The lone DC(server 2012) I'm running in a single forest/domain does not seem to be advertising itself. Very little has been done to this machine. The AD DS server role has been installed and removed several times, along with a few other AD roles. As
such, I suspect this may be the result of an improper removal of AD DS. All active directory tools are unable to contact the dc. Additionally, when I've tried to demote the dc, with the last dc in domain option selected, it fails. Glancing at the dcdiag results,
it looks like there are several dns records showing up from previous installations of AD DS.
The machine is pointing to itself as the primary dns server and I've set up a forwarding zone for our ISP's dns servers.
Doing a fresh install is certainly possible but I'd like to be able to work this out incase it ever comes up in the future.
Thanks for bearing with me, I'm very new at this.
Here are the results from dcdiag /c /e /v and ipconfig /all:
------------------------------------------------------------------------------------
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine serv1, is a Directory Server.
Home Server = serv1
* Connecting to directory service on server serv1.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=testsite,DC=sys,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=testsite,DC=sys,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SERV1
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... SERV1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SERV1
Starting test: Advertising
Fatal Error:DsGetDcName (SERV1) call failed, error 1355
The Locator could not find the server.
......................... SERV1 failed test Advertising
Starting test: CheckSecurityError
* Dr Auth: Beginning security errors check!
No KDC found for domain testsite.sys in site Default-First-Site-Name (1355, NULL)
[SERV1] Unable to contact a KDC for the destination domain in it's own site. This means either there are no
available KDC's for this domain in the site, *including* the destination DC itself, or we're having network or
packet fragmentation issues connecting to it. We'll check packet fragmentation connection to the destination
DC, make recommendations, and continue.
Checking UDP fragmentation issues to SERV1.
The KDC on SERV1 isn't responsive, please verify that it's running and advertising.
No KDC found for domain testsite.sys in site (ALL SITES) (1355, NULL)
[SERV1] Unable to contact a KDC for the destination domain. If no KDC for the destination domain is
available, replication will be blocked!
If there is some KDC for that domain available, check network connectivity issues or see possible packet
fragmentation issues above.
Checking machine account for DC SERV1 on DC SERV1.
* SPN found :LDAP/serv1.testsite.sys/testsite.sys
* SPN found :LDAP/serv1.testsite.sys
* SPN found :LDAP/SERV1
* SPN found :LDAP/serv1.testsite.sys/TESTSITE
* SPN found :LDAP/42a7c2fa-f356-4c33-9790-c72bba9ed933._msdcs.testsite.sys
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42a7c2fa-f356-4c33-9790-c72bba9ed933/testsite.sys
* SPN found :HOST/serv1.testsite.sys/testsite.sys
* SPN found :HOST/serv1.testsite.sys
* SPN found :HOST/SERV1
* SPN found :HOST/serv1.testsite.sys/TESTSITE
* SPN found :GC/serv1.testsite.sys/testsite.sys
[SERV1] No security related replication errors were found on this DC! To target the connection to a specific
source DC use /ReplSource:<DC>.
......................... SERV1 passed test CheckSecurityError
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=testsite,DC=sys.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=testsite,DC=sys.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=testsite,DC=sys.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... SERV1 passed test CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... SERV1 passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
An error event occurred. EventID: 0xC00004B2
Time Generated: 11/03/2012 19:55:47
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling
cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 1355 (The specified domain either does not exist or could not be contacted.)
An error event occurred. EventID: 0xC00004B2
Time Generated: 11/03/2012 20:54:47
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling
cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 1355 (The specified domain either does not exist or could not be contacted.)
A warning event occurred. EventID: 0x80001780
Time Generated: 11/03/2012 21:12:40
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=SERV1,OU=Domain Controllers,DC=testsite,DC=sys
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
A warning event occurred. EventID: 0x800008A5
Time Generated: 11/03/2012 21:12:44
Event String:
The DFS Replication service stopped replication on volume C:. This occurs when a DFSR JET database is not shut down cleanly and Auto Recovery is disabled. To resolve this issue, back up the
files in the affected replicated folders, and then use the ResumeReplication WMI method to resume replication.
