Server 2012 R2 Prerequisite Check for Domain Controller Promotion Failing (Network Steve Forum)

Server 2012 R2 Prerequisite Check for Domain Controller Promotion Failing

Hi all,

We are in the process of upgrading our domain controllers from Server 2003 SP2 to Server 2012 R2. We have a test environment that has our two 2003 DC's (created using recent system state backups), two 2012 R2 servers, and multiple workstations. Active Directory, DNS, and DHCP all appear to be functioning correctly. We were able to run adprep from the 2012 CD successfully with no errors; however, when we try to promote our 2012 server we can't get past the "Prerequisites Check" step. On screen, we getting the following errors:

- One or more prerequisites failed. Please fix these issues and click "Rerun prerequisites check".

- Verification of prerequisites for Domain Controller promotion failed. The operation did not complete successfully.

The following is what is showing in the adprep log:

[2015/08/20:14:15:58.749]
Adprep created the log file 'C:\Windows\debug\adprep\logs\20150820141558-test\ADPrep.log'
[2015/08/20:14:15:58.749]
Adprep successfully initialized global variables.
[Status/Consequence]
Adprep is continuing.
[2015/08/20:14:15:58.755]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.756]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.756]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=2003DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.757]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.757]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.758]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.759]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Infrastructure,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.760]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.760]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=2003DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.761]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.777]
Adprep discovered the Infrastructure FSMO: 2003DC1.corp.mydomain.com.
[2015/08/20:14:15:58.780]
Adprep connected to the Infrastructure FSMO: 2003DC1.corp.mydomain.com.
[2015/08/20:14:15:58.781]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/08/20:14:15:58.781]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.781]
Adprep successfully retrieved information from the Active Directory Domain Services.
[2015/08/20:14:15:58.781]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.782]
LDAP API ldap_search_s finished, return code is 0x0
[2015/08/20:14:15:58.782]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/08/20:14:15:58.782]
LDAP API ldap_search_ext_s finished, return code is 0x0
[2015/08/20:14:15:58.782]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/08/20:14:15:58.784]
LDAP API ldap_search_s finished, return code is 0x0
[2015/08/20:14:15:58.784]
Adprep does not find the tokenGroups attribute on the RootDSE object of the Active Directory Domain Controller. This attribute is not avaliable on Windows Server 2003 or lower version of Windows. Adprep will try to obtain token groups from the User object.
[2015/08/20:14:15:58.784]
The parameters /userdomain and /user are not specified. Using current logon user's domain ...
[2015/08/20:14:15:58.784]
The current logon user's domain is CORP.MYDOMAIN.COM.
[2015/08/20:14:15:58.785]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is (null).
[2015/08/20:14:15:58.785]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.785]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.786]
LDAP API ldap_search_s() finished, return code is 0x0
[2015/08/20:14:15:58.786]
Adprep was about to call the following LDAP API. ldap_search_s(). The base entry to start the search is CN=Admin Account,OU=IT Users,DC=corp,DC=mydomain,DC=com.
[2015/08/20:14:15:58.789]
LDAP API ldap_search_s finished, return code is 0x0

As far as we can tell, there are no errors in the log above.

Does anyone have any idea where we might be going wrong? Any help will be greatly appreciated!

August 20th, 2015 3:35pm

1. It is not clear what you did. Some more info would help. Have you replicated both source DCs? Are the two original DCs healthy (dcdiag is your friend).

2. There are migration guides in Technet

Also read some step by step procedures and compare with yours. Like this one

http://blogs.technet.com/b/canitpro/archive/2014/04/02/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012.aspx

https://windorks.wordpress.com/2014/01/25/upgrading-a-windows-2003-domain-to-windows-2012r2/

3. Check prerequisites and make sure that you are meeting them all.

Regards

Milos

Free Windows Admin Tool Kit Click here and download it now

August 20th, 2015 4:18pm

Hi,

Please follow the below link and check the Prerequisite test

https://technet.microsoft.com/en-us/library/jj574178.aspx

August 21st, 2015 12:30am

- One or more prerequisites failed. Please fix these issues and click "Rerun prerequisites check".

- Verification of prerequisites for Domain Controller promotion failed. The operation did not complete successfully

Is this the complete error message that you got? Looks like a partial error. Could you please double check and share the complete error message if any?

