When I try to join a fully-updated Win10Pro workstation to a newly installed Windows Server 2016 Standard (hostname "wisdom") with a newly configured domain (configured according to this tutorial: https://blogs.technet.microsoft.com/canitpro/2017/02/22/step-by-step-setting-up-active-directory-in-windows-server-2016/
), I am prompted for the credentials of a domain administrative user at the domain controller (as I expect), and I'm certain that I'm typing in these credentials correctly, but after I submit these credentials, I get the following error message which reads
in part:
=:=:=:=:=:=:=:=:=:=:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "osteoboon.lan":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.osteoboon.lan
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
10.69.169.4 [this is the correct LAN IPv4 address of my AD DC]
-One or more of the following zones do not include delegation to its child zone:
osteoboon.lan
lan
. (the root zone)
=:=:=:=:=:=:=:=:=:=:
I realize of course that the TLD ".lan" does not exist (I chose it for that very reason, similar to how the reserved ".local" TLD is often used for LAN domain names, but at https://en.wikipedia.org/wiki/.local#Microsoft_recommendations I read recommendations against using ".local" for this purpose because there are non-Microsoft machines on my network that probably use zeroconf), and when I created the domain on the DC (hostname "wisdom"), I read the following: "A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "osteoboon.lan". Otherwise, no action is required."
And I am NOT "...integrating with an existing DNS infrastructure...", so I initially thought I could get by with the "no action is required." message. But because of the subject error message "An AD DC for the domain "osteoboon.lan" could not be contacted.", it now seems to me that I do need to do something different with this DC. But I'm not sure what to do.
From the workstation attempting to join the domain, I have successfully pinged the following:
ping wisdom
And I see 4 lines beginning with the following as expected:
Reply from ...
I think this uses the DC's NetBIOS name and although it takes 10 seconds for the lookup to occur before the replies from the addresses of the DC show up on the command line, they do return.
But when I attempt to ping wisdom.osteoboon.lan, I immediately see the following error message: "Ping request could not find host wisdom.osteoboon.lan. Please check the name and try again."
On the DC itself, when I issue the following command in the PowerShell, I get the subsequent output:
PS C:\Users\Administrator> dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine wisdom, is a Directory Server.
Home Server = wisdom
* Connecting to directory service on server wisdom.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan,LDAP_SCOPE_SUBTREE,(objectCategory=ntD
SSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,D
C=lan
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDs
a),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=osteoboon,DC=lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WISDOM
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... WISDOM passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WISDOM
Starting test: Advertising
The DC WISDOM is advertising itself as a DC and having a DS.
The DC WISDOM is advertising as an LDAP server
The DC WISDOM is advertising as having a writeable directory
The DC WISDOM is advertising as a Key Distribution Center
The DC WISDOM is advertising as a time server
The DS WISDOM is advertising as a GC.
......................... WISDOM passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... WISDOM passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
An error event occurred. EventID: 0xC00004B2
Time Generated: 03/31/2018 18:14:44
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replic
ation is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes
. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 1355 (The specified domain either does not exist or could not be contacted.)
An error event occurred. EventID: 0xC00004B2
Time Generated: 03/31/2018 18:51:20
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replic
ation is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes
. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
A warning event occurred. EventID: 0x80001780
Time Generated: 03/31/2018 18:56:21
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service
will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
......................... WISDOM failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... WISDOM passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... WISDOM passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=osteoboon,DC=lan
Role Domain Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=osteoboon,DC=lan
Role PDC Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
osteoboon,DC=lan
Role Rid Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
osteoboon,DC=lan
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=osteoboon,DC=lan
......................... WISDOM passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC WISDOM on DC WISDOM.