Additional Information:
Volume: C:
GUID: 627D5E18-70F0-446D-BC1D-06C6B6710CD1
Recovery Steps
1. Back up the files in all replicated folders on the volume. Failure to do so may result in data loss due to unexpected conflict resolution during the recovery of the replicated folders.
2. To resume the replication for this volume, use the WMI method ResumeReplication of the DfsrVolumeConfig class. For example, from an elevated command prompt, type the following command:
wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="627D5E18-70F0-446D-BC1D-06C6B6710CD1" call ResumeReplication
For more information, seehttp://support.microsoft.com/kb/2663685.
A warning event occurred. EventID: 0x80001780
Time Generated: 11/03/2012 21:17:42
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=SERV1,OU=Domain Controllers,DC=testsite,DC=sys
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
A warning event occurred. EventID: 0x80001780
Time Generated: 11/03/2012 21:32:43
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=SERV1,OU=Domain Controllers,DC=testsite,DC=sys
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
A warning event occurred. EventID: 0x80001780
Time Generated: 11/03/2012 22:32:51
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=SERV1,OU=Domain Controllers,DC=testsite,DC=sys
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
......................... SERV1 failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The error returned was 0x0
"The operation completed successfully.". Check the FRS event log to see if the SYSVOL has successfully been
shared.
......................... SERV1 passed test SysVolCheck
Starting test: FrsSysVol
* The File Replication Service SYSVOL ready test
The registry lookup failed to determine the state of the SYSVOL. The error returned was 0x0
"The operation completed successfully.". Check the FRS event log to see if the SYSVOL has successfully been
shared.
......................... SERV1 passed test FrsSysVol
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... SERV1 passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
Role Domain Owner = CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
Role PDC Owner = CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
Role Rid Owner = CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
Role Infrastructure Update Owner = CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys
......................... SERV1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC SERV1 on DC SERV1.
* SPN found :LDAP/serv1.testsite.sys/testsite.sys
* SPN found :LDAP/serv1.testsite.sys
* SPN found :LDAP/SERV1
* SPN found :LDAP/serv1.testsite.sys/TESTSITE
* SPN found :LDAP/42a7c2fa-f356-4c33-9790-c72bba9ed933._msdcs.testsite.sys
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/42a7c2fa-f356-4c33-9790-c72bba9ed933/testsite.sys
* SPN found :HOST/serv1.testsite.sys/testsite.sys
* SPN found :HOST/serv1.testsite.sys
* SPN found :HOST/SERV1
* SPN found :HOST/serv1.testsite.sys/TESTSITE
* SPN found :GC/serv1.testsite.sys/testsite.sys
......................... SERV1 passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC SERV1.
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=testsite,DC=sys
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=testsite,DC=sys
(Configuration,Version 3)
* Security Permissions Check for
DC=testsite,DC=sys
(Domain,Version 3)
......................... SERV1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Unable to connect to the NETLOGON share! (\\SERV1\netlogon)
[SERV1] An net use or LsaPolicy operation failed with error 67, The network name cannot be found..
......................... SERV1 failed test NetLogons
Starting test: ObjectsReplicated
SERV1 is in domain DC=testsite,DC=sys
Checking for CN=SERV1,OU=Domain Controllers,DC=testsite,DC=sys in domain DC=testsite,DC=sys on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=SERV1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=testsite,DC=sys in domain CN=Configuration,DC=testsite,DC=sys on 1 servers
Object is up-to-date on all servers.
......................... SERV1 passed test ObjectsReplicated
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test because /testdomain: was not entered
......................... SERV1 passed test OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... SERV1 passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1600 to 1073741823
* serv1.testsite.sys is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1100 to 1599
* rIDPreviousAllocationPool is 1100 to 1599
* rIDNextRID: 1102
......................... SERV1 passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
Could not open w32time Service on SERV1, error 0x424
"The specified service does not exist as an installed service."
* Checking Service: NETLOGON
......................... SERV1 failed test Services