Domain Controller Diagnosis Performing initial setup: * Verifying that the local machine main1, is a DC. * Connecting to directory service on server main1. * Collecting site info. * Identifying all servers. * Identifying all NC cross-refs. * Found 2 DC(s). Testing 2 of them. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-Name\IMS4 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... IMS4 passed test Connectivity Testing server: Default-First-Site-Name\MAIN1 Starting test: Connectivity * Active Directory LDAP Services Check * Active Directory RPC Services Check ......................... MAIN1 passed test Connectivity Doing primary tests Testing server: Default-First-Site-Name\IMS4 Starting test: Replications * Replications Check * Replication Latency Check CN=Schema,CN=Configuration,DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... IMS4 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC IMS4. * Security Permissions Check for CN=Schema,CN=Configuration,DC=ims,DC=imsnc,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ims,DC=imsnc,DC=com (Configuration,Version 2) * Security Permissions Check for DC=ims,DC=imsnc,DC=com (Domain,Version 2) ......................... IMS4 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\IMS4\netlogon Verified share \\IMS4\sysvol ......................... IMS4 passed test NetLogons Starting test: Advertising The DC IMS4 is advertising itself as a DC and having a DS. The DC IMS4 is advertising as an LDAP server The DC IMS4 is advertising as having a writeable directory The DC IMS4 is advertising as a Key Distribution Center Warning: IMS4 is not advertising as a time server. The DS IMS4 is advertising as a GC. ......................... IMS4 failed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Domain Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role PDC Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Rid Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com ......................... IMS4 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4677 to 1073741823 * main1.ims.imsnc.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 3177 to 3676 * rIDPreviousAllocationPool is 3177 to 3676 * rIDNextRID: 3179 ......................... IMS4 passed test RidManager Starting test: MachineAccount Checking machine account for DC IMS4 on DC IMS4. * SPN found :LDAP/ims4.ims.imsnc.com/ims.imsnc.com * SPN found :LDAP/ims4.ims.imsnc.com * SPN found :LDAP/IMS4 * SPN found :LDAP/ims4.ims.imsnc.com/IMS * SPN found :LDAP/e61f1fb5-7ba6-4ed1-8863-3da106d5c98f._msdcs.ims.imsnc.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/e61f1fb5-7ba6-4ed1-8863-3da106d5c98f/ims.imsnc.com * SPN found :HOST/ims4.ims.imsnc.com/ims.imsnc.com * SPN found :HOST/ims4.ims.imsnc.com * SPN found :HOST/IMS4 * SPN found :HOST/ims4.ims.imsnc.com/IMS * SPN found :GC/ims4.ims.imsnc.com/ims.imsnc.com ......................... IMS4 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... IMS4 passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated IMS4 is in domain DC=ims,DC=imsnc,DC=com Checking for CN=IMS4,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com in domain DC=ims,DC=imsnc,DC=com on 2 servers Authoritative attribute servicePrincipalName on IMS4 (writeable) usnLocalChange = 57415 LastOriginatingDsa = IMS4 usnOriginatingChange = 57415 timeLastOriginatingChange = 2007-01-24 16:00:29 VersionLastOriginatingChange = 10 Out-of-date attribute servicePrincipalName on MAIN1 (writeable) usnLocalChange = 20708 LastOriginatingDsa = IMS4 usnOriginatingChange = 57345 timeLastOriginatingChange = 2007-01-24 10:30:28 VersionLastOriginatingChange = 9 Checking for CN=NTDS Settings,CN=IMS4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com in domain CN=Configuration,DC=ims,DC=imsnc,DC=com on 2 servers Authoritative attribute options on IMS4 (writeable) usnLocalChange = 57412 LastOriginatingDsa = IMS4 usnOriginatingChange = 57412 timeLastOriginatingChange = 2007-01-24 15:34:13 VersionLastOriginatingChange = 5 Out-of-date attribute options on MAIN1 (writeable) usnLocalChange = 20713 LastOriginatingDsa = IMS4 usnOriginatingChange = 53359 timeLastOriginatingChange = 2007-01-24 10:24:24 VersionLastOriginatingChange = 4 ......................... IMS4 failed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... IMS4 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... IMS4 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... IMS4 