Directory Server Diagnosis Performing initial setup: Trying to find home server... * Verifying that the local machine DC2, is a Directory Server. Home Server = DC2 * Connecting to directory service on server DC2. * Identified AD Forest. Collecting AD specific global data * Collecting site info. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Contoso,DC=net,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),....... The previous call succeeded Iterating through the sites Looking at base site object: CN=NTDS Site Settings,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net Getting ISTG and options for the site * Identifying all servers. Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=Contoso,DC=net,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),....... The previous call succeeded.... The previous call succeeded Iterating through the list of servers Getting information for the server CN=NTDS Settings,CN=DC,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected Getting information for the server CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net objectGuid obtained InvocationID obtained dnsHostname obtained site info obtained All the info for the server collected * Identifying all NC cross-refs. * Found 2 DC(s). Testing 1 of them. Done gathering initial info. Doing initial required tests Testing server: Contoso\DC2 Starting test: Connectivity * Active Directory LDAP Services Check Determining IP4 connectivity * Active Directory RPC Services Check ......................... DC2 passed test Connectivity Doing primary tests Testing server: Contoso\DC2 Starting test: Advertising The DC DC2 is advertising itself as a DC and having a DS. The DC DC2 is advertising as an LDAP server The DC DC2 is advertising as having a writeable directory The DC DC2 is advertising as a Key Distribution Center The DC DC2 is advertising as a time server The DS DC2 is advertising as a GC. ......................... DC2 passed test Advertising Test omitted by user request: CheckSecurityError Test omitted by user request: CutoffServers Starting test: FrsEvent * The File Replication Service Event log test Skip the test because the server is running DFSR. ......................... DC2 passed test FrsEvent Starting test: DFSREvent The DFS Replication Event Log. There are warning or error events within the last 24 hours after the SYSVOL has been shared. Failing SYSVOL replication problems may cause Group Policy problems. A warning event occurred. EventID: 0x800008A4 Time Generated: 04/25/2023 11:24:49 Event String: The DFS Replication service has detected an unexpected shutdown on volume C:. This can occur if the service terminated abnormally (due to a power loss, for example) or an error occurred on the volume. The service has automatically initiated a recovery process. The service will rebuild the database if it determines it cannot reliably recover. No user action is required. Additional Information: Volume: C: GUID: D93921BB-78EA-488B-92BA-63D8869D578F An error event occurred. EventID: 0xC0001390 Time Generated: 04/25/2023 11:27:45 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/25/2023 11:27:45 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/25/2023 11:35:23 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/25/2023 11:35:23 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/25/2023 11:51:43 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/25/2023 11:51:43 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/25/2023 12:54:25 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/25/2023 12:54:25 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/25/2023 16:59:35 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/25/2023 16:59:35 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/26/2023 01:04:14 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/26/2023 01:04:14 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 An error event occurred. EventID: 0xC0001390 Time Generated: 04/26/2023 09:08:52 Event String: The DFS Replication service failed to communicate with partner DC for replication group Domain System Volume. This error can occur if the host is unreachable, or if the DFS Replication service is not running on the server. Partner DNS Address: DC.Contoso.net Optional data if available: Partner WINS Address: DC Partner IP Address: 10.0.0.2 The service will retry the connection periodically. Additional Information: Error: 1722 (The RPC server is unavailable.) Connection ID: EA77855F-7345-4C31-8013-6776A3E7944C Replication Group ID: EDEA9173-25F7-42FC-80EB-9F177313A36E An error event occurred. EventID: 0xC0001204 Time Generated: 04/26/2023 09:08:52 Event String: The DFS Replication service initialized SYSVOL at local path C:\Windows\SYSVOL\domain and is waiting to perform initial replication. The replicated folder will remain in the initial synchronization state until it has replicated with its partner DC.Contoso.net. If the server was in the process of being promoted to a domain controller, the domain controller will not advertise and function as a domain controller until this issue is resolved. This can occur if the specified partner is also in the initial synchronization state, or if sharing violations are encountered on this server or the sync partner. If this event occurred during the migration of SYSVOL from File Replication service (FRS) to DFS Replication, changes will not replicate out until this issue is resolved. This can cause the SYSVOL folder on this