Command Line: "dcdiag.exe /v /c /d /e /s:NEWDC2K16" Directory Server Diagnosis Performing initial setup: * Connecting to directory service on server NEWDC2K16. NEWDC2K16.currentTime = 20210629091201.0Z NEWDC2K16.highestCommittedUSN = 360382 NEWDC2K16.isSynchronized = 1 NEWDC2K16.isGlobalCatalogReady = 1 * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local objectGuid obtained InvocationID obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected NEWDC2K16.currentTime = 20210629091201.0Z NEWDC2K16.highestCommittedUSN = 360382 NEWDC2K16.isSynchronized = 1 NEWDC2K16.isGlobalCatalogReady = 1 * Identifying all NC cross-refs. SecondaryDC.currentTime = 20210629091201.0Z SecondaryDC.highestCommittedUSN = 18983041 SecondaryDC.isSynchronized = 1 SecondaryDC.isGlobalCatalogReady = 1 Ldap search capability attribute search failed on server OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb, return value = 81 Got error while checking if the DC is using FRS or DFSR. Error: Win32 Error 81The VerifyReferences, FrsEvent and DfsrEvent tests might fail because of this error. * Found 3 DC(s). Testing 3 of them. Done gathering initial info. ===============================================Printing out pDsInfo GLOBAL: ulNumServers=3 pszRootDomain=xxxxxxx.local pszNC= pszRootDomainFQDN=DC=xxxxxxx,DC=local pszConfigNc=CN=Configuration,DC=xxxxxxx,DC=local pszPartitionsDn=CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local fAdam=0 iSiteOptions=0 dwTombstoneLifeTimeDays=180 dwForestBehaviorVersion=4 HomeServer=2, NEWDC2K16 SERVER: pServer[0].pszName=SecondaryDC pServer[0].pszGuidDNSName (binding str)=7ceeb15c-95e9-465b-beff-881bd6878032._msdcs.xxxxxxx.local pServer[0].pszDNSName=SecondaryDC.xxxxxxx.local pServer[0].pszLdapPort=(null) pServer[0].pszSslPort=(null) pServer[0].pszDn=CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pServer[0].pszComputerAccountDn=CN=SecondaryDC,OU=Domain Controllers,DC=xxxxxxx,DC=local pServer[0].uuidObjectGuid=7ceeb15c-95e9-465b-beff-881bd6878032 pServer[0].uuidInvocationId=d4411fba-e4ef-430d-a4b3-83ef5f2ff056 pServer[0].iSite=1 (site2) pServer[0].iOptions=1 pServer[0].ftLocalAcquireTime=d265a480 01d76cc6 pServer[0].ftRemoteConnectTime=d1ce4680 01d76cc6 pServer[0].ppszMaster/FullReplicaNCs: ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[4]=DC=xxxxxxx,DC=local SERVER: pServer[1].pszName=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb pServer[1].pszGuidDNSName (binding str)=a1b27ad9-ce3c-4003-8170-eb36a3304277._msdcs.xxxxxxx.local pServer[1].pszDNSName=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb.@missing_dnsHostName@ pServer[1].pszLdapPort=(null) pServer[1].pszSslPort=(null) pServer[1].pszDn=CN=NTDS Settings,CN=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pServer[1].pszComputerAccountDn=(null) pServer[1].uuidObjectGuid=a1b27ad9-ce3c-4003-8170-eb36a3304277 pServer[1].uuidInvocationId=1c48442c-5b7f-4437-a847-28a652689a1a pServer[1].iSite=0 (site1) pServer[1].iOptions=1 pServer[1].ftLocalAcquireTime=00000000 00000000 pServer[1].ftRemoteConnectTime=00000000 00000000 pServer[1].ppszMaster/FullReplicaNCs: ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[4]=DC=xxxxxxx,DC=local SERVER: pServer[2].pszName=NEWDC2K16 pServer[2].pszGuidDNSName (binding str)=7956647d-926a-4173-8608-0eb956bb7dda._msdcs.xxxxxxx.local pServer[2].pszDNSName=NEWDC2K16.xxxxxxx.local pServer[2].pszLdapPort=(null) pServer[2].pszSslPort=(null) pServer[2].pszDn=CN=NTDS Settings,CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pServer[2].pszComputerAccountDn=CN=NEWDC2K16,OU=Domain Controllers,DC=xxxxxxx,DC=local pServer[2].uuidObjectGuid=7956647d-926a-4173-8608-0eb956bb7dda pServer[2].uuidInvocationId=fa0c6dce-0376-4c98-8224-1909159d272a pServer[2].iSite=0 (site1) pServer[2].iOptions=1 pServer[2].ftLocalAcquireTime=d2633380 01d76cc6 pServer[2].ftRemoteConnectTime=d1ce4680 01d76cc6 pServer[2].ppszMaster/FullReplicaNCs: ppszMaster/FullReplicaNCs[0]=DC=ForestDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[1]=DC=DomainDnsZones,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[2]=CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[3]=CN=Configuration,DC=xxxxxxx,DC=local ppszMaster/FullReplicaNCs[4]=DC=xxxxxxx,DC=local SITES: pSites[0].pszName=site1 pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pSites[0].pszISTG=CN=NTDS Settings,CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pSites[0].iSiteOption=0 pSites[0].cServers=2 SITES: pSites[1].pszName=site2 pSites[1].pszSiteSettings=CN=NTDS Site Settings,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pSites[1].pszISTG=CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local pSites[1].iSiteOption=0 pSites[1].cServers=1 NC: pNCs[0].pszName=ForestDnsZones pNCs[0].pszDn=DC=ForestDnsZones,DC=xxxxxxx,DC=local pNCs[0].aCrInfo[0].dwFlags=0x00000201 pNCs[0].aCrInfo[0].pszDn=CN=41078e29-d79d-4abe-872a-916a473839a4,CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.xxxxxxx.local pNCs[0].aCrInfo[0].iSourceServer=2 pNCs[0].aCrInfo[0].pszSourceServer=(null) pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005 pNCs[0].aCrInfo[0].bEnabled=TRUE pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[0].aCrInfo[0].pszNetBiosName=(null) pNCs[0].aCrInfo[0].cReplicas=-1 pNCs[0].aCrInfo[0].aszReplicas= NC: pNCs[1].pszName=DomainDnsZones pNCs[1].pszDn=DC=DomainDnsZones,DC=xxxxxxx,DC=local pNCs[1].aCrInfo[0].dwFlags=0x00000201 pNCs[1].aCrInfo[0].pszDn=CN=0f60af2c-9250-4a0e-bf4c-fe4b7dbf2462,CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.xxxxxxx.local pNCs[1].aCrInfo[0].iSourceServer=2 pNCs[1].aCrInfo[0].pszSourceServer=(null) pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005 pNCs[1].aCrInfo[0].bEnabled=TRUE pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[1].aCrInfo[0].pszNetBiosName=(null) pNCs[1].aCrInfo[0].cReplicas=-1 pNCs[1].aCrInfo[0].aszReplicas= NC: pNCs[2].pszName=Schema pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local pNCs[2].aCrInfo[0].dwFlags=0x00000201 pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local pNCs[2].aCrInfo[0].pszDnsRoot=xxxxxxx.local pNCs[2].aCrInfo[0].iSourceServer=2 pNCs[2].aCrInfo[0].pszSourceServer=(null) pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[2].aCrInfo[0].bEnabled=TRUE pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[2].aCrInfo[0].pszNetBiosName=(null) pNCs[2].aCrInfo[0].cReplicas=-1 pNCs[2].aCrInfo[0].aszReplicas= NC: pNCs[3].pszName=Configuration pNCs[3].pszDn=CN=Configuration,DC=xxxxxxx,DC=local pNCs[3].aCrInfo[0].dwFlags=0x00000201 pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local pNCs[3].aCrInfo[0].pszDnsRoot=xxxxxxx.local pNCs[3].aCrInfo[0].iSourceServer=2 pNCs[3].aCrInfo[0].pszSourceServer=(null) pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001 pNCs[3].aCrInfo[0].bEnabled=TRUE pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[3].aCrInfo[0].pszNetBiosName=(null) pNCs[3].aCrInfo[0].cReplicas=-1 pNCs[3].aCrInfo[0].aszReplicas= NC: pNCs[4].pszName=xxxxxxx pNCs[4].pszDn=DC=xxxxxxx,DC=local pNCs[4].aCrInfo[0].dwFlags=0x00000201 pNCs[4].aCrInfo[0].pszDn=CN=xxxxxxx,CN=Partitions,CN=Configuration,DC=xxxxxxx,DC=local pNCs[4].aCrInfo[0].pszDnsRoot=xxxxxxx.local pNCs[4].aCrInfo[0].iSourceServer=2 pNCs[4].aCrInfo[0].pszSourceServer=(null) pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003 pNCs[4].aCrInfo[0].bEnabled=TRUE pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null) pNCs[4].aCrInfo[0].pszNetBiosName=(null) pNCs[4].aCrInfo[0].cReplicas=-1 pNCs[4].aCrInfo[0].aszReplicas= 5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, xxxxxxx, 3 TARGETS: SecondaryDC, OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb, NEWDC2K16, =============================================Done Printing pDsInfo Doing initial required tests Testing server: site2\SecondaryDC Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Failure Analysis: SecondaryDC ... OK. * Active Directory RPC Services Check ......................... SecondaryDC passed test Connectivity Testing server: site1\OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb Starting test: Connectivity * Active Directory LDAP Services Check The host a1b27ad9-ce3c-4003-8170-eb36a3304277._msdcs.xxxxxxx.local could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Neither the the server name (OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb.@missing_dnsHostName@) nor the Guid DNS name (a1b27ad9-ce3c-4003-8170-eb36a3304277._msdcs.xxxxxxx.local) could be resolved by DNS. Check that the server is up and is registered correctly with the DNS server. Got error while checking LDAP and RPC connectivity. Please check your firewall settings. ......................... OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb failed test Connectivity Testing server: site1\NEWDC2K16 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity Failure Analysis: NEWDC2K16 ... OK. * Active Directory RPC Services Check ......................... NEWDC2K16 passed test Connectivity Doing primary tests Testing server: site2\SecondaryDC Starting test: Advertising The DC SecondaryDC is advertising itself as a DC and having a DS. The DC SecondaryDC is advertising as an LDAP server The DC SecondaryDC is advertising as having a writeable directory The DC SecondaryDC is advertising as a Key Distribution Center The DC SecondaryDC is advertising as a time server The DS SecondaryDC is advertising as a GC. ......................... SecondaryDC passed test Advertising Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC SecondaryDC for domain xxxxxxx.local in site site2 Checking machine account for DC SecondaryDC on DC SecondaryDC. * SPN found :LDAP/SecondaryDC.xxxxxxx.local/xxxxxxx.local * SPN found :LDAP/SecondaryDC.xxxxxxx.local * SPN found :LDAP/SecondaryDC * SPN found :LDAP/SecondaryDC.xxxxxxx.local/xxxxxxx * SPN found :LDAP/7ceeb15c-95e9-465b-beff-881bd6878032._msdcs.xxxxxxx.