* SPN found :LDAP/wisdom.osteoboon.lan/osteoboon.lan
* SPN found :LDAP/wisdom.osteoboon.lan
* SPN found :LDAP/WISDOM
* SPN found :LDAP/wisdom.osteoboon.lan/OSTEOBOON
* SPN found :LDAP/bd6d48a1-a374-4670-aac4-e9098a9a3224._msdcs.osteoboon.lan
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/bd6d48a1-a374-4670-aac4-e9098a9a3224/osteoboon.lan
* SPN found :HOST/wisdom.osteoboon.lan/osteoboon.lan
* SPN found :HOST/wisdom.osteoboon.lan
* SPN found :HOST/WISDOM
* SPN found :HOST/wisdom.osteoboon.lan/OSTEOBOON
* SPN found :GC/wisdom.osteoboon.lan/osteoboon.lan
......................... WISDOM passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC WISDOM.
* Security Permissions Check for
DC=ForestDnsZones,DC=osteoboon,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=osteoboon,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=osteoboon,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=osteoboon,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=osteoboon,DC=lan
(Domain,Version 3)
......................... WISDOM passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\WISDOM\netlogon
Verified share \\WISDOM\sysvol
......................... WISDOM passed test NetLogons
Starting test: ObjectsReplicated
WISDOM is in domain DC=osteoboon,DC=lan
Checking for CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan in domain DC=osteoboon,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asci
olla,DC=lan in domain CN=Configuration,DC=osteoboon,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... WISDOM passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... WISDOM passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1602 to 1073741823
* wisdom.osteoboon.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1102 to 1601
* rIDPreviousAllocationPool is 1102 to 1601
* rIDNextRID: 1116
......................... WISDOM passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... WISDOM passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x00002720
Time Generated: 03/31/2018 20:21:10
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server app
lication with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the applicati
on container Unavailable SID (Unavailable). This security permission can be modified using the Component Services admini
strative tool.
......................... WISDOM failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan and backlink
on CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan are correct.
The system object reference (serverReferenceBL)
CN=WISDOM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=osteoboon,DC=lan and backlink
on
CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=WISDOM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=osteoboon,DC=lan and backlink
on CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan are correct.
......................... WISDOM passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : osteoboon
Starting test: CheckSDRefDom
......................... osteoboon passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... osteoboon passed test CrossRefValidation
Running enterprise tests on : osteoboon.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
PDC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
Time Server Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
Preferred Time Server Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
KDC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
......................... osteoboon.lan passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... osteoboon.lan passed test Intersite
PS C:\Users\Administrator>
So my question is, how do I fix this? I need to be able to join 10 or so workstations to this DC within the next 24 hours or else Monday will be a very bad day for a lot of people (and therefore, for me too).
Any thoughts?
Thank you!
Best,
Os
=:=:=:=:=:=:=:=:=:=:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "osteoboon.lan":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.osteoboon.lan
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
10.69.169.4 [this is the correct LAN IPv4 address of my AD DC]
-One or more of the following zones do not include delegation to its child zone:
osteoboon.lan
lan
. (the root zone)
=:=:=:=:=:=:=:=:=:=:
I realize of course that the TLD ".lan" does not exist (I chose it for that very reason, similar to how the reserved ".local" TLD is often used for LAN domain names, but at https://en.wikipedia.org/wiki/.local#Microsoft_recommendations I read recommendations against using ".local" for this purpose because there are non-Microsoft machines on my network that probably use zeroconf), and when I created the domain on the DC (hostname "wisdom"), I read the following: "A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain "osteoboon.lan". Otherwise, no action is required."
And I am NOT "...integrating with an existing DNS infrastructure...", so I initially thought I could get by with the "no action is required." message. But because of the subject error message "An AD DC for the domain "osteoboon.lan" could not be contacted.", it now seems to me that I do need to do something different with this DC. But I'm not sure what to do.
From the workstation attempting to join the domain, I have successfully pinged the following:
ping wisdom
And I see 4 lines beginning with the following as expected:
Reply from ...
I think this uses the DC's NetBIOS name and although it takes 10 seconds for the lookup to occur before the replies from the addresses of the DC show up on the command line, they do return.
