dcdiag
2003
C:\Documents and Settings\Administrator>dcdiag /v
Domain Controller Diagnosis
Performing initial setup:
* Verifying that the local
machine ad, is a DC.
* Connecting to directory service on server ad.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AD
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... AD passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AD
Starting test: Replications
* Replications Check
[Replications Check,AD] A recent replication attempt failed:
From WIN2012A to AD
Naming Context: DC=ForestDnsZones,DC=magazin,DC=info
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2018-11-08 13:49:49.
The last success occurred at 2018-08-09 17:23:37.
2186 failures have occurred since the last success.
[WIN2012A] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
[Replications Check,AD] A recent replication attempt failed:
From WIN2012A to AD
Naming Context: DC=DomainDnsZones,DC=magazin,DC=info
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2018-11-08 13:49:49.
The last success occurred at 2018-08-09 17:23:37.
2345 failures have occurred since the last success.
[Replications Check,AD] A recent replication attempt failed:
From WIN2012A to AD
Naming Context: CN=Schema,CN=Configuration,DC=magazin,DC=info
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2018-11-08 13:49:49.
The last success occurred at 2018-08-09 17:23:37.
2186 failures have occurred since the last success.
[Replications Check,AD] A recent replication attempt failed:
From WIN2012A to AD
Naming Context: CN=Configuration,DC=magazin,DC=info
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2018-11-08 13:49:49.
The last success occurred at 2018-08-09 17:23:37.
2186 failures have occurred since the last success.
[Replications Check,AD] A recent replication attempt failed:
From WIN2012A to AD
Naming Context: DC=magazin,DC=info
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2018-11-08 14:07:22.
The last success occurred at 2018-08-09 17:23:37.
80481 failures have occurred since the last success.
* Replication Latency Check
REPLICATION-RECEIVED LATENCY WARNING
AD: Current time is 2018-11-08 14:08:38.
DC=ForestDnsZones,DC=magazin,DC=info
Last replication recieved from WIN2012A at 2018-08-09 17:24:08.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=DomainDnsZones,DC=magazin,DC=info
Last replication recieved from WIN2012A at 2018-08-09 17:24:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Schema,CN=Configuration,DC=magazin,DC=info
Last replication recieved from WIN2012A at 2018-08-09 17:24:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
CN=Configuration,DC=magazin,DC=info
Last replication recieved from WIN2012A at 2018-08-09 17:24:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
DC=magazin,DC=info
Last replication recieved from WIN2012A at 2018-08-09 17:24:07.
WARNING: This latency is over the Tombstone Lifetime of 60 days!
......................... AD passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC AD.
* Security Permissions Check for
DC=ForestDnsZones,DC=magazin,DC=info
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=magazin,DC=info
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=magazin,DC=info
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=magazin,DC=info
(Configuration,Version 2)
* Security Permissions Check for
DC=magazin,DC=info
(Domain,Version 2)
......................... AD passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\AD\netlogon
Verified share \\AD\sysvol
......................... AD passed test NetLogons
Starting test: Advertising
The DC AD is advertising itself as a DC and having a DS.
The DC AD is advertising as an LDAP server
The DC AD is advertising as having a writeable directory
The DC AD is advertising as a Key Distribution Center
Warning: AD is not advertising as a time server.
The DS AD is advertising as a GC.
......................... AD failed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=WIN2012A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
Warning: WIN2012A is the Schema Owner, but is not responding to DS RPC Bind.
[WIN2012A] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: WIN2012A is the Schema Owner, but is not responding to LDAP Bind.
Role Domain Owner = CN=NTDS Settings,CN=WIN2012A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
Warning: WIN2012A is the Domain Owner, but is not responding to DS RPC Bind.
Warning: WIN2012A is the Domain Owner, but is not responding to LDAP Bind.
Role PDC Owner = CN=NTDS Settings,CN=WIN2012A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
Warning: WIN2012A is the PDC Owner, but is not responding to DS RPC Bind.
Warning: WIN2012A is the PDC Owner, but is not responding to LDAP Bind.
Role Rid Owner = CN=NTDS Settings,CN=WIN2012A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
Warning: WIN2012A is the Rid Owner, but is not responding to DS RPC Bind.
Warning: WIN2012A is the Rid Owner, but is not responding to LDAP Bind.
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WIN2012A,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
Warning: WIN2012A is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: WIN2012A is the Infrastructure Update Owner, but is not responding to LDAP Bind.
......................... AD failed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 2103 to 1073741823
* win2012A.magazin.info is the RID Master
......................... AD failed test RidManager
Starting test: MachineAccount
Checking machine account for DC AD on DC AD.
