Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine DC1, is a Directory Server. Home Server = DC1 * Connecting to directory service on server DC1. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=company,DC=com,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Singapore,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=Sydney,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=LosAngeles,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=Pasadena,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=London,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=Wellington,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site Looking at base site object: CN=NTDS Site Settings,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=company,DC=com,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Wellington,CN=Sites,CN=Configuration,DC=company,DC=com objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=TDC3,CN=Servers,CN=Sydney,CN=Sites,CN=Configuration,DC=company,DC=com objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 3 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Auckland\DC1 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... DC1 passed test Connectivity Doing primary tests Testing server: Auckland\DC1 Starting test: Advertising The DC DC1 is advertising itself as a DC and having a DS. The DC DC1 is advertising as an LDAP server The DC DC1 is advertising as having a writeable directory The DC DC1 is advertising as a Key Distribution Center The DC DC1 is advertising as a time server The DS DC1 is advertising as a GC. ......................... DC1 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test Skip the test because the server is running DFSR. ......................... DC1 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. A warning event occurred. EventID: 0x80001396 Time Generated: 02/13/2022 21:12:01 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 A warning event occurred. EventID: 0x80001396 Time Generated: 02/13/2022 22:48:00 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 A warning event occurred. EventID: 0x80001396 Time Generated: 02/14/2022 03:00:01 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 A warning event occurred. EventID: 0x80001396 Time Generated: 02/14/2022 07:54:01 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 A warning event occurred. EventID: 0x800010D0 Time Generated: 02/14/2022 15:26:35 Event String: The DFS Replication service has been repeatedly prevented from replicating a file due to consistent sharing violations encountered on the file. The service failed to stage a file for replication due to a sharing violation. Additional Information: File Path: C:\Windows\SYSVOL_DFSR\domain\Policies\{3C4B44E3-F9F8-45AE-92CF-14910A70D566}\Adm\inetres.adm Replicated Folder Root: C:\Windows\SYSVOL_DFSR\domain File ID: {E028E47C-856B-470C-971B-BDDCED32FF2A}-v1208 Replicated Folder Name: SYSVOL Share Replicated Folder ID: 1679598A-C48F-453C-B691-F2636C3354D3 Replication Group Name: Domain System Volume Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 Member ID: 94E03B0C-C273-47D2-9086-789F4A2B4E03 A warning event occurred. EventID: 0x80001396 Time Generated: 02/14/2022 15:42:07 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 A warning event occurred. EventID: 0x80001396 Time Generated: 02/14/2022 17:12:03 Event String: The DFS Replication service is stopping communication with partner TDC3 for replication group Domain System Volume due to an error. The service will retry the connection periodically. Additional Information: Error: 1726 (The remote procedure call failed.) Connection ID: FD4CF140-0AA3-4301-ACF4-494860F54E45 Replication Group ID: F2D8B1C9-A359-4C75-B357-036F6BEF7405 ......................... DC1 passed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC1 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... DC1 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com Role Domain Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com Role PDC Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com Role Rid Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com ......................... DC1 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC DC1 on DC DC1. * SPN found :LDAP/DC1.company.com/company.com * SPN found :LDAP/DC1.company.com * SPN found :LDAP/DC1 * SPN found :LDAP/DC1.company.com/company * SPN found :LDAP/90c1f575-5806-4c3c-90ea-751bb35ee586._msdcs.company.com * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/90c1f575-5806-4c3c-90ea-751bb35ee586/company.com * SPN found :HOST/DC1.company.com/company.com * SPN found :HOST/DC1.company.com * SPN found :HOST/DC1 * SPN found :HOST/DC1.company.com/company * SPN found :GC/DC1.company.com/company.com ......................... DC1 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC1. * Security Permissions Check for DC=ForestDnsZones,DC=company,DC=com (NDNC,Version 3) * Security Permissions Check for DC=DomainDnsZones,DC=company,DC=com (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=company,DC=com (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=company,DC=com (Configuration,Version 3) * Security Permissions Check for DC=company,DC=com (Domain,Version 3) ......................... DC1 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC1\netlogon Verified share \\DC1\sysvol ......................... DC1 passed test NetLogons Starting test: ObjectsReplicated DC1 is in domain DC=company,DC=com Checking for CN=DC1,OU=Domain Controllers,DC=company,DC=com in domain DC=company,DC=com on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com in domain CN=Configuration,DC=company,DC=com on 1 servers Object is up-to-date on all servers. ......................... DC1 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check * Replication Latency Check DC=ForestDnsZones,DC=company,DC=com Latency information for 32 entries in the vector were ignored. 32 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=DomainDnsZones,DC=company,DC=com Latency information for 32 entries in the vector were ignored. 32 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Schema,CN=Configuration,DC=company,DC=com Latency information for 49 entries in the vector were ignored. 49 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). CN=Configuration,DC=company,DC=com Latency information for 49 entries in the vector were ignored. 49 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). DC=company,DC=com Latency information for 49 entries in the vector were ignored. 49 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC). ......................... DC1 passed test Replications Starting test: RidManager * Available RID Pool for the Domain is 44966 to 1073741823 * DC1.company.com is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 42466 to 42965 * rIDPreviousAllocationPool is 42466 to 42965 * rIDNextRID: 42536 ......................... DC1 passed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... DC1 passed test Services Starting test: SystemLog * The System Event log test An error event occurred. EventID: 0x000016AD Time Generated: 02/14/2022 17:46:03 Event String: The session setup from the computer AKDC1 failed to authenticate. The following error occurred: Access is denied. ......................... DC1 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=DC1,OU=Domain Controllers,DC=company,DC=com and backlink on CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com are correct. The system object reference (serverReferenceBL) CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=company,DC=com and backlink on CN=NTDS Settings,CN=DC1,CN=Servers,CN=Auckland,CN=Sites,CN=Configuration,DC=company,DC=com are correct. The system object reference (msDFSR-ComputerReferenceBL) CN=DC1,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=company,DC=com and backlink on CN=DC1,OU=Domain Controllers,DC=company,DC=com are correct. ......................... DC1 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : company Starting test: CheckSDRefDom ......................... company passed test CheckSDRefDom Starting test: CrossRefValidation ......................... company passed test CrossRefValidation Running enterprise tests on : company.com Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\DC1.company.com Locator Flags: 0xe000d3fd PDC Name: \\DC1.company.com Locator Flags: 0xe000d3fd Time Server Name: \\DC1.company.com Locator Flags: 0xe000d3fd Preferred Time Server Name: \\DC1.company.com Locator Flags: 0xe000d3fd KDC Name: \\DC1.company.com Locator Flags: 0xe000d3fd ......................... company.com passed test LocatorCheck Starting test: Intersite Skipping site Singapore, this site is outside the scope provided by the command line arguments provided. Skipping site Sydney, this site is outside the scope provided by the command line arguments provided. Skipping site LosAngeles, this site is outside the scope provided by the command line arguments provided. Skipping site Pasadena, this site is outside the scope provided by the command line arguments provided. Skipping site London, this site is outside the scope provided by the command line arguments provided. Skipping site Wellington, this site is outside the scope provided by the command line arguments provided. Skipping site Auckland, this site is outside the scope provided by the command line arguments provided. ......................... company.com passed test Intersite