server to become out of sync with other domain controllers. Additional Information: Replicated Folder Name: SYSVOL Share Replicated Folder ID: D1604C04-7BA3-405B-892D-1C266DE17CCA Replication Group Name: Domain System Volume Replication Group ID: EA77855F-7345-4C31-8013-6776A3E7944C Member ID: B79D823F-ADB2-4809-B51A-5D3DBE1EA6B8 Read-Only: 0 ......................... DC2 failed test DFSREvent Starting test: SysVolCheck * The File Replication Service SYSVOL ready test File Replication Service's SYSVOL is ready ......................... DC2 passed test SysVolCheck Starting test: KccEvent * The KCC Event log test A warning event occurred. EventID: 0x8000082C Time Generated: 04/26/2023 10:55:02 Event String: This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: DC=Contoso,DC=net User Action: 1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476. 2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication. 3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed. A warning event occurred. EventID: 0x8000082C Time Generated: 04/26/2023 10:55:32 Event String: This server is the owner of the following FSMO role, but does not consider it valid. For the partition which contains the FSMO, this server has not replicated successfully with any of its partners since this server has been restarted. Replication errors are preventing validation of this role. Operations which require contacting a FSMO operation master will fail until this condition is corrected. FSMO Role: CN=RID Manager$,CN=System,DC=Contoso,DC=net User Action: 1. Initial synchronization is the first early replications done by a system as it is starting. A failure to initially synchronize may explain why a FSMO role cannot be validated. This process is explained in KB article 305476. 2. This server has one or more replication partners, and replication is failing for all of these partners. Use the command repadmin /showrepl to display the replication errors. Correct the error in question. For example there maybe problems with IP connectivity, DNS name resolution, or security authentication that are preventing successful replication. 3. In the rare event that all replication partners are expected to be offline (for example, because of maintenance or disaster recovery), you can force the role to be validated. This can be done by using NTDSUTIL.EXE to seize the role to the same server. This may be done using the steps provided in KB articles 255504 and 324801 on http://support.microsoft.com. The following operations may be impacted: Schema: You will no longer be able to modify the schema for this forest. Domain Naming: You will no longer be able to add or remove domains from this forest. PDC: You will no longer be able to perform primary domain controller operations, such as Group Policy updates and password resets for non-Active Directory Domain Services accounts. RID: You will not be able to allocation new security identifiers for new user accounts, computer accounts or security groups. Infrastructure: Cross-domain name references, such as universal group memberships, will not be updated properly if their target object is moved or renamed. Found no KCC errors in "Directory Service" Event log in the last 15 minutes. ......................... DC2 passed test KccEvent Starting test: KnowsOfRoleHolders Role Schema Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net Role Domain Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net Role PDC Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net Role Rid Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net Role Infrastructure Update Owner = CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net ......................... DC2 passed test KnowsOfRoleHolders Starting test: MachineAccount Checking machine account for DC DC2 on DC DC2. * SPN found :LDAP/DC2.Contoso.net/Contoso.net * SPN found :LDAP/DC2.Contoso.net * SPN found :LDAP/DC2 * SPN found :LDAP/DC2.Contoso.net/CONTOSO * SPN found :LDAP/9d1ac708-1c68-4dce-b87a-fc51ad7c1b34._msdcs.Contoso.net * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/9d1ac708-1c68-4dce-b87a-fc51ad7c1b34/Contoso.net * SPN found :HOST/DC2.Contoso.net/Contoso.net * SPN found :HOST/DC2.Contoso.net * SPN found :HOST/DC2 * SPN found :HOST/DC2.Contoso.net/CONTOSO * SPN found :GC/DC2.Contoso.net/Contoso.net ......................... DC2 passed test MachineAccount Starting test: NCSecDesc * Security Permissions check for all NC's on DC DC2. * Security Permissions Check for DC=ForestDnsZones,DC=Contoso,DC=net (NDNC,Version 3) * Security Permissions Check for DC=DomainDnsZones,DC=Contoso,DC=net (NDNC,Version 3) * Security Permissions Check for CN=Schema,CN=Configuration,DC=Contoso,DC=net (Schema,Version 3) * Security Permissions Check for CN=Configuration,DC=Contoso,DC=net (Configuration,Version 3) * Security Permissions Check for DC=Contoso,DC=net (Domain,Version 3) ......................... DC2 passed test NCSecDesc Starting test: NetLogons * Network Logons Privileges Check Verified share \\DC2\netlogon Verified share \\DC2\sysvol [DC2] User credentials does not have permission to perform this operation. The account used for this test must have network logon privileges for this machine's domain. ......................... DC2 failed test NetLogons Starting test: ObjectsReplicated DC2 is in domain DC=Contoso,DC=net Checking for CN=DC2,OU=Domain Controllers,DC=Contoso,DC=net in domain DC=Contoso,DC=net on 1 servers Object is up-to-date on all servers. Checking for CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net in domain CN=Configuration,DC=Contoso,DC=net on 1 servers Object is up-to-date on all servers. ......................... DC2 passed test ObjectsReplicated Test omitted by user request: OutboundSecureChannels Starting test: Replications * Replications Check [Replications Check,DC2] A recent replication attempt failed: From DC to DC2 Naming Context: DC=ForestDnsZones,DC=Contoso,DC=net The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2023-04-26 10:54:14. The last success occurred at 2023-01-30 11:17:29. 