* SPN found :LDAP/ad.magazin.info/magazin.info
* SPN found :LDAP/ad.magazin.info
* SPN found :LDAP/AD
* SPN found :LDAP/ad.magazin.info/magazin
* SPN found :LDAP/7f68bed4-3a8a-4ee2-ad06-94696872ff71._msdcs.magazin.info
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7f68bed4-3a8a-4ee2-ad06-94696872ff71/magazin.info
* SPN found :HOST/ad.magazin.info/magazin.info
* SPN found :HOST/ad.magazin.info
* SPN found :HOST/AD
* SPN found :HOST/ad.magazin.info/magazin
* SPN found :GC/ad.magazin.info/magazin.info
......................... AD passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
w32time Service is stopped on [AD]
* Checking Service: NETLOGON
......................... AD failed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
AD is in domain DC=magazin,DC=info
Checking for CN=AD,OU=Domain Controllers,DC=magazin,DC=info in domain DC=magazin,DC=info on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info in domain CN=Configuration,DC=magazin,DC=info on 1 servers
Object is up-to-date on all servers.
......................... AD passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication
Service SYSVOL ready
test
File Replication
Service's SYSVOL is
ready
......................... AD passed test frssysvol
Starting test: frsevent
* The File Replication
Service Event log test
There are warning or
error events within
the last 24 hours
after the SYSVOL has
been shared. Failing
SYSVOL replication
problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 11/08/2018 05:53:09
(Event String could not be retrieved)
......................... AD failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... AD passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 13:22:44
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
ldap/win2012A.magazin.info. This indicates that the
password used to encrypt the kerberos service
ticket is different than that on the target
server. Commonly, this is due to identically
named machine accounts in the target realm
(magazin.INFO), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 13:32:42
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
cifs/WIN2012A. This indicates that the password
used to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(magazin.INFO), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 13:42:08
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was . This
indicates that the password used to encrypt the
kerberos service ticket is different than that on
the target server. Commonly, this is due to
identically named machine accounts in the target
realm (magazin.INFO), and the client realm.
Please contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 13:56:42
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
cifs/win2012A.magazin.info. This indicates that the
password used to encrypt the kerberos service
ticket is different than that on the target
server. Commonly, this is due to identically
named machine accounts in the target realm
(magazin.INFO), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0xC00A0032
Time Generated: 11/08/2018 13:57:46
(Event String could not be retrieved)
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 14:00:37
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
magazin\WIN2012A$. This indicates that the password
used to encrypt the kerberos service ticket is
different than that on the target server.
Commonly, this is due to identically named
machine accounts in the target realm
(magazin.INFO), and the client realm. Please
contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 14:08:38
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
LDAP/1aa8148d-60d7-4ade-9f3a-fab7256706a9._msdcs.magazin.info.
This indicates that the password used to encrypt
the kerberos service ticket is different than
that on the target server. Commonly, this is due
to identically named machine accounts in the
target realm (magazin.INFO), and the client realm.
Please contact your system administrator.
An Error Event occured. EventID: 0x40000004
Time Generated: 11/08/2018 14:08:39
Event String: The kerberos client received a
KRB_AP_ERR_MODIFIED error from the server
win2012a$. The target name used was
ldap/1aa8148d-60d7-4ade-9f3a-fab7256706a9._msdcs.magazin.info.
This indicates that the password used to encrypt
the kerberos service ticket is different than
that on the target server. Commonly, this is due
to identically named machine accounts in the
target realm (magazin.INFO), and the client realm.
Please contact your system administrator.
......................... AD failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object
reference
(serverReference)
CN=AD,OU=Domain Controllers,DC=magazin,DC=info
and backlink on
CN=AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
are correct.
The system object
reference
(frsComputerReferenceBL)
CN=AD,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=magazin,DC=info
and backlink on
CN=AD,OU=Domain Controllers,DC=magazin,DC=info
are correct.
The system object
reference
(serverReferenceBL)
CN=AD,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=magazin,DC=info
and backlink on
CN=NTDS Settings,CN=AD,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=magazin,DC=info
are correct.
......................... AD passed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : magazin
Starting test: CrossRefValidation
......................... magazin passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... magazin passed test CheckSDRefDom
Running enterprise tests on : magazin.info
Starting test: Intersite
Skipping site
Default-First-Site-Name,
this site is outside
the scope provided by
the command line
arguments provided.
......................... magazin.info passed test Intersite
Starting test: FsmoCheck
GC Name: \\ad.magazin.info
Locator Flags: 0xe00001bc
PDC Name: \\win2012A.magazin.info
Locator Flags: 0xe000f3fd
Time Server Name: \\win2012A.magazin.info
Locator Flags: 0xe000f3fd
Preferred Time Server Name: \\win2012A.magazin.info
Locator Flags: 0xe000f3fd
KDC Name: \\ad.magazin.info
Locator Flags: 0xe00001bc
......................... magazin.info passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNS