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ceeb15c-95e9-465b-beff-881bd6878032/xxxxxxx.local * SPN found :HOST/SecondaryDC.xxxxxxx.local/xxxxxxx.local * SPN found :HOST/SecondaryDC.xxxxxxx.local * SPN found :HOST/SecondaryDC * SPN found :HOST/SecondaryDC.xxxxxxx.local/xxxxxxx * SPN found :GC/SecondaryDC.xxxxxxx.local/xxxxxxx.local [SecondaryDC] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:. ......................... SecondaryDC passed test CheckSecurityError Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SecondaryDC passed test CutoffServers Starting test: FrsEvent * The File Replication Service Event log test Skip the test because the server is running DFSR. ......................... SecondaryDC passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. The event log DFS Replication on server SecondaryDC.xxxxxxx.local could not be queried, error 0x6ba "The RPC server is unavailable." ......................... SecondaryDC failed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... SecondaryDC passed test SysVolCheck Starting test: FrsSysVol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... SecondaryDC passed test FrsSysVol Starting test: KccEvent * The KCC Event log test The event log Directory Service on server SecondaryDC.xxxxxxx.local could not be queried, error 0x6ba "The RPC server is unavailable." ......................... SecondaryDC failed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Domain Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role PDC Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Rid Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local ......................... SecondaryDC passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC SecondaryDC on DC SecondaryDC. * SPN found :LDAP/SecondaryDC.xxxxxxx.local/xxxxxxx.local * SPN found :LDAP/SecondaryDC.xxxxxxx.local * SPN found :LDAP/SecondaryDC * SPN found :LDAP/SecondaryDC.xxxxxxx.local/xxxxxxx * SPN found :LDAP/7ceeb15c-95e9-465b-beff-881bd6878032._msdcs.xxxxxxx.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7ceeb15c-95e9-465b-beff-881bd6878032/xxxxxxx.local * SPN found :HOST/SecondaryDC.xxxxxxx.local/xxxxxxx.local * SPN found :HOST/SecondaryDC.xxxxxxx.local * SPN found :HOST/SecondaryDC * SPN found :HOST/SecondaryDC.xxxxxxx.local/xxxxxxx * SPN found :GC/SecondaryDC.xxxxxxx.local/xxxxxxx.local ......................... SecondaryDC passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC SecondaryDC. * Security Permissions Check for DC=ForestDnsZones,DC=xxxxxxx,DC=local (NDNC,Version 3) * Security Permissions Check for DC=DomainDnsZones,DC=xxxxxxx,DC=local (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=xxxxxxx,DC=local (Configuration,Version 3) * Security Permissions Check for DC=xxxxxxx,DC=local (Domain,Version 3) ......................... SecondaryDC passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\SecondaryDC\netlogon Verified share \\SecondaryDC\sysvol ......................... SecondaryDC passed test NetLogons Starting test: ObjectsReplicated SecondaryDC is in domain DC=xxxxxxx,DC=local Checking for CN=SecondaryDC,OU=Domain Controllers,DC=xxxxxxx,DC=local in domain DC=xxxxxxx,DC=local on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local in domain CN=Configuration,DC=xxxxxxx,DC=local on 2 servers Object is up-to-date on all servers. ......................... SecondaryDC passed test ObjectsReplicated Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... SecondaryDC passed test OutboundSecureChannels Starting test: Replications * Replications Check DC=ForestDnsZones,DC=xxxxxxx,DC=local has 4 cursors. DC=DomainDnsZones,DC=xxxxxxx,DC=local has 4 cursors. CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local has 4 cursors. CN=Configuration,DC=xxxxxxx,DC=local has 4 cursors. DC=xxxxxxx,DC=local has 4 cursors. * Replication Latency Check REPLICATION-RECEIVED LATENCY WARNING SecondaryDC: Current time is 2021-06-29 11:12:01. DC=ForestDnsZones,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:16:05 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:16:08 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 