142 failures have occurred since the last success. [DC] DsBindWithSpnEx() failed with error 1722, The RPC server is unavailable.. RPC Extended Error Info not available. Use group policy on the local machine at "Computer Configuration/Administrative Templates/System/Remote Procedure Call" to enable it. [Replications Check,DC2] A recent replication attempt failed: From DC to DC2 Naming Context: DC=DomainDnsZones,DC=Contoso,DC=net The replication generated an error (1256): The remote system is not available. For information about network troubleshooting, see Windows Help. The failure occurred at 2023-04-26 10:54:14. The last success occurred at 2023-01-30 11:17:32. 142 failures have occurred since the last success. [Replications Check,DC2] A recent replication attempt failed: From DC to DC2 Naming Context: CN=Schema,CN=Configuration,DC=Contoso,DC=net The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2023-04-26 10:55:38. The last success occurred at 2022-12-21 12:53:04. 1101 failures have occurred since the last success. The source remains down. Please check the machine. [Replications Check,DC2] A recent replication attempt failed: From DC to DC2 Naming Context: CN=Configuration,DC=Contoso,DC=net The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2023-04-26 10:54:56. The last success occurred at 2023-01-30 11:16:48. 142 failures have occurred since the last success. The source remains down. Please check the machine. [Replications Check,DC2] A recent replication attempt failed: From DC to DC2 Naming Context: DC=Contoso,DC=net The replication generated an error (1722): The RPC server is unavailable. The failure occurred at 2023-04-26 10:54:14. The last success occurred at 2023-01-30 11:19:07. 142 failures have occurred since the last success. The source remains down. Please check the machine. ......................... DC2 failed test Replications Starting test: RidManager * Available RID Pool for the Domain is 32600 to 1073741823 * DC2.Contoso.net is the RID Master * DsBind with RID Master was successful * rIDAllocationPool is 2100 to 2599 The DS has corrupt data: rIDPreviousAllocationPool value is not valid * rIDPreviousAllocationPool is 0 to 0 * rIDNextRID: 0 No rids allocated -- please check eventlog. ......................... DC2 failed test RidManager Starting test: Services * Checking Service: EventSystem * Checking Service: RpcSs * Checking Service: NTDS Could not open NTDS Service on DC2, error 0x5 "Access is denied." * Checking Service: DnsCache * Checking Service: DFSR * Checking Service: IsmServ * Checking Service: kdc * Checking Service: SamSs * Checking Service: LanmanServer * Checking Service: LanmanWorkstation * Checking Service: w32time * Checking Service: NETLOGON ......................... DC2 failed test Services Starting test: SystemLog * The System Event log test An error event occurred. EventID: 0x0000410B Time Generated: 04/26/2023 10:24:01 Event String: The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is " The role owner attribute could not be read. " ......................... DC2 failed test SystemLog Test omitted by user request: Topology Test omitted by user request: VerifyEnterpriseReferences Starting test: VerifyReferences The system object reference (serverReference) CN=DC2,OU=Domain Controllers,DC=Contoso,DC=net and backlink on CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net are correct. The system object reference (serverReferenceBL) CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=Contoso,DC=net and backlink on CN=NTDS Settings,CN=DC2,CN=Servers,CN=Contoso,CN=Sites,CN=Configuration,DC=Contoso,DC=net are correct. The system object reference (msDFSR-ComputerReferenceBL) CN=DC2,CN=Topology,CN=Domain System Volume,CN=DFSR-GlobalSettings,CN=System,DC=Contoso,DC=net and backlink on CN=DC2,OU=Domain Controllers,DC=Contoso,DC=net are correct. ......................... DC2 passed test VerifyReferences Test omitted by user request: VerifyReplicas Test omitted by user request: DNS Test omitted by user request: DNS Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : Contoso Starting test: CheckSDRefDom ......................... Contoso passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Contoso passed test CrossRefValidation Running enterprise tests on : Contoso.net Test omitted by user request: DNS Test omitted by user request: DNS Starting test: LocatorCheck GC Name: \\DC2.Contoso.net Locator Flags: 0xe003f1fd PDC Name: \\DC2.Contoso.net Locator Flags: 0xe003f1fd Time Server Name: \\DC2.Contoso.net Locator Flags: 0xe003f1fd Preferred Time Server Name: \\DC2.Contoso.net Locator Flags: 0xe003f1fd KDC Name: \\DC2.Contoso.net Locator Flags: 0xe003f1fd ......................... Contoso.net passed test LocatorCheck Starting test: Intersite Skipping site Contoso, this site is outside the scope provided by the command line arguments provided. ......................... Contoso.net passed test Intersite