We are unable to give you an exact solution based on your current description. I would suggest you check the dcpromo log first under %systemroot%\debug\dcpromo.log and see if anything useful has been recorded there.

Also, as per my experience, most of the domain controller promotion issues occur due to DNS issues. So, please have a check and see if you have configured it correctly on your server.

Regards,

Eth

Free Windows Admin Tool Kit Click here and download it now

August 21st, 2015 4:56am

Thank you all for the quick replies. Because we have tried so many troubleshooting steps, we decided to start over in our test environment. Here is the current configuration:

DC1 - primary controller (Server 2003 SP2)
DC2 - secondary controller (Server 2003 SP2)
SBDC1 - new primary controller (Server 2012 R2). Has AD roles and features installed, but has not been promoted to domain controller yet.
SBDC2 - new secondary controller (Server 2012 R2). Has AD roles and features installed, but has not been promoted to domain controller yet.

Active Directory, DNS, and DHCP are all functioning correctly. AD is also replicating correctly.

We ran the dcdiag and frsdiag utilities and get multiple error messages related to DNS and FRS failures; however, the recommendations listed don't seem to help. I will post the dcdiag and frsdiag logs momentarily.

Edited by jtimm115 10 hours 28 minutes ago

August 21st, 2015 4:11pm

Here is the dcdiag log:

Command Line: "dcdiag.exe /v /c /d /e /s:dc1"

Domain Controller Diagnosis

Performing initial setup:
* Connecting to directory service on server dc1.
dc1.currentTime = 20150821190923.0Z
dc1.highestCommittedUSN = 22914093
dc1.isSynchronized = 1
dc1.isGlobalCatalogReady = 1
* Collecting site info.
* Identifying all servers.
DC1.currentTime = 20150821190923.0Z
DC1.highestCommittedUSN = 22914093
DC1.isSynchronized = 1
DC1.isGlobalCatalogReady = 1
* Identifying all NC cross-refs.
* Found 2 DC(s). Testing 2 of them.
Done gathering initial info.

===============================================Printing out pDsInfo

GLOBAL:
ulNumServers=2
pszRootDomain=corp.mydomain.com
pszNC=
pszRootDomainFQDN=DC=corp,DC=mydomain,DC=com
pszConfigNc=CN=Configuration,DC=corp,DC=mydomain,DC=com
pszPartitionsDn=CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
iSiteOptions=0
dwTombstoneLifeTimeDays=180

dwForestBehaviorVersion=2

HomeServer=0, DC1

SERVER: pServer[0].pszName=DC1
pServer[0].pszGuidDNSName=6d452aba-3a2b-4ba0-bb53-dd5c0d4d3513._msdcs.corp.mydomain.com
pServer[0].pszDNSName=dc1.corp.mydomain.com
pServer[0].pszDn=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
pServer[0].pszComputerAccountDn=CN=DC1,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com
pServer[0].uuidObjectGuid=6d452aba-3a2b-4ba0-bb53-dd5c0d4d3513
pServer[0].uuidInvocationId=f87d1090-e0c9-4cde-a8e0-eb4d3b7caedc
pServer[0].iSite=0 (Default-First-Site-Name)
pServer[0].iOptions=1
pServer[0].ftLocalAcquireTime=e40983a0 01d0dc44

pServer[0].ftRemoteConnectTime=e3b63380 01d0dc44

pServer[0].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[1]=DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[3]=CN=Configuration,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[4]=DC=corp,DC=mydomain,DC=com

SERVER: pServer[1].pszName=DC2
pServer[1].pszGuidDNSName=1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com
pServer[1].pszDNSName=dc2.corp.mydomain.com
pServer[1].pszDn=CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
pServer[1].pszComputerAccountDn=CN=DC2,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com
pServer[1].uuidObjectGuid=1854b5ee-430a-4176-b18a-aaf114663fb1
pServer[1].uuidInvocationId=120d219e-8603-4242-b142-344757a34d8d
pServer[1].iSite=0 (Default-First-Site-Name)
pServer[1].iOptions=1
pServer[1].ftLocalAcquireTime=00000000 00000000

pServer[1].ftRemoteConnectTime=00000000 00000000

pServer[1].ppszMasterNCs:
ppszMasterNCs[0]=DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[1]=DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[2]=CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[3]=CN=Configuration,DC=corp,DC=mydomain,DC=com
ppszMasterNCs[4]=DC=corp,DC=mydomain,DC=com

SITES: pSites[0].pszName=Default-First-Site-Name
pSites[0].pszSiteSettings=CN=NTDS Site Settings,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
pSites[0].pszISTG=CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
pSites[0].iSiteOption=0

pSites[0].cServers=2

NC: pNCs[0].pszName=ForestDnsZones
pNCs[0].pszDn=DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com

pNCs[0].aCrInfo[0].dwFlags=0x00000201
pNCs[0].aCrInfo[0].pszDn=CN=e4678419-5061-4c34-b7d8-45ebcb7253a4,CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
pNCs[0].aCrInfo[0].pszDnsRoot=ForestDnsZones.corp.mydomain.com
pNCs[0].aCrInfo[0].iSourceServer=0
pNCs[0].aCrInfo[0].pszSourceServer=(null)
pNCs[0].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[0].aCrInfo[0].bEnabled=TRUE
pNCs[0].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[0].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[0].aCrInfo[0].pszNetBiosName=(null)
pNCs[0].aCrInfo[0].aszReplicas=

NC: pNCs[1].pszName=DomainDnsZones
pNCs[1].pszDn=DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com

pNCs[1].aCrInfo[0].dwFlags=0x00000201
pNCs[1].aCrInfo[0].pszDn=CN=0a70f765-7a8b-4413-a600-f97ccf16085a,CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
pNCs[1].aCrInfo[0].pszDnsRoot=DomainDnsZones.corp.mydomain.com
pNCs[1].aCrInfo[0].iSourceServer=0
pNCs[1].aCrInfo[0].pszSourceServer=(null)
pNCs[1].aCrInfo[0].ulSystemFlags=0x00000005
pNCs[1].aCrInfo[0].bEnabled=TRUE
pNCs[1].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[1].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[1].aCrInfo[0].pszNetBiosName=(null)
pNCs[1].aCrInfo[0].aszReplicas=

NC: pNCs[2].pszName=Schema
pNCs[2].pszDn=CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com

pNCs[2].aCrInfo[0].dwFlags=0x00000201
pNCs[2].aCrInfo[0].pszDn=CN=Enterprise Schema,CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
pNCs[2].aCrInfo[0].pszDnsRoot=corp.mydomain.com
pNCs[2].aCrInfo[0].iSourceServer=0
pNCs[2].aCrInfo[0].pszSourceServer=(null)
pNCs[2].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[2].aCrInfo[0].bEnabled=TRUE
pNCs[2].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[2].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[2].aCrInfo[0].pszNetBiosName=(null)
pNCs[2].aCrInfo[0].aszReplicas=

NC: pNCs[3].pszName=Configuration
pNCs[3].pszDn=CN=Configuration,DC=corp,DC=mydomain,DC=com

pNCs[3].aCrInfo[0].dwFlags=0x00000201
pNCs[3].aCrInfo[0].pszDn=CN=Enterprise Configuration,CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
pNCs[3].aCrInfo[0].pszDnsRoot=corp.mydomain.com
pNCs[3].aCrInfo[0].iSourceServer=0
pNCs[3].aCrInfo[0].pszSourceServer=(null)
pNCs[3].aCrInfo[0].ulSystemFlags=0x00000001
pNCs[3].aCrInfo[0].bEnabled=TRUE
pNCs[3].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[3].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[3].aCrInfo[0].pszNetBiosName=(null)
pNCs[3].aCrInfo[0].aszReplicas=

NC: pNCs[4].pszName=corp
pNCs[4].pszDn=DC=corp,DC=mydomain,DC=com

pNCs[4].aCrInfo[0].dwFlags=0x00000201
pNCs[4].aCrInfo[0].pszDn=CN=MYDOMAIN,CN=Partitions,CN=Configuration,DC=corp,DC=mydomain,DC=com
pNCs[4].aCrInfo[0].pszDnsRoot=corp.mydomain.com
pNCs[4].aCrInfo[0].iSourceServer=0
pNCs[4].aCrInfo[0].pszSourceServer=(null)
pNCs[4].aCrInfo[0].ulSystemFlags=0x00000003
pNCs[4].aCrInfo[0].bEnabled=TRUE
pNCs[4].aCrInfo[0].ftWhenCreated=00000000 00000000 pNCs[4].aCrInfo[0].pszSDReferenceDomain=(null)
pNCs[4].aCrInfo[0].pszNetBiosName=(null)
pNCs[4].aCrInfo[0].aszReplicas=

5 NC TARGETS: ForestDnsZones, DomainDnsZones, Schema, Configuration, corp,
2 TARGETS: DC1, DC2,

=============================================Done Printing pDsInfo

Doing initial required tests

Testing server: Default-First-Site-Name\DC1
Starting test: Connectivity
* Active Directory LDAP Services Check
Failure Analysis: DC1 ... OK.
* Active Directory RPC Services Check
......................... DC1 passed test Connectivity

Testing server: Default-First-Site-Name\DC2
Starting test: Connectivity
* Active Directory LDAP Services Check
DC2.currentTime = 20150821190923.0Z
DC2.highestCommittedUSN = 22328275
DC2.isSynchronized = 1
DC2.isGlobalCatalogReady = 1
Failure Analysis: DC2 ... OK.
* Active Directory RPC Services Check
......................... DC2 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC1
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com has 4 cursors.
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com has 4 cursors.
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com has 4 cursors.
CN=Configuration,DC=corp,DC=mydomain,DC=com has 4 cursors.
DC=corp,DC=mydomain,DC=com has 4 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC1 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC1 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=corp,DC=mydomain,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=corp,DC=mydomain,DC=com
(Domain,Version 2)
......................... DC1 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DC1 passed test NetLogons
Starting test: Advertising
The DC DC1 is advertising itself as a DC and having a DS.
The DC DC1 is advertising as an LDAP server
The DC DC1 is advertising as having a writeable directory
The DC DC1 is advertising as a Key Distribution Center
The DC DC1 is advertising as a time server
The DS DC1 is advertising as a GC.
......................... DC1 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
......................... DC1 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=corp,DC=mydomain,DC=com
* Available RID Pool for the Domain is 6103 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
* dc1.corp.mydomain.com is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC1,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com
* rIDAllocationPool is 5603 to 6102
* rIDPreviousAllocationPool is 5603 to 6102
* rIDNextRID: 5604
......................... DC1 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/dc1.corp.mydomain.com/corp.mydomain.com
* SPN found :LDAP/dc1.corp.mydomain.com
* SPN found :LDAP/DC1
* SPN found :LDAP/dc1.corp.mydomain.com/MYDOMAIN
* SPN found :LDAP/6d452aba-3a2b-4ba0-bb53-dd5c0d4d3513._msdcs.corp.mydomain.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/6d452aba-3a2b-4ba0-bb53-dd5c0d4d3513/corp.mydomain.com
* SPN found :HOST/dc1.corp.mydomain.com/corp.mydomain.com
* SPN found :HOST/dc1.corp.mydomain.com
* SPN found :HOST/DC1
* SPN found :HOST/dc1.corp.mydomain.com/MYDOMAIN
* SPN found :GC/dc1.corp.mydomain.com/corp.mydomain.com
......................... DC1 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC1 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC1 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC1 is in domain DC=corp,DC=mydomain,DC=com
Checking for CN=DC1,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com in domain DC=corp,DC=mydomain,DC=com on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com in domain CN=Configuration,DC=corp,DC=mydomain,DC=com on 2 servers
Object is up-to-date on all servers.
......................... DC1 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC1 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
There are warning or error events within the last 24 hours after the
SYSVOL has been shared. Failing SYSVOL replication problems may cause
Group Policy problems.
An Warning Event occured. EventID: 0x800034C4
Time Generated: 08/21/2015 11:33:12
(Event String could not be retrieved)
An Warning Event occured. EventID: 0x800034C5
Time Generated: 08/21/2015 12:15:16
(Event String could not be retrieved)
......................... DC1 failed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... DC1 passed test kccevent
Starting test: systemlog
* The System Event log test
An Error Event occured. EventID: 0x825A0011
Time Generated: 08/21/2015 15:06:52
(Event String could not be retrieved)
An Error Event occured. EventID: 0x825A0011
Time Generated: 08/21/2015 15:07:04
(Event String could not be retrieved)
......................... DC1 failed test systemlog
Starting test: VerifyReplicas
......................... DC1 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC1,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com and backlink
on
CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=mydomain,DC=com
and backlink on
CN=DC1,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com are correct.
The system object reference (serverReferenceBL)
CN=DC1,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=mydomain,DC=com
and backlink on
CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
are correct.
......................... DC1 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC1 passed test VerifyEnterpriseReferences