19:59:05 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:30:12 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:32:33 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... SecondaryDC passed test Replications Starting test: RidManager ridManagerReference = CN=RID Manager$,CN=System,DC=xxxxxxx,DC=local * Available RID Pool for the Domain is 3600 to 1073741823 fSMORoleOwner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local * SecondaryDC.xxxxxxx.local is the RID Master * DsBind with RID Master was successful rIDSetReferences = CN=RID Set,CN=SecondaryDC,OU=Domain Controllers,DC=xxxxxxx,DC=local * rIDAllocationPool is 2600 to 3099 * rIDPreviousAllocationPool is 1600 to 2099 * rIDNextRID: 1951 ......................... SecondaryDC passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... SecondaryDC passed test Services Starting test: SystemLog * The System Event log test The event log System on server SecondaryDC.xxxxxxx.local could not be queried, error 0x6ba "The RPC server is unavailable." ......................... SecondaryDC failed test SystemLog Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for DC=ForestDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... SecondaryDC passed test Topology Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Base Object Description: "Server Object" Value Object Attribute: serverReference Value Object Description: "DC Account Object" Recommended Action: This could hamper authentication (and thus replication, etc). Check if this server is deleted, and if so clean up this DCs Account Object. If the problem persists and this is not a deleted DC, authoratively restore the DSA object from a good copy, for example the DSA on the DSA's home server. ......................... SecondaryDC failed test VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=SecondaryDC,OU=Domain Controllers,DC=xxxxxxx,DC=local and backlink on CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local are correct. The system object reference (serverReferenceBL) CN=SecondaryDC,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=xxxxxxx,DC=local and backlink on CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local are correct. The system object reference (msDFSR-ComputerReferenceBL) CN=SecondaryDC,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=xxxxxxx,DC=local and backlink on CN=SecondaryDC,OU=Domain Controllers,DC=xxxxxxx,DC=local are correct. ......................... SecondaryDC passed test VerifyReferences Starting test: VerifyReplicas ......................... SecondaryDC passed test VerifyReplicas Testing server: site1\OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb Skipping all tests, because server OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb is not responding to directory service requests. Test omitted by user request: Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Test omitted by user request: FrsEvent Test omitted by user request: DFSREvent Test omitted by user request: SysVolCheck Test omitted by user request: KccEvent Test omitted by user request: KnowsOfRoleHolders Test omitted by user request: MachineAccount Test omitted by user request: NCSecDesc Test omitted by user request: NetLogons Test omitted by user request: ObjectsReplicated Test omitted by user request: OutboundSecureChannels Test omitted by user request: Replications Test omitted by user request: RidManager Test omitted by user request: Services Test omitted by user request: SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Test omitted by user request: VerifyReferences Test omitted by user request: VerifyReplicas Testing server: site1\NEWDC2K16 Starting test: Advertising The DC NEWDC2K16 is advertising itself as a DC and having a DS. The DC NEWDC2K16 is advertising as an LDAP server The DC NEWDC2K16 is advertising as having a writeable directory The DC NEWDC2K16 is advertising as a Key Distribution Center The DC NEWDC2K16 is advertising as a time server The DS NEWDC2K16 is advertising as a GC. ......................... NEWDC2K16 passed test Advertising Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC NEWDC2K16 for domain xxxxxxx.local in site site1 Checking machine account for DC NEWDC2K16 on DC NEWDC2K16. * SPN found :LDAP/NEWDC2K16.xxxxxxx.local/xxxxxxx.local * SPN found :LDAP/NEWDC2K16.xxxxxxx.local * SPN found :LDAP/NEWDC2K16 * SPN found :LDAP/NEWDC2K16.xxxxxxx.local/xxxxxxx * SPN found :LDAP/7956647d-926a-4173-8608-0eb956bb7dda._msdcs.xxxxxxx.