Hello
I am about to migrate an installation from W2k3 (SP2) to 2008. My first step was to run a DCDIAG /V and low and behold I actually see some errors whihc I guess I should correct before going further...
Performing initial setup:
* Verifying that the local machine MY-PDC, is a DC.
* Connecting to directory service on server MY-PDC.
* Collecting site info.
* Identifying all servers.
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Premier-Site-par-defaut\MY-PDC
Starting test: Connectivity
* Active Directory LDAP Services Check
* Active Directory RPC Services Check
......................... MY-PDC passed test Connectivity
Doing primary tests
Testing server: Premier-Site-par-defaut\MY-PDC
Starting test: Replications
* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=mydom,DC=ch
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=mydom,DC=ch
Latency information for 4 entries in the vector were ignored.
4 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=mydom,DC=ch
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=mydom,DC=ch
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=mydom,DC=ch
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
* Replication Site Latency Check
......................... MY-PDC passed test Replications
Test omitted by user request: Topology
Test omitted by user request: CutoffServers
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC MY-PDC.
* Security Permissions Check for
DC=ForestDnsZones,DC=mydom,DC=ch
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=mydom,DC=ch
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=mydom,DC=ch
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=mydom,DC=ch
(Configuration,Version 2)
* Security Permissions Check for
DC=mydom,DC=ch
(Domain,Version 2)
......................... MY-PDC passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\MY-PDC\netlogon
Verified share \\MY-PDC\sysvol
......................... MY-PDC passed test NetLogons
Starting test: Advertising
The DC MY-PDC is advertising itself as a DC and having a DS.
The DC MY-PDC is advertising as an LDAP server
The DC MY-PDC is advertising as having a writeable directory
The DC MY-PDC is advertising as a Key Distribution Center
The DC MY-PDC is advertising as a time server
The DS MY-PDC is advertising as a GC.
......................... MY-PDC passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
Role Domain Owner = CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
Role PDC Owner = CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
Role Rid Owner = CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
......................... MY-PDC passed test KnowsOfRoleHolders
Starting test: RidManager
* Available RID Pool for the Domain is 5105 to 1073741823
* MY-PDC.mydom.ch is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 3605 to 4104
* rIDPreviousAllocationPool is 3605 to 4104
* rIDNextRID: 3622
......................... MY-PDC passed test RidManager
Starting test: MachineAccount
Checking machine account for DC MY-PDC on DC MY-PDC.
* SPN found :LDAP/MY-PDC.mydom.ch/mydom.ch
* SPN found :LDAP/MY-PDC.mydom.ch
* SPN found :LDAP/MY-PDC
* SPN found :LDAP/MY-PDC.mydom.ch/mydom
* SPN found :LDAP/ea56c2b4-3a12-4eae-b4ac-3f75bfe50834._msdcs.mydom.ch
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/ea56c2b4-3a12-4eae-b4ac-3f75bfe50834/mydom.ch
* SPN found :HOST/MY-PDC.mydom.ch/mydom.ch
* SPN found :HOST/MY-PDC.mydom.ch
* SPN found :HOST/MY-PDC
* SPN found :HOST/MY-PDC.mydom.ch/mydom
* SPN found :GC/MY-PDC.mydom.ch/mydom.ch
......................... MY-PDC passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... MY-PDC passed test Services
Test omitted by user request: OutboundSecureChannels
Starting test: ObjectsReplicated
MY-PDC is in domain DC=mydom,DC=ch
Checking for CN=MY-PDC,OU=Domain Controllers,DC=mydom,DC=ch in domain DC=mydom,DC=ch on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch in domain CN=Configuration,DC=mydom,DC=ch on 1 servers
Object is up-to-date on all servers.
......................... MY-PDC passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... MY-PDC passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034FA
Time Generated: 01/07/2013 18:51:23
(Event String could not be retrieved)
......................... MY-PDC failed test frsevent
Starting test: kccevent
* The KCC Event log test
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:36:33
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:36:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:41:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:41:34
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:46:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0xC0000470
Time Generated: 01/08/2013 17:46:35
(Event String could not be retrieved)
......................... MY-PDC failed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:17
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:23
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:24
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:25
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:26
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 01/08/2013 17:46:27
(Event String could not be retrieved)
......................... MY-PDC failed test systemlog
Test omitted by user request: VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=MY-PDC,OU=Domain Controllers,DC=mydom,DC=ch and backlink on
CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
are correct.
Some objects relating to the DC MY-PDC have problems:
[1] Problem: Missing Expected Value
Base Object: CN=MY-PDC,OU=Domain Controllers,DC=mydom,DC=ch
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
[1] Problem: Missing Expected Value
Base Object:
CN=NTDS Settings,CN=MY-PDC,CN=Servers,CN=Premier-Site-par-defaut,CN=Sites,CN=Configuration,DC=mydom,DC=ch
Base Object Description: "DSA Object"
Value Object Attribute Name: serverReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862
......................... MY-PDC failed test VerifyReferences
Test omitted by user request: VerifyEnterpriseReferences
Test omitted by user request: CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mydom
Starting test: CrossRefValidation
......................... mydom passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mydom passed test CheckSDRefDom
Running enterprise tests on : mydom.ch
Starting test: Intersite
Skipping site Premier-Site-par-defaut, this site is outside the scope
provided by the command line arguments provided.
......................... mydom.ch passed test Intersite
Starting test: FsmoCheck
GC Name: \\MY-PDC.mydom.ch
Locator Flags: 0xe00003fd
PDC Name: \\MY-PDC.mydom.ch
Locator Flags: 0xe00003fd
Time Server Name: \\MY-PDC.mydom.ch
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\MY-PDC.mydom.ch
Locator Flags: 0xe00003fd
KDC Name: \\MY-PDC.mydom.ch
Locator Flags: 0xe00003fd
......................... mydom.ch passed test FsmoCheck
Test omitted by user request: DNS
Test omitted by user request: DNSI have looked into the linked KB article but I muss confess that I am not too sure which case would apply in my situation. Can you shed some light ?
Thanks