But when I attempt to ping wisdom.osteoboon.lan, I immediately see the following error message: "Ping request could not find host wisdom.osteoboon.lan. Please check the name and try again."
On the DC itself, when I issue the following command in the PowerShell, I get the subsequent output:
PS C:\Users\Administrator> dcdiag /v
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
* Verifying that the local machine wisdom, is a Directory Server.
Home Server = wisdom
* Connecting to directory service on server wisdom.
* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan,LDAP_SCOPE_SUBTREE,(objectCategory=ntD
SSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,D
C=lan
Getting ISTG and options for the site
* Identifying all servers.
Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDs
a),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Confi
guration,DC=osteoboon,DC=lan
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.
* Found 1 DC(s). Testing 1 of them.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WISDOM
Starting test: Connectivity
* Active Directory LDAP Services Check
Determining IP4 connectivity
Determining IP6 connectivity
* Active Directory RPC Services Check
......................... WISDOM passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WISDOM
Starting test: Advertising
The DC WISDOM is advertising itself as a DC and having a DS.
The DC WISDOM is advertising as an LDAP server
The DC WISDOM is advertising as having a writeable directory
The DC WISDOM is advertising as a Key Distribution Center
The DC WISDOM is advertising as a time server
The DS WISDOM is advertising as a GC.
......................... WISDOM passed test Advertising
Test omitted by user request: CheckSecurityError
Test omitted by user request: CutoffServers
Starting test: FrsEvent
* The File Replication Service Event log test
Skip the test because the server is running DFSR.
......................... WISDOM passed test FrsEvent
Starting test: DFSREvent
The DFS Replication Event Log.
There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL
replication problems may cause Group Policy problems.
An error event occurred. EventID: 0xC00004B2
Time Generated: 03/31/2018 18:14:44
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replic
ation is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes
. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 1355 (The specified domain either does not exist or could not be contacted.)
An error event occurred. EventID: 0xC00004B2
Time Generated: 03/31/2018 18:51:20
Event String:
The DFS Replication service failed to contact domain controller to access configuration information. Replic
ation is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes
. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.
Additional Information:
Error: 160 (One or more arguments are not correct.)
A warning event occurred. EventID: 0x80001780
Time Generated: 03/31/2018 18:56:21
Event String:
The DFS Replication service failed to update configuration in Active Directory Domain Services. The service
will retry this operation periodically.
Additional Information:
Object Category: msDFSR-LocalSettings
Object DN: CN=DFSR-LocalSettings,CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan
Error: 1355 (The specified domain either does not exist or could not be contacted.)
Domain Controller:
Polling Cycle: 60
......................... WISDOM failed test DFSREvent
Starting test: SysVolCheck
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... WISDOM passed test SysVolCheck
Starting test: KccEvent
* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... WISDOM passed test KccEvent
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=osteoboon,DC=lan
Role Domain Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,
DC=osteoboon,DC=lan
Role PDC Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
osteoboon,DC=lan
Role Rid Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=
osteoboon,DC=lan
Role Infrastructure Update Owner = CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN
=Configuration,DC=osteoboon,DC=lan
......................... WISDOM passed test KnowsOfRoleHolders
Starting test: MachineAccount
Checking machine account for DC WISDOM on DC WISDOM.
* SPN found :LDAP/wisdom.osteoboon.lan/osteoboon.lan
* SPN found :LDAP/wisdom.osteoboon.lan
* SPN found :LDAP/WISDOM
* SPN found :LDAP/wisdom.osteoboon.lan/OSTEOBOON
* SPN found :LDAP/bd6d48a1-a374-4670-aac4-e9098a9a3224._msdcs.osteoboon.lan
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/bd6d48a1-a374-4670-aac4-e9098a9a3224/osteoboon.lan
* SPN found :HOST/wisdom.osteoboon.lan/osteoboon.lan
* SPN found :HOST/wisdom.osteoboon.lan
* SPN found :HOST/WISDOM
* SPN found :HOST/wisdom.osteoboon.lan/OSTEOBOON
* SPN found :GC/wisdom.osteoboon.lan/osteoboon.lan
......................... WISDOM passed test MachineAccount
Starting test: NCSecDesc
* Security Permissions check for all NC's on DC WISDOM.