Testing server: Default-First-Site-Name\DC2
Starting test: Replications
* Replications Check
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com has 4 cursors.
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com has 4 cursors.
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com has 4 cursors.
CN=Configuration,DC=corp,DC=mydomain,DC=com has 4 cursors.
DC=corp,DC=mydomain,DC=com has 4 cursors.
* Replication Latency Check
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=corp,DC=mydomain,DC=com
Latency information for 2 entries in the vector were ignored.
2 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... DC2 passed test Replications
Starting test: Topology
* Configuration Topology Integrity Check
* Analyzing the connection topology for DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the connection topology for DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC2 passed test Topology
Starting test: CutoffServers
* Configuration Topology Aliveness Check
* Analyzing the alive system replication topology for DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for CN=Configuration,DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
* Analyzing the alive system replication topology for DC=corp,DC=mydomain,DC=com.
* Performing upstream (of target) analysis.
* Performing downstream (of target) analysis.
......................... DC2 passed test CutoffServers
Starting test: NCSecDesc
* Security Permissions Check for
DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com
(NDNC,Version 2)
* Security Permissions Check for
CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com
(Schema,Version 2)
* Security Permissions Check for
CN=Configuration,DC=corp,DC=mydomain,DC=com
(Configuration,Version 2)
* Security Permissions Check for
DC=corp,DC=mydomain,DC=com
(Domain,Version 2)
......................... DC2 passed test NCSecDesc
Starting test: NetLogons
* Network Logons Privileges Check
......................... DC2 passed test NetLogons
Starting test: Advertising
The DC DC2 is advertising itself as a DC and having a DS.
The DC DC2 is advertising as an LDAP server
The DC DC2 is advertising as having a writeable directory
The DC DC2 is advertising as a Key Distribution Center
The DC DC2 is advertising as a time server
The DS DC2 is advertising as a GC.
......................... DC2 passed test Advertising
Starting test: KnowsOfRoleHolders
Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
......................... DC2 passed test KnowsOfRoleHolders
Starting test: RidManager
ridManagerReference = CN=RID Manager$,CN=System,DC=corp,DC=mydomain,DC=com
* Available RID Pool for the Domain is 6103 to 1073741823
fSMORoleOwner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
* dc1.corp.mydomain.com is the RID Master
* DsBind with RID Master was successful
rIDSetReferences = CN=RID Set,CN=DC2,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com
* rIDAllocationPool is 5103 to 5602
* rIDPreviousAllocationPool is 5103 to 5602
* rIDNextRID: 5104
......................... DC2 passed test RidManager
Starting test: MachineAccount
* SPN found :LDAP/dc2.corp.mydomain.com/corp.mydomain.com
* SPN found :LDAP/dc2.corp.mydomain.com
* SPN found :LDAP/DC2
* SPN found :LDAP/dc2.corp.mydomain.com/MYDOMAIN
* SPN found :LDAP/1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/1854b5ee-430a-4176-b18a-aaf114663fb1/corp.mydomain.com
* SPN found :HOST/dc2.corp.mydomain.com/corp.mydomain.com
* SPN found :HOST/dc2.corp.mydomain.com
* SPN found :HOST/DC2
* SPN found :HOST/dc2.corp.mydomain.com/MYDOMAIN
* SPN found :GC/dc2.corp.mydomain.com/corp.mydomain.com
......................... DC2 passed test MachineAccount
Starting test: Services
* Checking Service: Dnscache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: RpcSs
* Checking Service: w32time
* Checking Service: NETLOGON
......................... DC2 passed test Services
Starting test: OutboundSecureChannels
* The Outbound Secure Channels test
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... DC2 passed test OutboundSecureChannels
Starting test: ObjectsReplicated
DC2 is in domain DC=corp,DC=mydomain,DC=com
Checking for CN=DC2,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com in domain DC=corp,DC=mydomain,DC=com on 2 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com in domain CN=Configuration,DC=corp,DC=mydomain,DC=com on 2 servers
Object is up-to-date on all servers.
......................... DC2 passed test ObjectsReplicated
Starting test: frssysvol
* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... DC2 passed test frssysvol
Starting test: frsevent
* The File Replication Service Event log test
......................... DC2 passed test frsevent
Starting test: kccevent
* The KCC Event log test
Found no KCC errors in Directory Service Event log in the last 15 minutes.
......................... DC2 passed test kccevent
Starting test: systemlog
* The System Event log test
Found no errors in System Event log in the last 60 minutes.
......................... DC2 passed test systemlog
Starting test: VerifyReplicas
......................... DC2 passed test VerifyReplicas
Starting test: VerifyReferences
The system object reference (serverReference)
CN=DC2,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com and backlink
on
CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
are correct.
The system object reference (frsComputerReferenceBL)
CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=mydomain,DC=com
and backlink on
CN=DC2,OU=Domain Controllers,DC=corp,DC=mydomain,DC=com are correct.
The system object reference (serverReferenceBL)
CN=DC2,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=corp,DC=mydomain,DC=com
and backlink on
CN=NTDS Settings,CN=DC2,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corp,DC=mydomain,DC=com
are correct.
......................... DC2 passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... DC2 passed test VerifyEnterpriseReferences

Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom

Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom

Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom

Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom

Running partition tests on : corp
Starting test: CrossRefValidation
......................... corp passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... corp passed test CheckSDRefDom

Running enterprise tests on : corp.mydomain.com
Starting test: Intersite
Skipping site Default-First-Site-Name, this site is outside the scope
provided by the command line arguments provided.
......................... corp.mydomain.com passed test Intersite
Starting test: FsmoCheck
GC Name: \\dc1.corp.mydomain.com
Locator Flags: 0xe00003fd
PDC Name: \\dc1.corp.mydomain.com
Locator Flags: 0xe00003fd
Time Server Name: \\dc1.corp.mydomain.com
Locator Flags: 0xe00003fd
Preferred Time Server Name: \\dc1.corp.mydomain.com
Locator Flags: 0xe00003fd
KDC Name: \\dc1.corp.mydomain.com
Locator Flags: 0xe00003fd
......................... corp.mydomain.com passed test FsmoCheck

Free Windows Admin Tool Kit Click here and download it now

August 21st, 2015 4:13pm

Here is the frsdiag log:

------------------------------------------------------------
FRSDiag v1.7 on 8/21/2015 3:09:30 PM
.\DC1 on 2015-08-21 at 3.09.30 PM
------------------------------------------------------------

Checking for errors/warnings in FRS Event Log .... passed
Checking for errors in Directory Service Event Log ....
NTDS Replication 8/21/2015 11:20:04 AM Error 2426919 Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: 1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: http://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.
NTDS Replication 8/21/2015 10:30:02 AM Error 2426919 Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: 1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: http://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.
NTDS Replication 8/19/2015 11:30:52 AM Error 2426919 Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: 1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: http://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.
NTDS Replication 8/17/2015 12:51:29 PM Error 1863 This is the replication status for the following directory partition on the local domain controller. Directory partition: DC=ForestDnsZones,DC=corp,DC=mydomain,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS Replication 8/17/2015 12:51:29 PM Error 1863 This is the replication status for the following directory partition on the local domain controller. Directory partition: DC=DomainDnsZones,DC=corp,DC=mydomain,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS Replication 8/17/2015 12:51:29 PM Error 1863 This is the replication status for the following directory partition on the local domain controller. Directory partition: CN=Schema,CN=Configuration,DC=corp,DC=mydomain,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS Replication 8/17/2015 12:51:29 PM Error 1863 This is the replication status for the following directory partition on the local domain controller. Directory partition: CN=Configuration,DC=corp,DC=mydomain,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS Replication 8/17/2015 12:51:29 PM Error 1863 This is the replication status for the following directory partition on the local domain controller. Directory partition: DC=corp,DC=mydomain,DC=com The local domain controller has not received replication information from a number of domain controllers within the configured latency interval. Latency Interval (Hours): 24 Number of domain controllers in all sites: 1 Number of domain controllers in this site: 1 The latency interval can be modified with the following registry key. Registry Key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Replicator latency error interval (hours) To identify the domain controllers by name, install the support tools included on the installation CD and run dcdiag.exe. You can also use the support tool repadmin.exe to display the replication latencies of the domain controllers in the forest. The command is "repadmin /showvector /latency <partition-dn>".
NTDS Replication 8/16/2015 11:52:54 AM Error 2426919 Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: 1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: http://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.
NTDS Replication 8/13/2015 11:18:07 AM Error 2426919 Active Directory could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources. Source domain controller: dc2 Failing DNS host name: 1854b5ee-430a-4176-b18a-aaf114663fb1._msdcs.corp.mydomain.com NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1: Registry Path: HKLM\System\CurrentControlSet\Services\NTDS\Diagnostics\22 DS RPC Client User Action: 1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498. 2) Confirm that the source domain controller is running Active directory and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>". 3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns dcdiag /test:dns 4) Verify that that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows: dcdiag /test:dns 5) For further analysis of DNS error failures see KB 824449: http://support.microsoft.com/?kbid=824449 Additional Data Error value: 11004 The requested name is valid, but no data of the requested type was found.
NTDS Backup 8/10/2015 3:56:12 PM Error 1913 Internal error: The Active Directory backup and restore operation encountered an unexpected error. Backup or restore will not succeed until this is corrected. Additional Data Error value: 1084 This service cannot be started in Safe Mode Internal ID: 160200fa
WARNING: Found Directory Service Errors in the past 15 days! FRS Depends on AD so Check AD Replication!

