Dear All,
I currently have 2 windows 2003 dc (p1, p2) in 2 site (HV and ST). It has a network connection between two sites. I add 1 more windows server 2008 in HV site and promoted to domain controller today. However, after promoted it came out a few serious error and warning. Please find below dcdiag log. Please kindly help to give some ideas..it is really urgent.
Many Thanks
Best Regards,
Elroy
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = PDNDC1
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\PDNDC1
Starting test: Connectivity
......................... PDNDC1 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\PDNDC1
Starting test: Advertising
......................... PDNDC1 passed test Advertising
Starting test: FrsEvent
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
......................... PDNDC1 passed test FrsEvent
Starting test: DFSREvent
......................... PDNDC1 passed test DFSREvent
Starting test: SysVolCheck
......................... PDNDC1 passed test SysVolCheck
Starting test: KccEvent
......................... PDNDC1 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... PDNDC1 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... PDNDC1 passed test MachineAccount
Starting test: NCSecDesc
......................... PDNDC1 passed test NCSecDesc
Starting test: NetLogons
[PDNDC1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... PDNDC1 failed test NetLogons
Starting test: ObjectsReplicated
......................... PDNDC1 passed test ObjectsReplicated
Starting test: Replications
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source PDNDC02
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source PDNDC02
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source PDNDC02
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
REPLICATION LATENCY WARNING
ERROR: Expected notification link is missing.
Source PDNDC02
Replication of new changes along this path will be delayed.
This problem should self-correct on the next periodic sync.
[Replications Check,PDNDC1] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Replication access was denied."
......................... PDNDC1 failed test Replications
Starting test: RidManager
......................... PDNDC1 passed test RidManager
Starting test: Services
......................... PDNDC1 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record 'DomainDnsZones.pdn.ccms. 600 IN A 192.168.211.2' failed on the following DNS server:
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record '_ldap._tcp.DomainDnsZones.pdn.ccms. 600 IN SRV 0 100 389 PDNDC1.pdn.ccms.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.pdn.ccms. 600 IN SRV 0 100 389 PDNDC1.pdn.ccms.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record 'ForestDnsZones.pdn.ccms. 600 IN A 192.168.211.2' failed on the following DNS server:
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record '_ldap._tcp.ForestDnsZones.pdn.ccms. 600 IN SRV 0 100 389 PDNDC1.pdn.ccms.' failed on the following DNS server:
An error event occurred. EventID: 0x0000168F
Time Generated: 06/13/2013 17:08:14
Event String:
The dynamic deletion of the DNS record '_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.pdn.ccms. 600 IN SRV 0 100 389 PDNDC1.pdn.ccms.' failed on the following DNS server:
A warning event occurred. EventID: 0x000003F6
Time Generated: 06/13/2013 17:11:58
Event String:
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x8000001D
Time Generated: 06/13/2013 17:28:41
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x80001421
Time Generated: 06/13/2013 17:28:57
Event String:
The Windows Process Activation Service (WAS) encountered an error attempting to look up the built in IIS_IUSRS group. There may be problems in viewing and setting security permissions with the IIS_IUSRS group. This happens if the machine has been joined and promoted to be a Domain Controller in a legacy domain. Please see the online help for more information and solutions to this problem. The data field contains the error number.
A warning event occurred. EventID: 0x000003F6
Time Generated: 06/13/2013 17:29:35
Event String:
Name resolution for the name www.msftncsi.com timed out after none of the configured DNS servers responded.
A warning event occurred. EventID: 0x000727AA
Time Generated: 06/13/2013 17:31:19
Event String:
The WinRM service failed to create the following SPNs: WSMAN/PDNDC1.pdn.ccms; WSMAN/PDNDC1.
A warning event occurred. EventID: 0x00001695
Time Generated: 06/13/2013 17:43:48
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.pdn.ccms.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 06/13/2013 17:43:48
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'ForestDnsZones.pdn.ccms.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
A warning event occurred. EventID: 0x00001695
Time Generated: 06/13/2013 17:43:48
Event String:
Dynamic registration or deletion of one or more DNS records associated with DNS domain 'pdn.ccms.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).
......................... PDNDC1 failed test SystemLog
Starting test: VerifyReferences
......................... PDNDC1 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : pdn
Starting test: CheckSDRefDom
......................... pdn passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... pdn passed test CrossRefValidation
Running enterprise tests on : pdn.ccms
Starting test: LocatorCheck
......................... pdn.ccms passed test LocatorCheck
Starting test: Intersite
......................... pdn.ccms passed test Intersite