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7956647d-926a-4173-8608-0eb956bb7dda/xxxxxxx.local * SPN found :HOST/NEWDC2K16.xxxxxxx.local/xxxxxxx.local * SPN found :HOST/NEWDC2K16.xxxxxxx.local * SPN found :HOST/NEWDC2K16 * SPN found :HOST/NEWDC2K16.xxxxxxx.local/xxxxxxx * SPN found :GC/NEWDC2K16.xxxxxxx.local/xxxxxxx.local [NEWDC2K16] No security related replication errors were found on this DC! To target the connection to a specific source DC use /ReplSource:. ......................... NEWDC2K16 passed test CheckSecurityError Starting test: CutoffServers * Configuration Topology Aliveness Check * Analyzing the alive system replication topology for DC=ForestDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=DomainDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the alive system replication topology for DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... NEWDC2K16 passed test CutoffServers Starting test: FrsEvent * The File Replication Service Event log test Skip the test because the server is running DFSR. ......................... NEWDC2K16 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. ......................... NEWDC2K16 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... NEWDC2K16 passed test SysVolCheck Starting test: FrsSysVol * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... NEWDC2K16 passed test FrsSysVol Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... NEWDC2K16 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Domain Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role PDC Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Rid Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Role Infrastructure Update Owner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local ......................... NEWDC2K16 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC NEWDC2K16 on DC NEWDC2K16. * SPN found :LDAP/NEWDC2K16.xxxxxxx.local/xxxxxxx.local * SPN found :LDAP/NEWDC2K16.xxxxxxx.local * SPN found :LDAP/NEWDC2K16 * SPN found :LDAP/NEWDC2K16.xxxxxxx.local/xxxxxxx * SPN found :LDAP/7956647d-926a-4173-8608-0eb956bb7dda._msdcs.xxxxxxx.local * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/7956647d-926a-4173-8608-0eb956bb7dda/xxxxxxx.local * SPN found :HOST/NEWDC2K16.xxxxxxx.local/xxxxxxx.local * SPN found :HOST/NEWDC2K16.xxxxxxx.local * SPN found :HOST/NEWDC2K16 * SPN found :HOST/NEWDC2K16.xxxxxxx.local/xxxxxxx * SPN found :GC/NEWDC2K16.xxxxxxx.local/xxxxxxx.local ......................... NEWDC2K16 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC NEWDC2K16. * Security Permissions Check for DC=ForestDnsZones,DC=xxxxxxx,DC=local (NDNC,Version 3) * Security Permissions Check for DC=DomainDnsZones,DC=xxxxxxx,DC=local (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=xxxxxxx,DC=local (Configuration,Version 3) * Security Permissions Check for DC=xxxxxxx,DC=local (Domain,Version 3) ......................... NEWDC2K16 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\NEWDC2K16\netlogon Verified share \\NEWDC2K16\sysvol ......................... NEWDC2K16 passed test NetLogons Starting test: ObjectsReplicated NEWDC2K16 is in domain DC=xxxxxxx,DC=local Checking for CN=NEWDC2K16,OU=Domain Controllers,DC=xxxxxxx,DC=local in domain DC=xxxxxxx,DC=local on 2 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local in domain CN=Configuration,DC=xxxxxxx,DC=local on 2 servers Object is up-to-date on all servers. ......................... NEWDC2K16 passed test ObjectsReplicated Starting test: OutboundSecureChannels * The Outbound Secure Channels test ** Did not run Outbound Secure Channels test because /testdomain: was not entered ......................... NEWDC2K16 passed test OutboundSecureChannels Starting test: Replications * Replications Check DC=ForestDnsZones,DC=xxxxxxx,DC=local has 4 cursors. DC=DomainDnsZones,DC=xxxxxxx,DC=local has 4 cursors. CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local has 4 cursors. CN=Configuration,DC=xxxxxxx,DC=local has 4 cursors. DC=xxxxxxx,DC=local has 4 cursors. * Replication Latency Check REPLICATION-RECEIVED LATENCY WARNING NEWDC2K16: Current time is 2021-06-29 11:12:01. DC=ForestDnsZones,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:16:05 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:16:08 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 19:59:05 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:30:12 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=xxxxxxx,DC=local Last replication received from OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb at 2021-06-22 20:32:33 Latency information for 1 entries in the vector were ignored. 