| Author |
 Topic  |
|
|
Pilot
Welcome Newcomer
United Kingdom
3 Posts
Status: offline |
 Posted - 06/09/2003 : 09:36:24 AM
|
Hi all!
This is my first post on this site (never knew it existed until this morning!), so have a good question for you all:
I'm on a 'child' domain connected to the root servers via VPN. On this site we have two Active Directory DC's SERVER1 & SERVER2 (SERVER2 is also the GC).
Now, when I run DCDiag from SERVER1 I get the following result:
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: SITE1\SERVER1
Starting test: Connectivity
......................... SERVER1 passed test Connectivity
Doing primary tests
Testing server: SITE\SERVER1
Starting test: Replications
......................... SERVER1 passed test Replications
Starting test: NCSecDesc
......................... SERVER1 passed test NCSecDesc
Starting test: NetLogons
......................... SERVER1 passed test NetLogons
Starting test: Advertising
......................... SERVER1 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER1 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER1 passed test RidManager
Starting test: MachineAccount
......................... SERVER1 passed test MachineAccount
Starting test: Services
......................... SERVER1 passed test Services
Starting test: ObjectsReplicated
......................... SERVER1 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER1 passed test frssysvol
Starting test: kccevent
......................... SERVER1 passed test kccevent
Starting test: systemlog
......................... SERVER1 passed test systemlog
Running enterprise tests on : ad.companyname.com
Starting test: Intersite
......................... ad.companyname.com passed test
Intersite
Starting test: FsmoCheck
......................... ad.companyname.com passed test
FsmoCheck
All so well and good! - But, (and it's a big but!), on SERVER2 I get the following:
DC Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial non skippeable tests
Testing server: SITE1\SERVER2
Starting test: Connectivity
......................... SERVER2 passed test Connectivity
Doing primary tests
Testing server: SITE1\SERVER2
Starting test: Replications
......................... SERVER2 passed test Replications
Starting test: NCSecDesc
[SERVER2] LDAP connection failed with error 58,
Win32 Error 58.
......................... SERVER2 failed test NCSecDesc
Starting test: NetLogons
......................... SERVER2 passed test NetLogons
Starting test: Advertising
Warning: SERVER2 has not finished promoting to be a GC.
Check the event log for domains that cannot be replicated.
Warning: SERVER2 is not advertising as a global catalog.
Check that server finished GC promotion.
Check the event log on server that enough source replicas for the GC are available.
......................... SERVER2 failed test Advertising
Starting test: KnowsOfRoleHolders
......................... SERVER2 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SERVER2 passed test RidManager
Starting test: MachineAccount
......................... SERVER2 passed test MachineAccount
Starting test: Services
......................... SERVER2 passed test Services
Starting test: ObjectsReplicated
......................... SERVER2 passed test ObjectsReplicated
Starting test: frssysvol
......................... SERVER2 passed test frssysvol
Starting test: kccevent
An Information Event occured. EventID: 0x40000617
Time Generated: 06/09/2003 11:28:37
Event String: A request has been made to promote this DSA to a
An Information Event occured. EventID: 0x40000617
Time Generated: 06/09/2003 11:28:37
Event String: A request has been made to promote this DSA to a
An Information Event occured. EventID: 0x4000062A
Time Generated: 06/09/2003 11:28:37
Event String: Promotion of this server to a Global Catalog has
An Information Event occured. EventID: 0x40000456
Time Generated: 06/09/2003 11:28:37
Event String: Promotion of this server to a Global Catalog will
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:30:36
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:30:59
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:31:22
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:31:45
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:32:08
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:32:31
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:32:54
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:33:17
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:33:40
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:34:03
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:34:26
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:34:49
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:35:12
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:35:35
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:35:58
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:36:20
Event String: The attempt to establish a replication link with
An Warning Event occured. EventID: 0x800004F1
Time Generated: 06/09/2003 11:36:43
Event String: The attempt to establish a replication link with
......................... SERVER2 failed test kccevent
Starting test: systemlog
......................... SERVER2 passed test systemlog
Running enterprise tests on : ad.companyname.com
Starting test: Intersite
......................... ad.companyname.com passed test Intersite
Starting test: FsmoCheck
......................... ad.companyname.com passed test FsmoCheck
Why do I get NcSecDesc errors, and failure to complete GC? - the servers have been in place about 4 months now, but I've been unable to find any answers to this - and all attempts to resolve this haven't got very far.
Has anyone else seen something similar? - and/or do you have any advice at all?
Many thanks for any help you can provide.
Pilot
|
|
|
LANtastic
Welcome Newcomer
USA
20 Posts
Status: offline |
Posted - 06/09/2003 : 11:50:45 AM
|
prolly a good idea to document your network topology to help with possible connectivity problems between servers. maybe the dcpromo didn't complete because there was an interruption in communiction. do all the servers act normally? Have you tried to rerun dcpromo?
