dcdiag test

[joopdog]

I did a dcdiag test on our ADSERVER (192.168.1.60), It's our secondary DNS server.

What does it mean? The following:
'The host a7d04a11-b3b1-43cd-95ad-e88835363ef1._msdcs.GreatBay.local could not be resolved to an IP address.'

==--==
C:\>dcdiag /test:advertising /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine adserver, is a DC.
* Connecting to directory service on server adserver.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\ADSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
The host a7d04a11-b3b1-43cd-95ad-e88835363ef1._msdcs.GreatBay.local cou
ld not be resolved to an
IP address. Check the DNS server, DHCP, server name, etc
Although the Guid DNS name
(a7d04a11-b3b1-43cd-95ad-e88835363ef1._msdcs.GreatBay.local) couldn't
be resolved, the server name (adserver.GreatBay.local) resolved to the
IP address (192.168.1.60) and was pingable. Check that the IP address
is registered correctly with the DNS server.
......................... ADSERVER failed test Connectivity
==--==
How can I resolved this?

When you open up the DNS console, and you expand the _msdcs.GreatBay.local
zone, do you see an entry such as what's in the error message it's trying to
look for?

It's looking for a record under the _msdcs.greatbay.local zone called:
a7d04a11-b3b1-43cd-95ad-e88835363ef1

Does it exist?

[joopdog]

Uh oh, no it doesn't exist.

How do I add the entry?

See the attachment.

Ok Everything's looking good:
I did the following:
On GBSERVER5 (192.168.1.14) primary AD, DNS, WINS server
Right click Forward Lookup Zones, choose New Zone, Primary Zone, typed in
_msdcs.greatbay.local.
Then in a cmd prompt:
ipconfig /registerdns
net stop netlogon
net start netlogon

==--==
ON GBSERVER5 (192.168.1.14)
C:\>dcdiag /test:advertising /v
Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine GBSERVER5, is a DC.
* Connecting to directory service on server GBSERVER5.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\GBSERVER5
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... GBSERVER5 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\GBSERVER5
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Starting test: Advertising
The DC GBSERVER5 is advertising itself as a DC and having a DS.
The DC GBSERVER5 is advertising as an LDAP server
The DC GBSERVER5 is advertising as having a writeable directory
The DC GBSERVER5 is advertising as a Key Distribution Center
The DC GBSERVER5 is advertising as a time server
The DS GBSERVER5 is advertising as a GC.
......................... GBSERVER5 passed test Advertising
==--==

The best part is, I'm finally able to force replicate all servers now.
1. I opened Active Directory Sites And services.
2. I expanded "Sites | Default-First-Site | Servers".
3. I expanded "ADSERVER | NTDS Settings".
4. Right clicked gbserver5.
5. Then left clicked "Replicate Now".

It works! It finally works.
==--==
I have four Active Directory servers:
GBSERVER5
ADSERVER
GBSERVER1
GBSERVER13

I run the following command:
dcdiag /test:advertising /v

It runs successful on all servers except
GBSERVER13
C:\>dcdiag /test:advertising /v

Domain Controller Diagnosis

Performing initial setup:
* Verifying that the local machine gbserver13, is a DC.
* Connecting to directory service on server gbserver13.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 4 DC(s). Testing 1 of them.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\GBSERVER13
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... GBSERVER13 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\GBSERVER13
Test omitted by user request: Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Test omitted by user request: NCSecDesc
Test omitted by user request: NetLogons
Starting test: Advertising
The DC GBSERVER13 is advertising itself as a DC and having a DS.
The DC GBSERVER13 is advertising as an LDAP server
The DC GBSERVER13 is advertising as having a writeable directory
The DC GBSERVER13 is advertising as a Key Distribution Center
Warning: GBSERVER13 is not advertising as a time server.
The DS GBSERVER13 is advertising as a GC.
......................... GBSERVER13 failed test Advertising

==--==
What is causing this problem?
I've attached test diagnostic test for gbserver13.

There is more then that entry missing. You said this is a secondary DNS server?
I suggest to use AD integrated zones on the primary DNS server and then delete
the secondary zones on this server? Or did i misunderstand your DNS configuration?

You don't even have an _msdcs.greatbay.local zone. Was it deleted
accidentally?

Right click Forward Lookup Zones, choose New, Zone, type in
_msdcs.greatbay.local.
Then in a cmd prompt:
ipconfig /registsterdns
net stop netlogon
net start netlogon

Wait about 5-10 minutes, hit F5 in the DNS console to refresh the zone, and
see if a bunch of yellow folders show up under the new zone you just
created. One of the records you should see is that GUID that the dcdiag is
looking for.

Also, please post an unedited ipconfig /all of your DCs. I think at this
time we should check your configuration to make sure nothing else is amiss
that may have caused this issue.

from a command prompt on the dc that is missing service records run the
following

nltest /dsregdns /server:dc name

Glad to hear that you've overcome the _msdcs issue.

You've attached the netdiag, not the dcdiag. The netdiag, quickly glancing
through it, appears fine. However for gbserver13, what errors are in the
event logs (post the eventid# and soruce name).

