T
theeinstein
I have a small office with 2 domain controllers both running w2k3 sp1.
With in the last week I have noticed some odd issues noted below..
this is a netdiag and dcdiag from my primary DC (GC)
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : xxxxxx(masked)
IP Address . . . . . . . . : 172.16.1.13
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.16.1.3
Dns Servers. . . . . . . . : 172.16.1.13
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messeng
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'172.16.1.13
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\Administrator.VOTENASSAU>
C:\Documents and Settings\Administrator.VOTENASSAU>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SOEMAIN10
Starting test: Connectivity
......................... SOEMAIN10 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SOEMAIN10
Starting test: Replications
......................... SOEMAIN10 passed test Replications
Starting test: NCSecDesc
......................... SOEMAIN10 passed test NCSecDesc
Starting test: NetLogons
......................... SOEMAIN10 passed test NetLogons
Starting test: Advertising
......................... SOEMAIN10 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SOEMAIN10 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SOEMAIN10 passed test RidManager
Starting test: MachineAccount
......................... SOEMAIN10 passed test MachineAccount
Starting test: Services
......................... SOEMAIN10 passed test Services
Starting test: ObjectsReplicated
......................... SOEMAIN10 passed test ObjectsReplicated
Starting test: frssysvol
......................... SOEMAIN10 passed test frssysvol
Starting test: frsevent
......................... SOEMAIN10 passed test frsevent
Starting test: kccevent
......................... SOEMAIN10 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:02:19
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:07:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:09:31
(Event String could not be retrieved)
......................... SOEMAIN10 failed test systemlog
Starting test: VerifyReferences
......................... SOEMAIN10 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : votenassau
Starting test: CrossRefValidation
......................... votenassau passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... votenassau passed test CheckSDRefDom
Running enterprise tests on : votenassau.com
Starting test: Intersite
......................... votenassau.com passed test Intersite
Starting test: FsmoCheck
......................... votenassau.com passed test FsmoCheck
I see this KDC warning in the log on the server
The currently selected KDC certificate was once valid, but now is invalid
and no suitable replacement was found. Smartcard logon may not function
correctly if this problem is not remedied. Have the system administrator
check on the state of the domain's public key infrastructure. The chain
status is in the error data.
Currently no user is having any issues logging in or communicating with the
servers... I also see a varation of auth. to both DC's during the normal day.
What makes me worry is this today I just joined 2 new win xp sp2 machines to
the domain.. The join went fine on the reboot when I attempted to select the
domain to login to I got the normal "please wait while the domain list is
created" message. this to a little longer than normal but also when I
selected the correct domain I got the message again and it then sits there
for about 4-5 minutes finally allowing me to login and seems to be ok.. On
those workstations immediately after I login I see these events logged
Event 40961
The Security System could not establish a secured connection with the server
LDAP/soemain10.votenassau.com. No authentication protocol was available.
AND
Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'machinename'. The following error occurred:
Access is denied.
AND
Attempt to update HOST Service Principal Names (SPNs) of the computer object
in Active Directory failed. The updated values were 'HOST/machinename' and
'HOST/machinename'. The following error occurred:
Access is denied.
however the machine seems to run ok... Can anyone please shed some light on
this for me.
Thx
With in the last week I have noticed some odd issues noted below..
this is a netdiag and dcdiag from my primary DC (GC)
Per interface results:
Adapter : Local Area Connection
Netcard queries test . . . : Passed
Host Name. . . . . . . . . : xxxxxx(masked)
IP Address . . . . . . . . : 172.16.1.13
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 172.16.1.3
Dns Servers. . . . . . . . : 172.16.1.13
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
NetBT name test. . . . . . : Passed
[WARNING] At least one of the <00> 'WorkStation Service', <03>
'Messeng
r Service', <20> 'WINS' names is missing.
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
1 NetBt transport currently configured.
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation
Serv
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
PASS - All the DNS entries for DC are registered on DNS server
'172.16.1.13
and other DCs also have some of the names registered.
Redir and Browser test . . . . . . : Passed
List of NetBt transports currently bound to the Redir
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
The redir is bound to 1 NetBt transport.
List of NetBt transports currently bound to the browser
NetBT_Tcpip_{5078AD36-BD00-4F90-883C-90F23F049102}
The browser is bound to 1 NetBt transport.
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Skipped
Note: run "netsh ipsec dynamic show /?" for more detailed information
The command completed successfully
C:\Documents and Settings\Administrator.VOTENASSAU>
C:\Documents and Settings\Administrator.VOTENASSAU>dcdiag
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\SOEMAIN10
Starting test: Connectivity
......................... SOEMAIN10 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\SOEMAIN10
Starting test: Replications
......................... SOEMAIN10 passed test Replications
Starting test: NCSecDesc
......................... SOEMAIN10 passed test NCSecDesc
Starting test: NetLogons
......................... SOEMAIN10 passed test NetLogons
Starting test: Advertising
......................... SOEMAIN10 passed test Advertising
Starting test: KnowsOfRoleHolders
......................... SOEMAIN10 passed test KnowsOfRoleHolders
Starting test: RidManager
......................... SOEMAIN10 passed test RidManager
Starting test: MachineAccount
......................... SOEMAIN10 passed test MachineAccount
Starting test: Services
......................... SOEMAIN10 passed test Services
Starting test: ObjectsReplicated
......................... SOEMAIN10 passed test ObjectsReplicated
Starting test: frssysvol
......................... SOEMAIN10 passed test frssysvol
Starting test: frsevent
......................... SOEMAIN10 passed test frsevent
Starting test: kccevent
......................... SOEMAIN10 passed test kccevent
Starting test: systemlog
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:02:19
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:07:35
(Event String could not be retrieved)
An Error Event occured. EventID: 0x00000457
Time Generated: 07/31/2007 19:09:31
(Event String could not be retrieved)
......................... SOEMAIN10 failed test systemlog
Starting test: VerifyReferences
......................... SOEMAIN10 passed test VerifyReferences
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidatio
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidatio
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test
CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : votenassau
Starting test: CrossRefValidation
......................... votenassau passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... votenassau passed test CheckSDRefDom
Running enterprise tests on : votenassau.com
Starting test: Intersite
......................... votenassau.com passed test Intersite
Starting test: FsmoCheck
......................... votenassau.com passed test FsmoCheck
I see this KDC warning in the log on the server
The currently selected KDC certificate was once valid, but now is invalid
and no suitable replacement was found. Smartcard logon may not function
correctly if this problem is not remedied. Have the system administrator
check on the state of the domain's public key infrastructure. The chain
status is in the error data.
Currently no user is having any issues logging in or communicating with the
servers... I also see a varation of auth. to both DC's during the normal day.
What makes me worry is this today I just joined 2 new win xp sp2 machines to
the domain.. The join went fine on the reboot when I attempted to select the
domain to login to I got the normal "please wait while the domain list is
created" message. this to a little longer than normal but also when I
selected the correct domain I got the message again and it then sits there
for about 4-5 minutes finally allowing me to login and seems to be ok.. On
those workstations immediately after I login I see these events logged
Event 40961
The Security System could not establish a secured connection with the server
LDAP/soemain10.votenassau.com. No authentication protocol was available.
AND
Attempt to update DNS Host Name of the computer object in Active Directory
failed. The updated value was 'machinename'. The following error occurred:
Access is denied.
AND
Attempt to update HOST Service Principal Names (SPNs) of the computer object
in Active Directory failed. The updated values were 'HOST/machinename' and
'HOST/machinename'. The following error occurred:
Access is denied.
however the machine seems to run ok... Can anyone please shed some light on
this for me.
Thx