Ken |
 |
|
|
Pilot
Welcome Newcomer
United Kingdom
3 Posts
Status: offline |
Posted - 06/13/2003 : 10:10:27 AM
|
Ken,
Thanks for the reply - sorry for taking so long to answer.
Anyway, as far as I can tell there was no network interruption during the promotion of the second server. They do seem to be doing their function on this site (ie. user authentications etc.)
However, the idea of being able to be in another site and use your existing username & password to connect to this site doesn't work (guess that's related?).
Another thing - is it safe to re-run DCPromo? - and if so what are the pitfalls (if any) to look out for? - and (finally), will it keep the DNS settings, or will those be removed?
Many thanks
Pilot |
|
|
|
bigh1t
Welcome Newcomer
USA
19 Posts
Status: offline |
Posted - 06/16/2003 : 6:11:15 PM
|
Pilot,
The first thing I would like to know is where Server2 is pointing for DNS. Server1?
Also, if you try to rename Server2 does it say it's a DC? (If not, then re-running dcpromo won't hurt AFTER you use NTDSUTIL to run Metadata Cleanup on the other servers so Server2 is removed.)
Now, Site1 is connected via VPN to the root, are you running secondary DNS zones of the parent on Server1 in Site1? Server2 should only have to reach Server1 for dns and then Server1 can forward data to the root dns servers. Are all the records for Server2 correct in DNS?
This should get things started,
Lee |
|
|
|
Mark Minasi
Chief cook and bottle washer
USA
10658 Posts
Status: offline |
Posted - 06/16/2003 : 7:30:22 PM
|
Welcome to the forum, Lee!
====
Mark
==== |
|
|
|
Pilot
Welcome Newcomer
United Kingdom
3 Posts
Status: offline |
Posted - 06/19/2003 : 06:20:15 AM
|
Hi all! - Thanks for the replies.
OK, I've tried to summarise the DNS settings for both servers in Site1. However, the company I work for are a bit 'fussy' about giving away too much info (domain names etc. etc. hence I have to use Server1, Server2, Site1 etc.) I hope that doesn't affect this too much. Apart from the names, everything else (including the layout for example)is the same as it is here.
In response to your questions Bigh1t (Lee), yes, Server2 is showing as a DC in Site1.
Ok, here goes, this is the config info for SITE1, we connect to the root via VPN.
Properties of Server1 in Site1
IP address: 192.168.210.1
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.210.250
Preferred DNS Server: Itself
DNS Settings:
Properties for Server1:
Interfaces: Listen on all IP addresses
Forwarders: 192.168.250.2 (2nd root server)
192.168.250.1 (1st root server)
172.21.250.114 (3rd root server)
Recursion is used
Forward Lookup Zones:
Properties of: _msdcs.root.companyname.com zone:
Type: Active-Directory Integrated
Allow Dynamic Updates? Yes
Name Servers: Server2 in Site1
2nd Root server
1st Root server
Server1 in Site1
3rd Root server
WINS Not used
Allow Zone Transfers: To any server
Properties of: site1.root.companyname.com zone:
Type: Active-Directory Integrated
Allow Dynamic Updates: Yes
Name Servers: Server2 in Site1
Server1 in Site1
WINS Not used
Allow Zone Transfers: To any server
Reverse Lookup Zones:
Properties of 192.168.210.x Subnet:
Type: Active-Directory Integrated
Allow Dynamic Updates? Yes
Name Servers: Server2 in Site1
Server1 in Site1
WINS-R: Not used
Allow Zone Transfers: To any server
Properties of Server2 in Site1
IP address: 192.168.210.2
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.210.250
Preferred DNS Server: Server1
Alternate DNS Server: Itself
DNS Settings:
Properties for Server2:
Interfaces: Listen on all IP addresses
Forwarders: 2nd root server
1st root server
3rd root server
Recursion is used
Forward Lookup Zones:
Properties of: _msdcs.root.companyname.com zone:
Type: Active-Directory Integrated
Allow Dynamic Updates? Yes
Name Servers: Server2 in Site1
2nd Root server
1st Root server
Server1 in Site1
3rd Root server
WINS Not used
Allow Zone Transfers: To any server
Properties of: site1.root.companyname.com zone:
Type: Active-Directory Integrated
Allow Dynamic Updates: Yes
Name Servers: Server2 in Site1
Server1 in Site1
WINS Not used
Allow Zone Transfers: To any server
Reverse Lookup Zones:
Properties of 192.168.210.x Subnet:
Type: Active-Directory Integrated
Allow Dynamic Updates? Yes
Name Servers: Server2 in Site1
Server1 in Site1
WINS-R: Not used
Allow Zone Transfers: To any server
Thanks all! - Look forward to hearing back from you.
Cheers - Pilot
|
|
|
| |
Topic |
|
DCDiag result question