* Security Permissions Check for
DC=ForestDnsZones,DC=osteoboon,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
DC=DomainDnsZones,DC=osteoboon,DC=lan
(NDNC,Version 3)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=osteoboon,DC=lan
(Schema,Version 3)
* Security Permissions Check for
CN=Configuration,DC=osteoboon,DC=lan
(Configuration,Version 3)
* Security Permissions Check for
DC=osteoboon,DC=lan
(Domain,Version 3)
......................... WISDOM passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
Verified share \\WISDOM\netlogon
Verified share \\WISDOM\sysvol
......................... WISDOM passed test NetLogons
Starting test: ObjectsReplicated
WISDOM is in domain DC=osteoboon,DC=lan
Checking for CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan in domain DC=osteoboon,DC=lan on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=asci
olla,DC=lan in domain CN=Configuration,DC=osteoboon,DC=lan on 1 servers
Object is up-to-date on all servers.
......................... WISDOM passed test ObjectsReplicated
Test omitted by user request: OutboundSecureChannels
Starting test: Replications
* Replications Check
* Replication Latency Check
......................... WISDOM passed test Replications
Starting test: RidManager
* Available RID Pool for the Domain is 1602 to 1073741823
* wisdom.osteoboon.lan is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 1102 to 1601
* rIDPreviousAllocationPool is 1102 to 1601
* rIDNextRID: 1116
......................... WISDOM passed test RidManager
Starting test: Services
* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: DFSR
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... WISDOM passed test Services
Starting test: SystemLog
* The System Event log test
An error event occurred. EventID: 0x00002720
Time Generated: 03/31/2018 20:21:10
Event String:
The application-specific permission settings do not grant Local Activation permission for the COM Server app
lication with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the applicati
on container Unavailable SID (Unavailable). This security permission can be modified using the Component Services admini
strative tool.
......................... WISDOM failed test SystemLog
Test omitted by user request: Topology
Test omitted by user request: VerifyEnterpriseReferences
Starting test: VerifyReferences
The system object reference (serverReference) CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan and backlink
on CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan are correct.
The system object reference (serverReferenceBL)
CN=WISDOM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=osteoboon,DC=lan and backlink
on
CN=NTDS Settings,CN=WISDOM,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=osteoboon,DC=lan
are correct.
The system object reference (msDFSR-ComputerReferenceBL)
CN=WISDOM,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=osteoboon,DC=lan and backlink
on CN=WISDOM,OU=Domain Controllers,DC=osteoboon,DC=lan are correct.
......................... WISDOM passed test VerifyReferences
Test omitted by user request: VerifyReplicas
Test omitted by user request: DNS
Test omitted by user request: DNS
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : osteoboon
Starting test: CheckSDRefDom
......................... osteoboon passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... osteoboon passed test CrossRefValidation
Running enterprise tests on : osteoboon.lan
Test omitted by user request: DNS
Test omitted by user request: DNS
Starting test: LocatorCheck
GC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
PDC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
Time Server Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
Preferred Time Server Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
KDC Name: \\wisdom.osteoboon.lan
Locator Flags: 0xe001f3fd
......................... osteoboon.lan passed test LocatorCheck
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope provided by the command line arguments
provided.
......................... osteoboon.lan passed test Intersite
PS C:\Users\Administrator>
So my question is, how do I fix this? I need to be able to join 10 or so workstations to this DC within the next 24 hours or else Monday will be a very bad day for a lot of people (and therefore, for me too).
Any thoughts?
Thank you!
Best,
Os