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :HOST/ServerC.domain.public.lib.ga.us
* SPN found :HOST/SERVERC
* SPN found :HOST/ServerC.domain.public.lib.ga.us/DOMAINNAME
* SPN found :GC/ServerC.domain.public.lib.ga.us/domain.public.lib.ga.us
......................... SERVERC passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVERC.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Configuration,Version 3)
* Security Permissions Check for
DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Domain,Version 3)
......................... SERVERC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVERC\netlogon
Verified share \\SERVERC\sysvol
......................... SERVERC passed test NetLogons
Starting test: ObjectsReplicated
SERVERC is in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us
Checking for CN=SERVERC,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERVERC,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us in domain CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
......................... SERVERC passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SERVERC passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 10603 to 1073741823
* ServerA.domain.public.lib.ga.us is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 9103 to 9602
* rIDPreviousAllocationPool is 9103 to 9602
* rIDNextRID: 9139
......................... SERVERC passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... SERVERC passed test Services
Starting test: SystemLog
* The System Event log test
Found no errors in "System" Event log in the last 60 minutes.
......................... SERVERC passed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVERC,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=SERVERC,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,D
C=ga,DC=us
are correct.
The system object reference (serverReferenceBL)
CN=SERVERC,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=NTDS
Settings,CN=SERVERC,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
are correct.
......................... SERVERC passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Testing server: DomainName\SERVERD
Starting test: Advertising
The DC SERVERD is advertising itself as a DC and having a DS.
The DC SERVERD is advertising as an LDAP server
The DC SERVERD is advertising as having a writeable directory
The DC SERVERD is advertising as a Key Distribution Center
The DC SERVERD is advertising as a time server
The DS SERVERD is advertising as a GC.
......................... SERVERD passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
......................... SERVERD passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SERVERD passed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SERVERD passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERVERD passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Domain Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role PDC Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Rid Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=SERVERA,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
......................... SERVERD passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERVERD on DC SERVERD.
* SPN found :LDAP/ServerD.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :LDAP/ServerD.domain.public.lib.ga.us
* SPN found :LDAP/SERVERD
* SPN found :LDAP/ServerD.domain.public.lib.ga.us/DOMAINNAME
* SPN found :LDAP/c07d8b1d-4537-476b-9e4d-3e6754135bea._msdcs.domain.public.lib.ga.us
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/c07d8b1d-4537-476b-9e4d-
3e6754135bea/domain.public.lib.ga.us
* SPN found :HOST/ServerD.domain.public.lib.ga.us/domain.public.lib.ga.us
* SPN found :HOST/ServerD.domain.public.lib.ga.us
* SPN found :HOST/SERVERD
* SPN found :HOST/ServerD.domain.public.lib.ga.us/DOMAINNAME
* SPN found :GC/ServerD.domain.public.lib.ga.us/domain.public.lib.ga.us
......................... SERVERD passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVERD.
* Security Permissions Check for
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Configuration,Version 3)
* Security Permissions Check for
DC=domain,DC=public,DC=lib,DC=ga,DC=us
(Domain,Version 3)
......................... SERVERD passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\SERVERD\netlogon
Verified share \\SERVERD\sysvol
......................... SERVERD passed test NetLogons
Starting test: ObjectsReplicated
SERVERD is in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us
Checking for CN=SERVERD,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us in domain DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=SERVERD,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us in domain CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us on 4 servers
Object is up-to-date on all servers.
......................... SERVERD passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=domain,DC=public,DC=lib,DC=ga,DC=us
Latency information for 13 entries in the vector were ignored.
13 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... SERVERD passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 10603 to 1073741823
* ServerA.domain.public.lib.ga.us is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 10103 to 10602
* rIDPreviousAllocationPool is 10103 to 10602
* rIDNextRID: 10121
......................... SERVERD passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Invalid service startup type: w32time on SERVERD, current value
DEMAND_START, expected value AUTO_START
* Checking Service: NETLOGON
......................... SERVERD failed test Services
Starting test: SystemLog
* The System Event log test
......................... SERVERD failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SERVERD,OU=Domain Controllers,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=SERVERD,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,DC=lib,D
C=ga,DC=us
are correct.
The system object reference (serverReferenceBL)
CN=SERVERD,CN=Domain System Volume (SYSVOL share),CN=File Replication
Service,CN=System,DC=domain,DC=public,DC=lib,DC=ga,DC=us
and backlink on
CN=NTDS
Settings,CN=SERVERD,CN=Servers,CN=DomainName,CN=Sites,CN=Configuration,DC=domain,DC=public,
DC=lib,DC=ga,DC=us
are correct.
......................... SERVERD passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : domain
Starting test: CheckSDRefDom
......................... domain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... domain passed test CrossRefValidation
Running enterprise tests on : domain.public.lib.ga.us
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\ServerA.domain.public.lib.ga.us
Locator Flags: 0xe00013fd
PDC Name: \\ServerA.domain.public.lib.ga.us
Locator Flags: 0xe00013fd
Time Server Name: \\ServerA.domain.public.lib.ga.us
Locator Flags: 0xe00013fd
Preferred Time Server Name: \\ServerA.domain.public.lib.ga.us
Locator Flags: 0xe00013fd
KDC Name: \\ServerA.domain.public.lib.ga.us
Locator Flags: 0xe00013fd
......................... domain.public.lib.ga.us passed test
LocatorCheck
Starting test: Intersite
Skipping site DomainName, this site is outside the scope provided by the
command line arguments provided.
......................... domain.public.lib.ga.us passed test
Intersite