Hi,
We had a motherboard failure on our primary DC server night before last (SLSODOMAIN), secondary stayed up the whole time (SLSODOMAIN3), replaced motherboard yesterday and got server back up. But DC diag is still showing a number of issues and not sure where to begin. There is no SYSVOl share on the server that went down and it appears to not be accepting binds from the backup DC.
When writing code, you always start by correcting the first error and the one underneath tend to fix themselves. Not sure if is true in the DC world as well.
The dcdiag output from the server that went down for a day, only fails one test, FRSEVENT saying errors occurred in the last 24 hours and that failing sysvol replication can cause GP issues.
Below is my DCDIAG output from the backup DC. I apologize for not knowing more about this stuff and any help would be greatly appreciated.
Performing initial setup:
Trying to find home server...
Home Server = SLSODomain3
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SLSODOMAIN3
Starting test: Connectivity
......................... SLSODOMAIN3 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SLSODOMAIN3
Starting test: Advertising
......................... SLSODOMAIN3 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... SLSODOMAIN3 passed test FrsEvent
Starting test: DFSREvent
......................... SLSODOMAIN3 passed test DFSREvent
Starting test: SysVolCheck
......................... SLSODOMAIN3 passed test SysVolCheck
Starting test: KccEvent
......................... SLSODOMAIN3 passed test KccEvent
Starting test: KnowsOfRoleHolders
[SLSODOMAIN] DsBindWithSpnEx() failed with error -2146893022,
The target principal name is incorrect..
Warning: SLSODOMAIN is the Schema Owner, but is not responding to DS
RPC Bind.
[SLSODOMAIN] LDAP bind failed with error 8341,
A directory service error has occurred..
Warning: SLSODOMAIN is the Schema Owner, but is not responding to LDAP
Bind.
Warning: SLSODOMAIN is the Domain Owner, but is not responding to DS
RPC Bind.
Warning: SLSODOMAIN is the Domain Owner, but is not responding to LDAP
Bind.
Warning: SLSODOMAIN is the PDC Owner, but is not responding to DS RPC
Bind.
Warning: SLSODOMAIN is the PDC Owner, but is not responding to LDAP
Bind.
......................... SLSODOMAIN3 failed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... SLSODOMAIN3 passed test MachineAccount
Starting test: NCSecDesc
......................... SLSODOMAIN3 passed test NCSecDesc
Starting test: NetLogons
......................... SLSODOMAIN3 passed test NetLogons
Starting test: ObjectsReplicated
......................... SLSODOMAIN3 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,SLSODOMAIN3] A recent replication attempt failed:
From SLSODOMAIN to SLSODOMAIN3
Naming Context: DC=ForestDnsZones,DC=slso,DC=music
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2012-12-28 10:58:14.
The last success occurred at 2012-12-25 23:58:03.
59 failures have occurred since the last success.
[Replications Check,SLSODOMAIN3] A recent replication attempt failed:
From SLSODOMAIN to SLSODOMAIN3
Naming Context: DC=DomainDnsZones,DC=slso,DC=music
The replication generated an error (1256):
The remote system is not available. For information about network troubleshooting, see Windows Help.
The failure occurred at 2012-12-28 10:58:14.
The last success occurred at 2012-12-25 23:58:03.
59 failures have occurred since the last success.
[Replications Check,SLSODOMAIN3] A recent replication attempt failed:
From SLSODOMAIN to SLSODOMAIN3
Naming Context: CN=Schema,CN=Configuration,DC=slso,DC=music
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2012-12-28 10:58:14.
The last success occurred at 2012-12-25 23:58:03.
59 failures have occurred since the last success.
[Replications Check,SLSODOMAIN3] A recent replication attempt failed:
From SLSODOMAIN to SLSODOMAIN3
Naming Context: CN=Configuration,DC=slso,DC=music
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2012-12-28 10:58:14.
The last success occurred at 2012-12-25 23:58:03.
63 failures have occurred since the last success.
[Replications Check,SLSODOMAIN3] A recent replication attempt failed:
From SLSODOMAIN to SLSODOMAIN3
Naming Context: DC=slso,DC=music
The replication generated an error (-2146893022):
The target principal name is incorrect.
The failure occurred at 2012-12-28 11:23:43.
The last success occurred at 2012-12-26 00:32:29.
1082 failures have occurred since the last success.
......................... SLSODOMAIN3 failed test Replications
Starting test: RidManager
......................... SLSODOMAIN3 passed test RidManager
Starting test: Services
......................... SLSODOMAIN3 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x40000004
Time Generated: 12/28/2012 10:51:08
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server slsodomain$. The target name used was E3514235-4B06-11D1-AB04-00C04FC2DCD2/1fb9c9bf-8540-40ba-8c92-03f911ddfc20/slso.music@slso.music. This indicates
that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered
on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account.
Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (SLSO.MUSIC) is different from the client domain (SLSO.MUSIC), check if there are identically
named server accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/28/2012 11:09:29
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server slsodomain$. The target name used was LDAP/1fb9c9bf-8540-40ba-8c92-03f911ddfc20._msdcs.slso.music. This indicates that the target server failed
to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered
on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that
the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (SLSO.MUSIC) is different from the client domain (SLSO.MUSIC), check if there are identically named server
accounts in these two domains, or use the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/28/2012 11:09:29
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server slsodomain$. The target name used was ldap/slsodomain.slso.music. This indicates that the target server failed to decrypt the ticket provided
by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server.
This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC
are both updated to use the current password. If the server name is not fully qualified, and the target domain (SLSO.MUSIC) is different from the client domain (SLSO.MUSIC), check if there are identically named server accounts in these two domains, or use
the fully-qualified name to identify the server.
An error event occurred. EventID: 0x40000004
Time Generated: 12/28/2012 11:14:54
Event String:
The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server slsodomain$. The target name used was SLSO\SLSODOMAIN$. This indicates that the target server failed to decrypt the ticket provided by the client.
This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error
can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both
updated to use the current password. If the server name is not fully qualified, and the target domain (SLSO.MUSIC) is different from the client domain (SLSO.MUSIC), check if there are identically named server accounts in these two domains, or use the fully-qualified
name to identify the server.
......................... SLSODOMAIN3 failed test SystemLog
Starting test: VerifyReferences
......................... SLSODOMAIN3 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : slso
Starting test: CheckSDRefDom
......................... slso passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... slso passed test CrossRefValidation
Running enterprise tests on : slso.music
Starting test: LocatorCheck
......................... slso.music passed test LocatorCheck
Starting test: Intersite
......................... slso.music passed test Intersite