Hello there,
Am hoping someone can help...
On 1 of my 2008 R2 DCs (AV2) I'm seeing multiple errors for enterprise tests from DCDIAG (please see output below). The errors are mainly 1355 and they sound quite serious ("A Primary Domain Controller could not be located", "The server holding
the PDC role is down.").
In Event Viewer on my AV2 server I'm also seeing errors 1202 (Active Directory Web Services) and 8016 (related to my Sophos anti-virus management console).
These issues seemed to have cropped up after installing a bunch of Microsoft updates.
Thanks in advance for any feedback.
C:\Users\admin1.mydomain>netdom query fsmo
Schema master FS1.mydomain.com
Domain naming master FS1.mydomain.com
PDC FS1.mydomain.com
RID pool manager FS1.mydomain.com
Infrastructure master FS1.mydomain.com
The command completed successfully.
C:\Users\admin1.mydomain>
C:\Users\admin1.mydomain>
C:\Users\admin1.mydomain>dcdiag
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = AV2
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\AV2
Starting test: Connectivity
......................... AV2 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\AV2
Starting test: Advertising
Warning: AV2 is not advertising as a time server.
......................... AV2 failed test Advertising
Starting test: FrsEvent
......................... AV2 passed test FrsEvent
Starting test: DFSREvent
......................... AV2 passed test DFSREvent
Starting test: SysVolCheck
......................... AV2 passed test SysVolCheck
Starting test: KccEvent
......................... AV2 passed test KccEvent
Starting test: KnowsOfRoleHolders
......................... AV2 passed test KnowsOfRoleHolders
Starting test: MachineAccount
......................... AV2 passed test MachineAccount
Starting test: NCSecDesc
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=DomainDnsZones,DC=mydomain,DC=com
Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
Replicating Directory Changes In Filtered Set
access rights for the naming context:
DC=ForestDnsZones,DC=mydomain,DC=com
......................... AV2 failed test NCSecDesc
Starting test: NetLogons
......................... AV2 passed test NetLogons
Starting test: ObjectsReplicated
......................... AV2 passed test ObjectsReplicated
Starting test: Replications
......................... AV2 passed test Replications
Starting test: RidManager
......................... AV2 passed test RidManager
Starting test: Services
......................... AV2 passed test Services
Starting test: SystemLog
An error event occurred. EventID: 0xC0001B6F
Time Generated: 12/09/2013 16:54:59
Event String:
The Sophos Management Service service terminated with the following error:
An error event occurred. EventID: 0xC0001B6F
Time Generated: 12/09/2013 17:05:01
Event String:
The Sophos Management Service service terminated with the following error:
A warning event occurred. EventID: 0x0000000B
Time Generated: 12/09/2013 17:19:31
Event String:
Custom dynamic link libraries are being loaded for every application. The system adminis
trator should review the list of libraries to ensure they are related to trusted applications.
A warning event occurred. EventID: 0x8000001D
Time Generated: 12/09/2013 17:19:44
Event String:
The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart ca
rd logons, or the KDC certificate could not be verified. Smart card logon may not function correctly
if this problem is not resolved. To correct this problem, either verify the existing KDC certificat
e using certutil.exe or enroll for a new KDC certificate.
A warning event occurred. EventID: 0x00000C18
Time Generated: 12/09/2013 17:19:52
Event String: The primary Domain Controller for this domain could not be located.
A warning event occurred. EventID: 0x00002724
Time Generated: 12/09/2013 17:20:01
Event String:
This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 ser
ver operation, you should use only static IPv6 addresses.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 12/09/2013 17:20:07
Event String:
The Sophos Management Service service terminated with the following error:
A warning event occurred. EventID: 0x00000012
Time Generated: 12/09/2013 17:19:23
Event String:
The Remote Desktop license server "AV2" has not been activated and therefore will only i
ssue temporary licenses. To issue permanent licenses, the Remote Desktop license server must be acti
vated.
A warning event occurred. EventID: 0x00000081
Time Generated: 12/09/2013 17:19:40
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery e
rror. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The
error was: The entry is not found. (0x800706E1)
A warning event occurred. EventID: 0x00000081
Time Generated: 12/09/2013 17:19:57
Event String:
NtpClient was unable to set a domain peer to use as a time source because of discovery e
rror. NtpClient will try again in 3473457 minutes and double the reattempt interval thereafter. The
error was: The entry is not found. (0x800706E1)
A warning event occurred. EventID: 0x000727AA
Time Generated: 12/09/2013 17:21:25
Event String:
The WinRM service failed to create the following SPNs: WSMAN/AV2.mydomain.com; WSMAN/AV2.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 12/09/2013 17:29:06
Event String:
The Sophos Management Service service terminated with the following error:
An error event occurred. EventID: 0xC000271A
Time Generated: 12/09/2013 17:29:36
Event String:
The server {2C5339F1-B8D3-4D40-9245-E68E0F8C6380} did not register with DCOM within the
required timeout.
An error event occurred. EventID: 0xC0001B6F
Time Generated: 12/09/2013 17:29:57
Event String:
The Sophos Management Service service terminated with the following error:
......................... AV2 failed test SystemLog
Starting test: VerifyReferences
......................... AV2 passed test VerifyReferences
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : mydomain
Starting test: CheckSDRefDom
......................... mydomain passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... mydomain passed test CrossRefValidation
Running enterprise tests on : mydomain.com
Starting test: LocatorCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error 1355
A Good Time Server could not be located.
......................... mydomain.com failed test LocatorCheck
Starting test: Intersite
......................... mydomain.com passed test Intersite
C:\Users\admin1.mydomain>