I just run dcdiag on my 1 of the Domain Controller (Windows 2008 R2) and test has failed with the following data.
As you can see Forwarders seems invalid because of they cannot be solved by my TMG 2010 server (IP 192.168.0.2)
Forwarders Information:
192.168.0.2 (<name unavailable>) [Invalid (unreachable)]
Error: All forwarders in the forwarder list are invalid.Other important point is my DC2 (Widnows 2008) not even appearing in this test! But all replications seems ok.
Running partition tests on : icd
Test omitted by user request: CheckSDRefDom
Test omitted by user request: CrossRefValidation
Running enterprise tests on : icd.local
Starting test: DNS
Test results for domain controllers:
DC: DC1.icd.local
Domain: icd.local
TEST: Authentication (Auth)
Authentication test: Successfully completed
TEST: Basic (Basc)
The OS Microsoft Windows Server 2008 R2 Enterprise (Service Pack level: 1.0) is supported.
NETLOGON service is running
kdc service is running
DNSCACHE service is running
DNS service is running
DC is a DNS server
Network adapters information:
Adapter [00000015] Microsoft Virtual Network Switch Adapter:
MAC address is 00:1E:4F:20:AE:FE
IP Address is static
IP address: 192.168.0.40, fe80::acaf:2e9d:73b0:a137
DNS servers:
192.168.0.40 (DC1) [Valid]
192.168.0.41 (DC2003) [Valid]
The A host record(s) for this DC was found
The SOA record for the Active Directory zone was found
The Active Directory zone on this DC/DNS server was found primary
Root zone on this DC/DNS server was not found
TEST: Forwarders/Root hints (Forw)
Recursion is enabled
Forwarders Information:
192.168.0.2 (<name unavailable>) [Invalid (unreachable)]
Error: All forwarders in the forwarder list are invalid.
Root hint Information:
Name: a.root-servers.net. IP: 198.41.0.4 [Valid]
Name: a.root-servers.net. IP: 2001:503:ba3e::2:30 [Invalid (unreachable)]
Name: b.root-servers.net. IP: 192.228.79.201 [Valid]
Name: c.root-servers.net. IP: 192.33.4.12 [Valid]
Name: d.root-servers.net. IP: 128.8.10.90 [Valid]
Name: d.root-servers.net. IP: 2001:500:2d::d [Invalid (unreachable)]
Name: e.root-servers.net. IP: 192.203.230.10 [Valid]
Name: f.root-servers.net. IP: 192.5.5.241 [Valid]
Name: f.root-servers.net. IP: 2001:500:2f::f [Invalid (unreachable)]
Name: g.root-servers.net. IP: 192.112.36.4 [Valid]
Name: h.root-servers.net. IP: 128.63.2.53 [Valid]
Name: h.root-servers.net. IP: 2001:500:1::803f:235 [Invalid (unreachable)]
Name: i.root-servers.net. IP: 192.36.148.17 [Valid]
Name: i.root-servers.net. IP: 2001:7fe::53 [Invalid (unreachable)]
Name: j.root-servers.net. IP: 192.58.128.30 [Valid]
Name: j.root-servers.net. IP: 2001:503:c27::2:30 [Invalid (unreachable)]
Name: k.root-servers.net. IP: 193.0.14.129 [Valid]
Name: k.root-servers.net. IP: 2001:7fd::1 [Invalid (unreachable)]
Name: l.root-servers.net. IP: 199.7.83.42 [Valid]
Name: l.root-servers.net. IP: 2001:500:3::42 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 2001:dc3::35 [Invalid (unreachable)]
Name: m.root-servers.net. IP: 202.12.27.33 [Valid]
TEST: Delegations (Del)
Delegation information for the zone: icd.local.
Delegated domain name: _msdcs.icd.local.
Error: DNS server: DC2003.qld.icd.edu.au. IP:<Unavailable> [Missing glue A record]
[Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)]
TEST: Dynamic update (Dyn)
Test record dcdiag-test-record added successfully in zone icd.local
Warning: Failed to delete the test record dcdiag-test-record in zone icd.local
[Error details: 9005 (Type: Win32 - Description: DNS operation refused.)]
TEST: Records registration (RReg)
Network Adapter [00000015] Microsoft Virtual Network Switch Adapter:
Matching CNAME record found at DNS server 192.168.0.40:
64e46f05-3760-4914-bd77-7f25e8626a7d._msdcs.icd.local
Matching A record found at DNS server 192.168.0.40:
DC1.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.6745f436-824a-4e46-aae6-0af01d54e2e6.domains._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kerberos._tcp.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kerberos._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kerberos._udp.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kpasswd._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_kerberos._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.gc._msdcs.icd.local
Matching A record found at DNS server 192.168.0.40:
gc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_gc._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.40:
_ldap._tcp.pdc._msdcs.icd.local
Matching CNAME record found at DNS server 192.168.0.41:
64e46f05-3760-4914-bd77-7f25e8626a7d._msdcs.icd.local
Matching A record found at DNS server 192.168.0.41:
DC1.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.6745f436-824a-4e46-aae6-0af01d54e2e6.domains._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kerberos._tcp.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kerberos._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kerberos._udp.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kpasswd._tcp.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_kerberos._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.gc._msdcs.icd.local
Matching A record found at DNS server 192.168.0.41:
gc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_gc._tcp.Default-First-Site-Name._sites.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.icd.local
Matching SRV record found at DNS server 192.168.0.41:
_ldap._tcp.pdc._msdcs.icd.local
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 192.168.0.2 (<name unavailable>)
1 test failure on this DNS server
PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS server 192.168.0.2 [Error details: 1460 (Typ
e: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:500:1::803f:235 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired
.)]
DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:500:2d::d [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:500:2f::f [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:500:3::42 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:503:ba3e::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.
)]
DNS server: 2001:503:c27::2:30 (j.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:503:c27::2:30 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)
]
DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:7fd::1 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:7fe::53 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 20
01:dc3::35 [Error details: 1460 (Type: Win32 - Description: This operation returned because the timeout period expired.)]
DNS server: 128.63.2.53 (h.root-servers.net.)
All tests passed on this DNS server
DNS server: 128.8.10.90 (d.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.112.36.4 (g.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.168.0.40 (DC1)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.168.0.41 (DC2003)
All tests passed on this DNS server
Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered
DNS server: 192.203.230.10 (e.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.228.79.201 (b.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.33.4.12 (c.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.36.148.17 (i.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.5.5.241 (f.root-servers.net.)
All tests passed on this DNS server
DNS server: 192.58.128.30 (j.root-servers.net.)
All tests passed on this DNS server
DNS server: 193.0.14.129 (k.root-servers.net.)
All tests passed on this DNS server
DNS server: 198.41.0.4 (a.root-servers.net.)
All tests passed on this DNS server
DNS server: 199.7.83.42 (l.root-servers.net.)
All tests passed on this DNS server
DNS server: 202.12.27.33 (m.root-servers.net.)
All tests passed on this DNS server
Summary of DNS test results:
Auth Basc Forw Del Dyn RReg Ext
_________________________________________________________________
Domain: icd.local
DC1 PASS PASS FAIL FAIL WARN PASS n/a
......................... icd.local failed test DNS
Test omitted by user request: LocatorCheck
Test omitted by user request: Intersite
C:\>