Analyse DCDIAG - RPC, Replication und NetLogon Fehlermeldungen
Hallo zusammen
Ich habe vor kurzem einen Windows Server 2008 R2 als Domain Controller installiert. Am anfang schien es, als gebe es einige Netzwerkprobleme (DNS, RPC), im moment scheint jedoch alles gut zu laufen. Wenn ich jedoch DCDIAG /v /c durchführe erhalte ich immer noch einige Fehlermeldungen. Ich weiss leider nicht wie kritisch diese sind. Der DC ist im moment noch alleine, gibt also keine Replikation (was die Replication Meldung wahrscheinlich erklären würde).
Auf dem Server wurde vor dem dcpromo noch eine Härtung des Systems durchgeführt, ich bezweifle jedoch dass sie etwas mit den Fehlermeldungen zu tun hat.
Weiter wurden die dynamischen RPC Ports beschränkt, damit weniger Ports auf der Firewall geöffnet werden müssen. (hatte ich jedoch bereits zurückgestellt und getestet, scheint keinen einfluss zu haben)
Directory Server Diagnosis
Performing initial setup:
+ Connecting to directory service on server SRVDC1.
+ Identified AD Forest.
Collecting AD specific global data
+ Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Getting ISTG and options for the site
+ Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
+ Identifying all NC cross-refs.
+ Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SITE\SRVDC1
Starting test: Connectivity
+ Active Directory LDAP Services Check
Determining IP4 connectivity
+ Active Directory RPC Services Check
......................... SRVDC1 passed test Connectivity
Doing primary tests
Testing server: SITE\SRVDC1
Starting test: Advertising
The DC SRVDC1 is advertising itself as a DC and having a DS.
The DC SRVDC1 is advertising as an LDAP server
The DC SRVDC1 is advertising as having a writeable directory
The DC SRVDC1 is advertising as a Key Distribution Center
The DC SRVDC1 is advertising as a time server
The DS SRVDC1 is advertising as a GC.
......................... SRVDC1 passed test Advertising
Starting test: CheckSecurityError
+ Dr Auth: Beginning security errors check!
Found KDC SRVDC1 for domain internal.FIRMA.com in site SITE
Checking machine account for DC SRVDC1 on DC SRVDC1.
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com
+ SPN found :LDAP/SRVDC1
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :LDAP/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d._msdcs.internal.FIRMA.com
+ SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com
+ SPN found :HOST/SRVDC1
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :GC/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
[SRVDC1] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with
error 8453,
Replication access was denied..
[SRVDC1] Unable to query the list of KCC connection failures.
Continuing...
[SRVDC1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<dc>.
......................... SRVDC1 passed test CheckSecurityError
Starting test: CutoffServers
+ Configuration Topology Aliveness Check
+ Analyzing the alive system replication topology for DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
......................... SRVDC1 passed test CutoffServers
Starting test: FrsEvent
+ The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... SRVDC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SRVDC1 passed test DFSREvent
Starting test: SysVolCheck
+ The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVDC1 passed test SysVolCheck
Starting test: FrsSysVol
+ The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVDC1 passed test FrsSysVol
Starting test: KccEvent
+ The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SRVDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
......................... SRVDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SRVDC1 on DC SRVDC1.
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com
+ SPN found :LDAP/SRVDC1
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :LDAP/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d._msdcs.internal.FIRMA.com
+ SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com
+ SPN found :HOST/SRVDC1
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :GC/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
......................... SRVDC1 passed test MachineAccount
Starting test: NCSecDesc
+ Security Permissions check for all NC's on DC SRVDC1.
+ Security Permissions Check for
DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com
(NDNC,Version 3)
+ Security Permissions Check for
DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com
(NDNC,Version 3)
+ Security Permissions Check for
CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com
(Schema,Version 3)
+ Security Permissions Check for
CN=Configuration,DC=internal,DC=FIRMA,DC=com
(Configuration,Version 3)
+ Security Permissions Check for
DC=internal,DC=FIRMA,DC=com
(Domain,Version 3)
......................... SRVDC1 passed test NCSecDesc
Starting test: NetLogons
+ Network Logons Privileges Check
Verified share \\SRVDC1\netlogon
Verified share \\SRVDC1\sysvol
[SRVDC1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SRVDC1 failed test NetLogons
Starting test: ObjectsReplicated
SRVDC1 is in domain DC=internal,DC=FIRMA,DC=com
Checking for CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com in domain DC=internal,DC=FIRMA,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com in domain CN=Configuration,DC=internal,DC=FIRMA,DC=com on 1 servers
Object is up-to-date on all servers.