1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... NEWDC2K16 passed test Replications Starting test: RidManager ridManagerReference = CN=RID Manager$,CN=System,DC=xxxxxxx,DC=local * Available RID Pool for the Domain is 3600 to 1073741823 fSMORoleOwner = CN=NTDS Settings,CN=SecondaryDC,CN=Servers,CN=site2,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local * SecondaryDC.xxxxxxx.local is the RID Master * DsBind with RID Master was successful rIDSetReferences = CN=RID Set,CN=NEWDC2K16,OU=Domain Controllers,DC=xxxxxxx,DC=local * rIDAllocationPool is 3100 to 3599 * rIDPreviousAllocationPool is 3100 to 3599 * rIDNextRID: 3104 ......................... NEWDC2K16 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... NEWDC2K16 passed test Services Starting test: SystemLog * The System Event log test An error event occurred. EventID: 0x00002720 Time Generated: 06/29/2021 11:10:50 Event String: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {3185A766-B338-11E4-A71E-12E3F512A338} and APPID {7006698D-2974-4091-A424-85DD0B909E23} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ......................... NEWDC2K16 failed test SystemLog Starting test: Topology * Configuration Topology Integrity Check * Analyzing the connection topology for DC=ForestDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=DomainDnsZones,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Schema,CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for CN=Configuration,DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. * Analyzing the connection topology for DC=xxxxxxx,DC=local. * Performing upstream (of target) analysis. * Performing downstream (of target) analysis. ......................... NEWDC2K16 passed test Topology Starting test: VerifyEnterpriseReferences The following problems were found while verifying various important DN references. Note, that these problems can be reported because of latency in replication. So follow up to resolve the following problems, only if the same problem is reported on all DCs for a given domain or if the problem persists after replication has had reasonable time to replicate changes. [1] Problem: Missing Expected Value Base Object: CN=OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local Base Object Description: "Server Object" Value Object Attribute: serverReference Value Object Description: "DC Account Object" Recommended Action: This could hamper authentication (and thus replication, etc). Check if this server is deleted, and if so clean up this DCs Account Object. If the problem persists and this is not a deleted DC, authoratively restore the DSA object from a good copy, for example the DSA on the DSA's home server. ......................... NEWDC2K16 failed test VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=NEWDC2K16,OU=Domain Controllers,DC=xxxxxxx,DC=local and backlink on CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local are correct. The system object reference (serverReferenceBL) CN=NEWDC2K16,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=xxxxxxx,DC=local and backlink on CN=NTDS Settings,CN=NEWDC2K16,CN=Servers,CN=site1,CN=Sites,CN=Configuration,DC=xxxxxxx,DC=local are correct. The system object reference (msDFSR-ComputerReferenceBL) CN=NEWDC2K16,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=xxxxxxx,DC=local and backlink on CN=NEWDC2K16,OU=Domain Controllers,DC=xxxxxxx,DC=local are correct. ......................... NEWDC2K16 passed test VerifyReferences Starting test: VerifyReplicas ......................... NEWDC2K16 passed test VerifyReplicas Starting test: DNS Starting test: DNS DNS Tests are running and not hung. Please wait a few minutes... Starting test: DNS See DNS test in enterprise tests section for results ......................... OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb failed test DNS See DNS test in enterprise tests section for results ......................... NEWDC2K16 passed test DNS See DNS test in enterprise tests section for results ......................... SecondaryDC passed test DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : xxxxxxx Starting test: CheckSDRefDom ......................... xxxxxxx passed test CheckSDRefDom Starting test: CrossRefValidation ......................... xxxxxxx passed test CrossRefValidation Running enterprise tests on : xxxxxxx.local Starting test: DNS Test results for domain controllers: DC: NEWDC2K16.xxxxxxx.local Domain: xxxxxxx.local TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000001] Intel(R) 82574L Gigabit Network Connection: MAC address is 00:50:56:9B:0E:23 IP Address is static IP address: 192.168.0.3, fe80::b432:72c1:7588:2988 DNS servers: 192.168.0.3 (NEWDC2K16) [Valid] 192.168.1.12 (SecondaryDC) [Valid] The A host record(s) for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found