......... failed 11
Checking for minimum FRS version requirement ... passed
Checking for errors/warnings in ntfrsutl ds ... passed
Checking for Replica Set configuration triggers... passed
Checking for suspicious file Backlog size... passed
Checking Overall Disk Space and SYSVOL structure (note: integrity is not checked)... passed
Checking for suspicious inlog entries ... passed
Checking for suspicious outlog entries ... passed
Checking for appropriate staging area size ... passed
Checking for errors in debug logs ...
ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3476: 904: S0: 11:41:32> :SR: Cmd 016b8850, CxtG 83a10edd, WS ERROR_ACCESS_DENIED, To dc2.corp.mydomain.com Len: (360) [SndFail - Send Penalty]
ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3476: 877: S0: 11:42:33> :SR: Cmd 0168ce70, CxtG 8771d58d, WS ERROR_ACCESS_DENIED, To dc2.corp.mydomain.com Len: (360) [SndFail - rpc call]
ERROR on NtFrs_0002.log : "ERROR_ACCESS_DENIED" : <SndCsMain: 3476: 904: S0: 11:42:33> :SR: Cmd 0168ce70, CxtG 8771d58d, WS ERROR_ACCESS_DENIED, To dc2.corp.mydomain.com Len: (360) [SndFail - Send Penalty]
ERROR on NtFrs_0002.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 3736: 884: S0: 11:46:32> :SR: Cmd 016b94a8, CxtG 83a10edd, WS EPT_S_NOT_REGISTERED, To dc2.corp.mydomain.com Len: (360) [SndFail - rpc exception]
ERROR on NtFrs_0002.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 3736: 883: S0: 11:46:44> ++ ERROR - EXCEPTION (000006d9) : WStatus: EPT_S_NOT_REGISTERED
ERROR on NtFrs_0002.log : "EPT_S_NOT_REGISTERED(This may indicate that DNS returns the IP address of the wrong computer. Check DNS records being returned, Check if FRS is currently running on the target server. Check if Ntfrs is registered with the End-Point-Mapper on target server!)" : <SndCsMain: 3736: 884: S0: 11:46:44> :SR: Cmd 0026d4b8, CxtG 8771d58d, WS EPT_S_NOT_REGISTERED, To dc2.corp.mydomain.com Len: (360) [SndFail - rpc exception]

Found 30 ERROR_ACCESS_DENIED error(s)! Latest ones (up to 3) listed above
Found 10 EPT_S_NOT_REGISTERED error(s)! Latest ones (up to 3) listed above

......... failed with 40 error entries
Checking NtFrs Service (and dependent services) state...passed
Checking NtFrs related Registry Keys for possible problems...passed
Checking Repadmin Showreps for errors...passed

August 21st, 2015 4:15pm

This topic is archived. No further replies will be accepted.