......................... SRVDC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
+ The Outbound Secure Channels test
++ Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SRVDC1 passed test OutboundSecureChannels
Starting test: Replications
+ Replications Check
[Replications Check,SRVDC1] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... SRVDC1 failed test Replications
Starting test: RidManager
+ Available RID Pool for the Domain is 1603 to 1073741823
+ SRVDC1.internal.FIRMA.com is the RID Master
+ DsBind with RID Master was successful
+ rIDAllocationPool is 1103 to 1602
+ rIDPreviousAllocationPool is 1103 to 1602
+ rIDNextRID: 1110
......................... SRVDC1 passed test RidManager
Starting test: Services
+ Checking Service: EventSystem
+ Checking Service: RpcSs
+ Checking Service: NTDS
Could not open NTDS Service on SRVDC1, error 0x5
"Access is denied."
+ Checking Service: DnsCache
+ Checking Service: DFSR
+ Checking Service: IsmServ
+ Checking Service: kdc
+ Checking Service: SamSs
+ Checking Service: LanmanServer
+ Checking Service: LanmanWorkstation
+ Checking Service: w32time
+ Checking Service: NETLOGON
......................... SRVDC1 failed test Services
Starting test: SystemLog
+ The System Event log test
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/01/2011 13:23:20
Event String:
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/01/2011 13:53:48
Event String:
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC0002719
Time Generated: 02/01/2011 13:54:37
Event String:
DCOM was unable to communicate with the computer 164.128.36.34 using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 02/01/2011 13:55:26
Event String:
DCOM was unable to communicate with the computer 164.128.76.39 using any of the configured protocols.
......................... SRVDC1 failed test SystemLog
Starting test: Topology
+ Configuration Topology Integrity Check
+ Analyzing the connection topology for DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
......................... SRVDC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SRVDC1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com and
backlink on
CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=SRVDC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=internal,DC=FIRMA,DC=com
and backlink on
CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=SRVDC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=internal,DC=FIRMA,DC=com
and backlink on
CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com are
correct.
......................... SRVDC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SRVDC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SRVDC1 failed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : internal
Starting test: CheckSDRefDom
......................... internal passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... internal passed test CrossRefValidation
Running enterprise tests on : internal.FIRMA.com
Starting test: DNS
Test results for domain controllers:
DC: SRVDC1.internal.FIRMA.com
Domain: internal.FIRMA.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000010] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is E4:1F:13:62:F0:F0
IP Address is static
IP address: 192.168.2.1
DNS servers:
192.168.2.1 (SRVDC1) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
[Error details: 5 (Type: Win32 - Description: Access is denied.)]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.2.1 (SRVDC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: internal.FIRMA.com
SRVDC1 PASS WARN n/a n/a n/a n/a n/a
......................... internal.FIRMA.com passed test DNS
Starting test: LocatorCheck
GC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
PDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
KDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
......................... internal.FIRMA.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
PDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
KDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
......................... internal.FIRMA.com passed test FsmoCheck
Starting test: Intersite
Skipping site SITE, this site is outside the scope provided by
the command line arguments provided.
......................... internal.FIRMA.com passed test Intersite
Vielen Dank für eure Hilfe
Cheers
Ich habe vor kurzem einen Windows Server 2008 R2 als Domain Controller installiert. Am anfang schien es, als gebe es einige Netzwerkprobleme (DNS, RPC), im moment scheint jedoch alles gut zu laufen. Wenn ich jedoch DCDIAG /v /c durchführe erhalte ich immer noch einige Fehlermeldungen. Ich weiss leider nicht wie kritisch diese sind. Der DC ist im moment noch alleine, gibt also keine Replikation (was die Replication Meldung wahrscheinlich erklären würde).
Auf dem Server wurde vor dem dcpromo noch eine Härtung des Systems durchgeführt, ich bezweifle jedoch dass sie etwas mit den Fehlermeldungen zu tun hat.
Weiter wurden die dynamischen RPC Ports beschränkt, damit weniger Ports auf der Firewall geöffnet werden müssen. (hatte ich jedoch bereits zurückgestellt und getestet, scheint keinen einfluss zu haben)
Directory Server Diagnosis
Performing initial setup:
+ Connecting to directory service on server SRVDC1.
+ Identified AD Forest.
Collecting AD specific global data
+ Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Getting ISTG and options for the site
+ Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
+ Identifying all NC cross-refs.
+ Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: SITE\SRVDC1
Starting test: Connectivity
+ Active Directory LDAP Services Check
Determining IP4 connectivity
+ Active Directory RPC Services Check
......................... SRVDC1 passed test Connectivity
Doing primary tests
Testing server: SITE\SRVDC1
Starting test: Advertising
The DC SRVDC1 is advertising itself as a DC and having a DS.
The DC SRVDC1 is advertising as an LDAP server
The DC SRVDC1 is advertising as having a writeable directory
The DC SRVDC1 is advertising as a Key Distribution Center
The DC SRVDC1 is advertising as a time server
The DS SRVDC1 is advertising as a GC.
......................... SRVDC1 passed test Advertising
Starting test: CheckSecurityError
+ Dr Auth: Beginning security errors check!
Found KDC SRVDC1 for domain internal.FIRMA.com in site SITE
Checking machine account for DC SRVDC1 on DC SRVDC1.
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com
+ SPN found :LDAP/SRVDC1
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :LDAP/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d._msdcs.internal.FIRMA.com
+ SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com
+ SPN found :HOST/SRVDC1
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :GC/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
[SRVDC1] DsReplicaGetInfo(KCC_DS_CONNECT_FAILURES) failed with
error 8453,
Replication access was denied..
[SRVDC1] Unable to query the list of KCC connection failures.
Continuing...
[SRVDC1] No security related replication errors were found on this
DC! To target the connection to a specific source DC use
/ReplSource:<dc>.
......................... SRVDC1 passed test CheckSecurityError
Starting test: CutoffServers
+ Configuration Topology Aliveness Check
+ Analyzing the alive system replication topology for DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the alive system replication topology for DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
......................... SRVDC1 passed test CutoffServers
Starting test: FrsEvent
+ The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... SRVDC1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
......................... SRVDC1 passed test DFSREvent
Starting test: SysVolCheck
+ The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVDC1 passed test SysVolCheck
Starting test: FrsSysVol
+ The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... SRVDC1 passed test FrsSysVol
Starting test: KccEvent
+ The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SRVDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Domain Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role PDC Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Rid Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
......................... SRVDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SRVDC1 on DC SRVDC1.
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com
+ SPN found :LDAP/SRVDC1
+ SPN found :LDAP/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :LDAP/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d._msdcs.internal.FIRMA.com
+ SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/77b7c2a2-2a29-4a06-bad5-dcc1ac8f999d/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
+ SPN found :HOST/SRVDC1.internal.FIRMA.com
+ SPN found :HOST/SRVDC1
+ SPN found :HOST/SRVDC1.internal.FIRMA.com/DOFRA02
+ SPN found :GC/SRVDC1.internal.FIRMA.com/internal.FIRMA.com
......................... SRVDC1 passed test MachineAccount
Starting test: NCSecDesc
+ Security Permissions check for all NC's on DC SRVDC1.
+ Security Permissions Check for
DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com
(NDNC,Version 3)
+ Security Permissions Check for
DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com
(NDNC,Version 3)
+ Security Permissions Check for
CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com
(Schema,Version 3)
+ Security Permissions Check for
CN=Configuration,DC=internal,DC=FIRMA,DC=com
(Configuration,Version 3)
+ Security Permissions Check for
DC=internal,DC=FIRMA,DC=com
(Domain,Version 3)
......................... SRVDC1 passed test NCSecDesc
Starting test: NetLogons
+ Network Logons Privileges Check
Verified share \\SRVDC1\netlogon
Verified share \\SRVDC1\sysvol
[SRVDC1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... SRVDC1 failed test NetLogons
Starting test: ObjectsReplicated
SRVDC1 is in domain DC=internal,DC=FIRMA,DC=com
Checking for CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com in domain DC=internal,DC=FIRMA,DC=com on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com in domain CN=Configuration,DC=internal,DC=FIRMA,DC=com on 1 servers
Object is up-to-date on all servers.
......................... SRVDC1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
+ The Outbound Secure Channels test
++ Did not run Outbound Secure Channels test because /testdomain: was
not entered
......................... SRVDC1 passed test OutboundSecureChannels
Starting test: Replications
+ Replications Check
[Replications Check,SRVDC1] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... SRVDC1 failed test Replications
Starting test: RidManager
+ Available RID Pool for the Domain is 1603 to 1073741823
+ SRVDC1.internal.FIRMA.com is the RID Master
+ DsBind with RID Master was successful
+ rIDAllocationPool is 1103 to 1602
+ rIDPreviousAllocationPool is 1103 to 1602
+ rIDNextRID: 1110
......................... SRVDC1 passed test RidManager
Starting test: Services
+ Checking Service: EventSystem
+ Checking Service: RpcSs
+ Checking Service: NTDS
Could not open NTDS Service on SRVDC1, error 0x5
"Access is denied."
+ Checking Service: DnsCache
+ Checking Service: DFSR
+ Checking Service: IsmServ
+ Checking Service: kdc
+ Checking Service: SamSs
+ Checking Service: LanmanServer
+ Checking Service: LanmanWorkstation
+ Checking Service: w32time
+ Checking Service: NETLOGON
......................... SRVDC1 failed test Services
Starting test: SystemLog
+ The System Event log test
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/01/2011 13:23:20
Event String:
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000003F6
Time Generated: 02/01/2011 13:53:48
Event String:
Name resolution for the name www.microsoft.com timed out after none of the configured DNS servers responded.
An error event occurred. EventID: 0xC0002719
Time Generated: 02/01/2011 13:54:37
Event String:
DCOM was unable to communicate with the computer 164.128.36.34 using any of the configured protocols.
An error event occurred. EventID: 0xC0002719
Time Generated: 02/01/2011 13:55:26
Event String:
DCOM was unable to communicate with the computer 164.128.76.39 using any of the configured protocols.
......................... SRVDC1 failed test SystemLog
Starting test: Topology
+ Configuration Topology Integrity Check
+ Analyzing the connection topology for DC=ForestDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for DC=DomainDnsZones,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for CN=Schema,CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for CN=Configuration,DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
+ Analyzing the connection topology for DC=internal,DC=FIRMA,DC=com.
+ Performing upstream (of target) analysis.
+ Performing downstream (of target) analysis.
......................... SRVDC1 passed test Topology
Starting test: VerifyEnterpriseReferences
......................... SRVDC1 passed test
VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference)
CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com and
backlink on
CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
are correct.
The system object reference (serverReferenceBL)
CN=SRVDC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=internal,DC=FIRMA,DC=com
and backlink on
CN=NTDS Settings,CN=SRVDC1,CN=Servers,CN=SITE,CN=Sites,CN=Configuration,DC=internal,DC=FIRMA,DC=com
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=SRVDC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=internal,DC=FIRMA,DC=com
and backlink on
CN=SRVDC1,OU=Domain Controllers,DC=internal,DC=FIRMA,DC=com are
correct.
......................... SRVDC1 passed test VerifyReferences
Starting test: VerifyReplicas
......................... SRVDC1 passed test VerifyReplicas
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
See DNS test in enterprise tests section for results
......................... SRVDC1 failed test DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : internal
Starting test: CheckSDRefDom
......................... internal passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... internal passed test CrossRefValidation
Running enterprise tests on : internal.FIRMA.com
Starting test: DNS
Test results for domain controllers:
DC: SRVDC1.internal.FIRMA.com
Domain: internal.FIRMA.com
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS
Microsoft Windows Server 2008 R2 Standard (Service Pack level: 0.0)
is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter
[00000010] Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client):
MAC address is E4:1F:13:62:F0:F0
IP Address is static
IP address: 192.168.2.1
DNS servers:
192.168.2.1 (SRVDC1) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)
[Error details: 5 (Type: Win32 - Description: Access is denied.)]
Summary of test results for DNS servers used by the above domain
controllers:
DNS server: 192.168.2.1 (SRVDC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: internal.FIRMA.com
SRVDC1 PASS WARN n/a n/a n/a n/a n/a
......................... internal.FIRMA.com passed test DNS
Starting test: LocatorCheck
GC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
PDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
KDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
......................... internal.FIRMA.com passed test LocatorCheck
Starting test: FsmoCheck
GC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
PDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
Preferred Time Server Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
KDC Name: \\SRVDC1.internal.FIRMA.com
Locator Flags: 0xe00033fd
......................... internal.FIRMA.com passed test FsmoCheck
Starting test: Intersite
Skipping site SITE, this site is outside the scope provided by
the command line arguments provided.
......................... internal.FIRMA.com passed test Intersite
Vielen Dank für eure Hilfe
Cheers
Bitte markiere auch die Kommentare, die zur Lösung des Beitrags beigetragen haben
Content-ID: 159964
Url: https://administrator.de/forum/analyse-dcdiag-rpc-replication-und-netlogon-fehlermeldungen-159964.html
Ausgedruckt am: 23.12.2024 um 08:12 Uhr