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... IMS4 passed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=IMS4,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com and backlink on CN=IMS4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=IMS4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ims,DC=imsnc,DC=com and backlink on CN=IMS4,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com are correct. The system object reference (serverReferenceBL) CN=IMS4,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ims,DC=imsnc,DC=com and backlink on CN=NTDS Settings,CN=IMS4,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com are correct. ......................... IMS4 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Testing server: Default-First-Site-Name\MAIN1 Starting test: Replications * Replications Check [Replications Check,MAIN1] A recent replication attempt failed: From IMS4 to MAIN1 Naming Context: CN=Configuration,DC=ims,DC=imsnc,DC=com The replication generated an error (8418): The replication operation failed because of a schema mismatch between the servers involved. The failure occurred at 2007-01-24 16:53:00. The last success occurred at 2007-01-24 10:51:51. 1 failures have occurred since the last success. [Replications Check,MAIN1] A recent replication attempt failed: From IMS4 to MAIN1 Naming Context: DC=ims,DC=imsnc,DC=com The replication generated an error (8418): The replication operation failed because of a schema mismatch between the servers involved. The failure occurred at 2007-01-24 16:53:00. The last success occurred at 2007-01-24 10:51:51. 1 failures have occurred since the last success. * Replication Latency Check CN=Schema,CN=Configuration,DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=ims,DC=imsnc,DC=com Latency information for 2 entries in the vector were ignored. 2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). * Replication Site Latency Check ......................... MAIN1 passed test Replications Test omitted by user request: Topology Test omitted by user request: CutoffServers Starting test: NCSecDesc * Security Permissions check for all NC's on DC MAIN1. * Security Permissions Check for CN=Schema,CN=Configuration,DC=ims,DC=imsnc,DC=com (Schema,Version 2) * Security Permissions Check for CN=Configuration,DC=ims,DC=imsnc,DC=com (Configuration,Version 2) * Security Permissions Check for DC=ims,DC=imsnc,DC=com (Domain,Version 2) ......................... MAIN1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\MAIN1\netlogon Verified share \\MAIN1\sysvol ......................... MAIN1 passed test NetLogons Starting test: Advertising The DC MAIN1 is advertising itself as a DC and having a DS. The DC MAIN1 is advertising as an LDAP server The DC MAIN1 is advertising as having a writeable directory The DC MAIN1 is advertising as a Key Distribution Center The DC MAIN1 is advertising as a time server The DS MAIN1 is advertising as a GC. ......................... MAIN1 passed test Advertising Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Domain Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role PDC Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Rid Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com ......................... MAIN1 passed test KnowsOfRoleHolders Starting test: RidManager * Available RID Pool for the Domain is 4677 to 1073741823 * main1.ims.imsnc.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 4177 to 4676 * rIDPreviousAllocationPool is 4177 to 4676 * rIDNextRID: 4177 ......................... MAIN1 passed test RidManager Starting test: MachineAccount Checking machine account for DC MAIN1 on DC MAIN1. * SPN found :LDAP/main1.ims.imsnc.com/ims.imsnc.com * SPN found :LDAP/main1.ims.imsnc.com * SPN found :LDAP/MAIN1 * SPN found :LDAP/main1.ims.imsnc.com/IMS * SPN found :LDAP/86998f79-d176-4eae-a00a-c76cc354257b._msdcs.ims.imsnc.