Also, once this is all fixed, for DNS, I suggest for each DC, to point to
itself as the first DNS entry, and a partner DC as the second.

[joopdog]

I just checked I have some errors in gbserver13 Event Viewer.

I entered the DNS forwarders in gbserver13:
24.56.100.20
24.56.102.20
4.2.2.1
4.2.2.2
65.32.1.70
65.32.1.65

I stopped and started the DNS services.

==--==
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:03:03 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 65.32.1.70 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:02:50 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 65.32.1.65 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:02:22 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 4.2.2.2 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:01:40 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:00:58 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 24.56.102.20 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10009
Date: 8/19/2009
Time: 1:00:16 PM
User: N/A
Computer: GBSERVER13
Description:
DCOM was unable to communicate with the computer 24.56.100.20 using any of the configured protocols.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
==--==
I ran the following DNS test:
C:\>dcdiag /test:dns

Domain Controller Diagnosis

Performing initial setup:
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site\GBSERVER13
Starting test: Connectivity
......................... GBSERVER13 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site\GBSERVER13

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : GreatBay

Running enterprise tests on : GreatBay.local
Starting test: DNS
Test results for domain controllers:

DC: gbserver13.GreatBay.local
Domain: GreatBay.local


TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 24.56.100.20 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 24.56.102.20 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 4.2.2.1 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 4.2.2.2 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 65.32.1.65 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 65.32.1.70 (<name unavailable>)
Error: Root hints list has invalid root hint server: a.root-servers.net. (198.41.0.4)
Error: Root hints list has invalid root hint server: b.root-servers.net. (128.9.0.107)
Error: Root hints list has invalid root hint server: c.root-servers.net. (192.33.4.12)
Error: Root hints list has invalid root hint server: d.root-servers.net. (128.8.10.90)
Error: Root hints list has invalid root hint server: e.root-servers.net. (192.203.230.10)
Error: Root hints list has invalid root hint server: f.root-servers.net. (192.5.5.241)
Error: Root hints list has invalid root hint server: g.root-servers.net. (192.112.36.4)
Error: Root hints list has invalid root hint server: h.root-servers.net. (128.63.2.53)
Error: Root hints list has invalid root hint server: i.root-servers.net. (192.36.148.17)
Error: Root hints list has invalid root hint server: j.root-servers.net. (192.58.128.30)
Error: Root hints list has invalid root hint server: k.root-servers.net. (193.0.14.129)
Error: Root hints list has invalid root hint server: l.root-servers.net. (198.32.64.12)
Error: Root hints list has invalid root hint server: m.root-servers.net. (202.12.27.33)

Summary of test results for DNS servers used by the above domain controllers:

DNS server: 65.32.1.70 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 65.32.1.70

DNS server: 65.32.1.65 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 65.32.1.65

DNS server: 4.2.2.2 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.2

DNS server: 4.2.2.1 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 4.2.2.1

DNS server: 24.56.102.20 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 24.56.102.20

DNS server: 24.56.100.20 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 24.56.100.20

DNS server: 202.12.27.33 (m.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 202.12.27.33

DNS server: 198.41.0.4 (a.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.41.0.4

DNS server: 198.32.64.12 (l.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 198.32.64.12

DNS server: 193.0.14.129 (k.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 193.0.14.129

DNS server: 192.58.128.30 (j.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.58.128.30

DNS server: 192.5.5.241 (f.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.5.5.241

DNS server: 192.36.148.17 (i.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.36.148.17

DNS server: 192.33.4.12 (c.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.33.4.12

DNS server: 192.203.230.10 (e.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.203.230.10

DNS server: 192.112.36.4 (g.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.112.36.4

DNS server: 128.9.0.107 (b.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.9.0.107

DNS server: 128.8.10.90 (d.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.8.10.90

DNS server: 128.63.2.53 (h.root-servers.net.)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 128.63.2.53

Summary of DNS test results:

Auth Basc Forw Del Dyn RReg Ext
________________________________________________________________
Domain: GreatBay.local
gbserver13 PASS PASS FAIL PASS PASS PASS n/a

......................... GreatBay.local failed test DNS
==--==
These should be good IP addresses for my DNS Forwarders.
What is causing these errors?

WAY too many Forwarders. Having more than two doesn't work because of the
time out period when checking from one to the next, and the client that
originally requested it will give up and report back a failed resolution.
Just stick to 2 of them: 4.2.2.2 and 4.2.2.3. Besides, the 24.x.x.x and
65.x.x.x machines may not have recursion enabled. The 4.2.2.2 and 4.2.2.3
work fine.

Also, those tests are deceiving because it is trying to resolve your local
loopback to the Root hints. Don't bother running the DNS tests, please. I'm
more worried about the machine as a DC itself. DNS resolution seems to work
fine internally from what I see so far.

I remembered someone telling me something years ago - do not look at an
elephant through a microscope, or you won't even know what you're looking
at. So let's concentrate on AD.

After you make the changes to the Forwarders, restart DNS, and then on that
machine, run an ipconfig /registerdns, restart netlogon, wait a few minutes
and check the event logs again for errors.