Hi Robert,
I'm openning ADUC from server.
1) I checked RID Master is available. (it is the RID master, there is no other DC on this domain)
2) i attached the dcdiag file.
Thanks for your interest.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
DC Diagnosis Performing initial setup: * Verifing that the local machine ntserver, is a DC. * Connecting to directory service on server ntserver. * Collecting site info. * Identifying all servers. * Found 4 DC(s). Testing 1 of them. Done gathering initial info.
Doing initial non skippeable tests
Testing server: Default-First-Site-Name\NTSERVER
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... NTSERVER passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\NTSERVER
Starting test: Replications
* Replications Check
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX_pak2 to NTSERVER
Naming Context: CN=Schema,CN=Configuration,DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.47.
The last success occurred at 2003-09-18 18:12.59.
8051 failures have occurred since the last success.
The guid-based DNS name
d13d4211-36e1-4f95-903c-a1cc5912c367._msdcs.pak.info
is not registered on one or more DNS servers.
[EX_pak2] DsBind() failed with error 1722,
Win32 Error 1722.
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX2pak to NTSERVER
Naming Context: CN=Schema,CN=Configuration,DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.50.
The last success occurred at 2003-10-16 11:48.47.
7379 failures have occurred since the last success.
The guid-based DNS name
a84dad48-3f52-49e9-a2bc-051e28fa43a8._msdcs.pak.info
is not registered on one or more DNS servers.
[EX2pak] DsBind() failed with error 1722,
Win32 Error 1722.
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX_pak2 to NTSERVER
Naming Context: CN=Configuration,DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.41.
The last success occurred at 2003-09-18 18:20.05.
8051 failures have occurred since the last success.
The guid-based DNS name
d13d4211-36e1-4f95-903c-a1cc5912c367._msdcs.pak.info
is not registered on one or more DNS servers.
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX2pak to NTSERVER
Naming Context: CN=Configuration,DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.44.
The last success occurred at 2003-10-16 12:05.19.
7379 failures have occurred since the last success.
The guid-based DNS name
a84dad48-3f52-49e9-a2bc-051e28fa43a8._msdcs.pak.info
is not registered on one or more DNS servers.
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX_pak2 to NTSERVER
Naming Context: DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.35.
The last success occurred at 2003-09-18 18:15.02.
8052 failures have occurred since the last success.
The guid-based DNS name
d13d4211-36e1-4f95-903c-a1cc5912c367._msdcs.pak.info
is not registered on one or more DNS servers.
[Replications Check,NTSERVER] A recent replication attempt failed:
From EX2pak to NTSERVER
Naming Context: DC=pak,DC=info
The replication generated an error (8524):
Win32 Error 8524
The failure occurred at 2004-08-20 14:54.38.
The last success occurred at 2003-10-16 12:04.33.
7379 failures have occurred since the last success.
The guid-based DNS name
a84dad48-3f52-49e9-a2bc-051e28fa43a8._msdcs.pak.info
is not registered on one or more DNS servers.
......................... NTSERVER passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=pak,DC=info
* Security Permissions Check for
CN=Configuration,DC=pak,DC=info
* Security Permissions Check for
DC=pak,DC=info
......................... NTSERVER passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... NTSERVER passed test NetLogons
Starting test: Advertising
The DC NTSERVER is advertising itself as a DC and having a DS.
The DC NTSERVER is advertising as an LDAP server
The DC NTSERVER is advertising as having a writeable directory
The DC NTSERVER is advertising as a Key Distribution Center
The DC NTSERVER is advertising as a time server
The DS NTSERVER is advertising as a GC.
......................... NTSERVER passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Role Domain Owner = CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Role PDC Owner = CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Role Rid Owner = CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Role Infrastructure Update Owner = CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
......................... NTSERVER passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 6796 to 1073741823
* ntserver.pak.info is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3796 to 4295
* rIDNextRID: 0
The DS has corrupt data: rIDPreviousAllocationPool value is not valid
* rIDPreviousAllocationPool is 0 to 0
No rids allocated -- please check eventlog.
......................... NTSERVER failed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/ntserver.pak.info/pak.info
* SPN found :LDAP/ntserver.pak.info
* SPN found :LDAP/NTSERVER
* SPN found :LDAP/ntserver.pak.info/akat
* SPN found :LDAP/4686c43d-de3a-4eec-afff-aaccd5181861._msdcs.pak.info
* SPN found
:E3514235-4B06-11D1-AB04-00C04FC2DCD2/4686c43d-de3a-4eec-afff-aaccd5181861/pak.info
* SPN found :HOST/ntserver.pak.info/pak.info
* SPN found :HOST/ntserver.pak.info
* SPN found :HOST/NTSERVER
* SPN found :HOST/ntserver.pak.info/akat
* SPN found :GC/ntserver.pak.info/pak.info
......................... NTSERVER passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: RPCLOCATOR
* Checking Service: w32time
* Checking Service: TrkWks
* Checking Service: TrkSvr
* Checking Service: NETLOGON
......................... NTSERVER passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
NTSERVER is in domain DC=pak,DC=info
Checking for CN=NTSERVER,OU=Domain Controllers,DC=pak,DC=info in domain
DC=pak,DC=info on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS
Settings,CN=NTSERVER,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
in domain CN=Configuration,DC=pak,DC=info on 1 servers
Object is up-to-date on all servers.
......................... NTSERVER passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service Event log test
The SYSVOL has been shared, and the AD is no longer
prevented from starting by the File Replication Service.
There are errors after the SYSVOL has been shared.
The SYSVOL can prevent the AD from starting.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 08/19/2004 22:41:38
Event String: Following is the summary of warnings and errors
encountered by File Replication Service while
polling the Domain Controller ntserver.pak.info
for FRS replica set configuration information.
The nTFRSMember object cn=ex_pak2,cn=domain system volume (sysvol share),cn=file
replication service,cn=system,dc=pak,dc=info has a invalid value for the attribute
frsinfoputerReference.
The nTFRSMember object cn=ex2kpak,cn=domain system volume (sysvol share),cn=file
replication service,cn=system,dc=pak,dc=info has a invalid value for the attribute
frsinfoputerReference.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/19/2004 22:43:25
Event String: The File Replication Service is having trouble
enabling replication from EX2pak to NTSERVER
for c:\winnt\sysvol\domain using the DNS name
ex2pak.pak.info. FRS will keep retrying.
Following are some of the reasons you would see
this warning.
[1] FRS can not correctly resolve the DNS name
ex2pak.pak.info from this infoputer.
[2] FRS is not running on ex2pak.pak.info.
[3] The topology information in the Active
Directory for this replica has not yet replicated
to all the Domain Controllers.
This event log message will appear once per
connection, After the problem is fixed you will
see another event log message indicating that the
connection has been established.
......................... NTSERVER passed test frssysvol
Starting test: kccevent
* The KCC Event log test
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/20/2004 15:42:43
Event String: The attempt to establish a replication link with
parameters
Partition: DC=pak,DC=info
Source DSA DN:
CN=NTDS
Settings,CN=EX2Kpak,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Source DSA Address:
ace6ed30-713d-43d7-a684-0b4fe1319009._msdcs.pak.info
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This
operation will be retried.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/20/2004 15:42:46
Event String: The attempt to establish a replication link with
parameters
Partition: CN=Configuration,DC=pak,DC=info
Source DSA DN:
CN=NTDS
Settings,CN=EX2Kpak,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Source DSA Address:
ace6ed30-713d-43d7-a684-0b4fe1319009._msdcs.pak.info
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This
operation will be retried.
An Warning Event occured. EventID: 0x800004F1
Time Generated: 08/20/2004 15:42:49
Event String: The attempt to establish a replication link with
parameters
Partition:
CN=Schema,CN=Configuration,DC=pak,DC=info
Source DSA DN:
CN=NTDS
Settings,CN=EX2Kpak,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=pak,DC=info
Source DSA Address:
ace6ed30-713d-43d7-a684-0b4fe1319009._msdcs.pak.info
Inter-site Transport (if any):
failed with the following status:
The DSA operation is unable to proceed because of a DNS lookup failure.
The record data is the status code. This
operation will be retried.
......................... NTSERVER failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x0000410A
Time Generated: 08/20/2004 14:49:31
(Event String could not be retrieved)
An Error Event occured. EventID: 0x0000410A
Time Generated: 08/20/2004 15:20:31
(Event String could not be retrieved)
......................... NTSERVER failed test systemlog
Running enterprise tests on : pak.info
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the infomand line arguments provided.
......................... pak.info passed test Intersite
Starting test: FsmoCheck
GC Name: \\ntserver.pak.info
Locator Flags: 0xe00001fd
PDC Name: \\ntserver.pak.info
Locator Flags: 0xe00001fd
Time Server Name: \\ntserver.pak.info
Locator Flags: 0xe00001fd
Preferred Time Server Name: \\ntserver.pak.info
Locator Flags: 0xe00001fd
KDC Name: \\ntserver.pak.info
Locator Flags: 0xe00001fd
......................... pak.info passed test FsmoCheck