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/86998f79-d176-4eae-a00a-c76cc354257b/ims.imsnc.com * SPN found :HOST/main1.ims.imsnc.com/ims.imsnc.com * SPN found :HOST/main1.ims.imsnc.com * SPN found :HOST/MAIN1 * SPN found :HOST/main1.ims.imsnc.com/IMS * SPN found :GC/main1.ims.imsnc.com/ims.imsnc.com ......................... MAIN1 passed test MachineAccount Starting test: Services * Checking Service: Dnscache * Checking Service: NtFrs * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: RpcSs * Checking Service: w32time * Checking Service: NETLOGON ......................... MAIN1 passed test Services Test omitted by user request: OutboundSecureChannels Starting test: ObjectsReplicated MAIN1 is in domain DC=ims,DC=imsnc,DC=com Checking for CN=MAIN1,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com in domain DC=ims,DC=imsnc,DC=com on 2 servers Authoritative attribute nTSecurityDescriptor on MAIN1 (writeable) usnLocalChange = 16386 LastOriginatingDsa = MAIN1 usnOriginatingChange = 16386 timeLastOriginatingChange = 2007-01-22 16:04:27 VersionLastOriginatingChange = 2 Out-of-date attribute nTSecurityDescriptor on IMS4 (writeable) usnLocalChange = 47306 LastOriginatingDsa = IMS4 usnOriginatingChange = 47306 timeLastOriginatingChange = 2007-01-22 12:07:13 VersionLastOriginatingChange = 1 Authoritative attribute servicePrincipalName on MAIN1 (writeable) usnLocalChange = 16464 LastOriginatingDsa = MAIN1 usnOriginatingChange = 16464 timeLastOriginatingChange = 2007-01-22 17:11:23 VersionLastOriginatingChange = 8 Out-of-date attribute servicePrincipalName on IMS4 (writeable) usnLocalChange = 47336 LastOriginatingDsa = IMS4 usnOriginatingChange = 47336 timeLastOriginatingChange = 2007-01-22 12:19:01 VersionLastOriginatingChange = 4 Checking for CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com in domain CN=Configuration,DC=ims,DC=imsnc,DC=com on 2 servers Authoritative attribute msDS-hasMasterNCs on MAIN1 (writeable) usnLocalChange = 13836 LastOriginatingDsa = MAIN1 usnOriginatingChange = 13836 timeLastOriginatingChange = 2007-01-22 12:20:13 VersionLastOriginatingChange = 5 Out-of-date attribute msDS-hasMasterNCs on IMS4 (writeable) usnLocalChange = 47335 LastOriginatingDsa = IMS4 usnOriginatingChange = 47335 timeLastOriginatingChange = 2007-01-22 12:19:01 VersionLastOriginatingChange = 1 ......................... MAIN1 failed test ObjectsReplicated Starting test: frssysvol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... MAIN1 passed test frssysvol Starting test: frsevent * The File Replication Service Event log test ......................... MAIN1 passed test frsevent Starting test: kccevent * The KCC Event log test Found no KCC errors in Directory Service Event log in the last 15 minutes. ......................... MAIN1 passed test kccevent Starting test: systemlog * The System Event log test Found no errors in System Event log in the last 60 minutes. ......................... MAIN1 passed test systemlog Test omitted by user request: VerifyReplicas Starting test: VerifyReferences The system object reference (serverReference) CN=MAIN1,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com and backlink on CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com are correct. The system object reference (frsComputerReferenceBL) CN=MAIN1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ims,DC=imsnc,DC=com and backlink on CN=MAIN1,OU=Domain Controllers,DC=ims,DC=imsnc,DC=com are correct. The system object reference (serverReferenceBL) CN=MAIN1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=ims,DC=imsnc,DC=com and backlink on CN=NTDS Settings,CN=MAIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=ims,DC=imsnc,DC=com are correct. ......................... MAIN1 passed test VerifyReferences Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: CheckSecurityError Running partition tests on : Schema Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Running partition tests on : Configuration Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Running partition tests on : ims Starting test: CrossRefValidation ......................... ims passed test CrossRefValidation Starting test: CheckSDRefDom ......................... ims passed test CheckSDRefDom Running enterprise tests on : ims.imsnc.com Starting test: Intersite Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments provided. ......................... ims.imsnc.com passed test Intersite Starting test: FsmoCheck GC Name: \\main1.ims.imsnc.com Locator Flags: 0xe00003fd PDC Name: \\main1.ims.imsnc.com Locator Flags: 0xe00003fd Time Server Name: \\main1.ims.imsnc.com Locator Flags: 0xe00003fd Preferred Time Server Name: \\main1.ims.imsnc.com Locator Flags: 0xe00003fd KDC Name: \\main1.ims.imsnc.com Locator Flags: 0xe00003fd ......................... ims.imsnc.com passed test FsmoCheck Test omitted by user request: DNS Test omitted by user request: DNS