I can't replace my old unhealthy DC with my new healthy DC. When I try, sysvol does not replicate. Event log tells me that replication cannot find the domain. But i don't understand why because I can ping the domain, and the dc's, and all users can log on and retrieve gp settings.
I tried deleting the old DC once before I realized the new DC i had promoted wasn't sharing sysvol. Now my network is a mess. Because I tried to delete the old DC before it's replacement was fully operational, DNS got screwed up. I tried to manually rebuild dns a ms-kb, but as you'll see from the dcdiag output, there must still be more to do. Please. any help. I am going crazy.
DCDIAG /V /C /E /s:server-room: (full log attached)
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERVER-ROOM.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for
DC=ForestDnsZones,DC=MYDOMAIN,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=MYDOMAIN,DC=local
* Security Permissions Check for
DC=DomainDnsZones,DC=MYDOMAIN,DC=local
(NDNC,Version 3)
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=MYDOMAIN,DC=local
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=MYDOMAIN,DC=local
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=MYDOMAIN,DC=local
(Configuration,Version 3)
* Security Permissions Check for
DC=MYDOMAIN,DC=local
(Domain,Version 3)
......................... SERVER-ROOM failed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SERVER-ROOM\netlogon)
[SERVER-ROOM] An net use or LsaPolicy operation failed with error 67,
Win32 Error 67.
......................... SERVER-ROOM failed test NetLogons
Starting test: DNS
Test results for domain controllers:
DC: server-room.MYDOMAIN.local
Domain: MYDOMAIN.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
Microsoft(R) Windows(R) Server 2003, Enterprise Edition (Servi
ce Pack level: 2.0)
is supported
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000001] 3Com 3C920 Integrated Fast Ethernet Controller (3C9
05C-TX Compatible):
MAC address is 00:B0:D0:24:D4:57
IP Address is static
IP address: 192.168.2.16
DNS servers:
192.168.2.16 (SERVER-ROOM) [Valid]
The A host record(s) for this DC was found
Warning: The AAAA record for this DC was not found
[Error details: 9501 (Type: Win32 - Description: No records fo
und for given DNS query.) - MYDOMAIN.local]
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found prim
ary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders are not configured on this DNS server
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid
(unreachable)]
Error: Root hints list has invalid root hint server:
a.root-servers.net. (2001:503:ba3e::2:30)
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unre
achable)]
Error: Root hints list has invalid root hint server:
f.root-servers.net. (2001:500:2f::f)
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
No delegations were found in this zone on this DNS server
TEST: Dynamic update (Dyn)
Test record _dcdiag_test_record added successfully in zone amb
utrans.local
Test record _dcdiag_test_record deleted successfully in zone a
mbutrans.local
TEST: Records registration (RReg)
Network Adapter
[00000001] 3Com 3C920 Integrated Fast Ethernet Controller (3C9
05C-TX Compatible):
Matching CNAME record found at DNS server 192.168.2.16:
41245e5d-fa39-4149-a23c-c9d75d923139._msdcs.MYDOMAIN.local
Matching A record found at DNS server 192.168.2.16:
server-room.MYDOMAIN.local
Warning:
Missing AAAA record at DNS server 192.168.2.16:
server-room.MYDOMAIN.local
[Error details: 9501 (Type: Win32 - Description: No records
found for given DNS query.)]
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.7dda59b8-27ac-4fa2-8b46-6e034fa2adb9.domains._ms
dcs.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_kerberos._tcp.dc._msdcs.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.dc._msdcs.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_kerberos._tcp.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_kerberos._udp.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_kpasswd._tcp.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.Default-First-Site-Name._sites.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.amb
utrans.local
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.ambutra
ns.local
Matching SRV record found at DNS server 192.168.2.16:
_kerberos._tcp.Default-First-Site-Name._sites.MYDOMAIN.loc
al
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.gc._msdcs.MYDOMAIN.local
Matching A record found at DNS server 192.168.2.16:
gc._msdcs.MYDOMAIN.local
Warning:
Missing AAAA record at DNS server 192.168.2.16:
gc._msdcs.MYDOMAIN.local
[Error details: 9501 (Type: Win32 - Description: No records
found for given DNS query.)]
Matching SRV record found at DNS server 192.168.2.16:
_gc._tcp.Default-First-Site-Name._sites.MYDOMAIN.local
Matching SRV record found at DNS server 192.168.2.16:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.ambutra
ns.local
Error:
Missing SRV record at DNS server 192.168.2.16:
_ldap._tcp.pdc._msdcs.MYDOMAIN.local
[Error details: 9003 (Type: Win32 - Description: DNS name d
oes not exist.)]
Warning: Record Registrations not found in some network adapters
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f
[Error details: 1460 (Type: Win32 - Description: This operation returned
because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30
[Error details: 1460 (Type: Win32 - Description: This operation retu
rned because the timeout period expired.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.2.16 (SERVER-ROOM)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the fores
t root domain is registered
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: MYDOMAIN.local
server-room PASS WARN FAIL PASS PASS WARN n/a
......................... MYDOMAIN.local failed test DNS
Bookmarks