primary Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 8.8.4.4 () [Valid] 8.8.8.8 () [Valid] TEST: Delegations (Del) Delegation information for the zone: xxxxxxx.local. Delegated domain name: _msdcs.xxxxxxx.local. Error: DNS server: OLDDC2008.xxxxxxx.local. IP: [Missing glue A record] [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)] TEST: Dynamic update (Dyn) Test record dcdiag-test-record added successfully in zone xxxxxxx.local Warning: Failed to delete the test record dcdiag-test-record in zone xxxxxxx.local [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)] TEST: Records registration (RReg) Network Adapter [00000001] Intel(R) 82574L Gigabit Network Connection: Matching CNAME record found at DNS server 192.168.0.3: 7956647d-926a-4173-8608-0eb956bb7dda._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.0.3: NEWDC2K16.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.28ab724b-4126-47ca-8af0-2fcf6ab14c2d.domains._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._udp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kpasswd._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.site1._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site1._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.gc._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.0.3: gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _gc._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site1._sites.gc._msdcs.xxxxxxx.local Matching CNAME record found at DNS server 192.168.1.12: 7956647d-926a-4173-8608-0eb956bb7dda._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.1.12: NEWDC2K16.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.28ab724b-4126-47ca-8af0-2fcf6ab14c2d.domains._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._udp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kpasswd._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.site1._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site1._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.gc._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.1.12: gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _gc._tcp.site1._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site1._sites.gc._msdcs.xxxxxxx.local Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec. Total WMI connection time:0 min. 21 sec. Total Netuse connection time:0 min. 0 sec. DC: OLDDC2008\0ADEL:0e05099f-74a4-45d5-87ef-fcb3f62741fb.@missing_dnsHostName@ Domain: xxxxxxx.local TEST: Basic (Basc) Error: No LDAP connectivity Error: No WMI connectivity [Error details: 0x800706ba (Type: HRESULT - Facility: Win32, Description: The RPC server is unavailable.) - Connection to WMI server failed] No host records (A or AAAA) were found for this DC Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec. Total WMI connection time:0 min. 4 sec. Total Netuse connection time:0 min. 0 sec. DC: SecondaryDC.xxxxxxx.local Domain: xxxxxxx.local TEST: Authentication (Auth) Authentication test: Successfully completed TEST: Basic (Basc) The OS Microsoft Windows Server 2016 Standard (Service Pack level: 0.0) is supported. NETLOGON service is running kdc service is running DNSCACHE service is running DNS service is running DC is a DNS server Network adapters information: Adapter [00000004] Intel(R) 82574L Gigabit Network Connection: MAC address is 00:50:56:B2:6C:25 IP Address is static IP address: 192.168.1.12, fe80::3546:2370:caf0:ca44 DNS servers: 127.0.0.1 (SecondaryDC) [Valid] 192.168.0.3 (NEWDC2K16) [Valid] The A host record(s) for this DC was found The SOA record for the Active Directory zone was found The Active Directory zone on this DC/DNS server was found primary Root zone on this DC/DNS server was not found TEST: Forwarders/Root hints (Forw) Recursion is enabled Forwarders Information: 8.8.4.4 () [Valid] 8.8.8.8 () [Valid] TEST: Delegations (Del) Delegation information for the zone: xxxxxxx.local. Delegated domain name: _msdcs.xxxxxxx.local. Error: DNS server: OLDDC2008.xxxxxxx.local. IP: [Missing glue A record] [Error details: 9714 (Type: Win32 - Description: DNS name does not exist.)] TEST: Dynamic update (Dyn) Test record dcdiag-test-record added successfully in zone xxxxxxx.local Warning: Failed to delete the test record dcdiag-test-record in zone xxxxxxx.local [Error details: 9505 (Type: Win32 - Description: Unsecured DNS packet.)] TEST: Records registration (RReg) Network Adapter [00000004] Intel(R) 82574L Gigabit Network Connection: Matching CNAME record found at DNS server 192.168.1.12: 7ceeb15c-95e9-465b-beff-881bd6878032._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.1.12: SecondaryDC.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.28ab724b-4126-47ca-8af0-2fcf6ab14c2d.domains._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._udp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kpasswd._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.site2._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site2._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _kerberos._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.gc._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.1.12: gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _gc._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.site2._sites.gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.1.12: _ldap._tcp.pdc._msdcs.xxxxxxx.local Matching CNAME record found at DNS server 192.168.0.3: 7ceeb15c-95e9-465b-beff-881bd6878032._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.0.3: SecondaryDC.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.28ab724b-4126-47ca-8af0-2fcf6ab14c2d.domains._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._udp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kpasswd._tcp.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.site2._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site2._sites.dc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _kerberos._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.gc._msdcs.xxxxxxx.local Matching A record found at DNS server 192.168.0.3: gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _gc._tcp.site2._sites.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.site2._sites.gc._msdcs.xxxxxxx.local Matching SRV record found at DNS server 192.168.0.3: _ldap._tcp.pdc._msdcs.xxxxxxx.local Total query time:0 min. 0 sec.. Total RPC connection time:0 min. 0 sec. Total WMI connection time:0 min. 21 sec. Total Netuse connection time:0 min. 0 sec. Summary of test results for DNS servers used by the above domain controllers: DNS server: 192.168.0.3 (NEWDC2K16) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 192.168.1.12 (SecondaryDC) All tests passed on this DNS server Name resolution is functional._ldap._tcp SRV record for the forest root domain is registered Total query time:0 min. 0 sec., Total WMI connection time:0 min. 0 sec. DNS server: 8.8.4.4 () All tests passed on this DNS server Total query time:0 min. 0 sec., Total WMI connection time:0 min. 21 sec. DNS server: 8.8.8.8 () All tests passed on this DNS server Total query time:0 min. 0 sec., Total WMI connection time:0 min. 21 sec. Summary of DNS test results: Auth Basc Forw Del Dyn RReg Ext _________________________________________________________________ Domain: xxxxxxx.local NEWDC2K16 PASS PASS PASS FAIL WARN PASS n/a OLDDC2008\0ADEL:0e050741fbFAIL FAIL n/a n/a n/a n/a n/a SecondaryDC PASS PASS PASS FAIL WARN PASS n/a Total Time taken to test all the DCs:0 min. 47 sec. ......................... xxxxxxx.local failed test DNS Starting test: LocatorCheck GC Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc PDC Name: \\SecondaryDC.xxxxxxx.local Locator Flags: 0xe003f17d Time Server Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc Preferred Time Server Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc KDC Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc ......................... xxxxxxx.local passed test LocatorCheck Starting test: FsmoCheck GC Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc PDC Name: \\SecondaryDC.xxxxxxx.local Locator Flags: 0xe003f17d Time Server Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc Preferred Time Server Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc KDC Name: \\NEWDC2K16.xxxxxxx.local Locator Flags: 0xe001f1fc ......................... xxxxxxx.local passed test FsmoCheck Starting test: Intersite Doing intersite inbound replication test on site site1: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site site1 is: NEWDC2K16. ISTG (NEWDC2K16) Failure Parameters: Failover Tries: 1 Failover Time: 120 Checking for down bridgeheads ... Bridghead site2\SecondaryDC is up and replicating fine. Bridghead site1\NEWDC2K16 is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site site1. Doing intersite inbound replication test on site site2: Locating & Contacting Intersite Topology Generator (ISTG) ... The ISTG for site site2 is: SecondaryDC. ISTG (SecondaryDC) Failure Parameters: Failover Tries: 1 Failover Time: 120 Checking for down bridgeheads ... Bridghead site1\NEWDC2K16 is up and replicating fine. Bridghead site2\SecondaryDC is up and replicating fine. Doing in depth site analysis ... All expected sites and bridgeheads are replicating into site site2. ......................... xxxxxxx.local passed test Intersite