NetDiag and DCDiag discrepencies on new 2008 domain....

TalioGladius

I have a new 2008 domain as a pilot for the domain that I'll be building
soon for production. Single forest, single domain. Two 2008 DCs thus far,
both running integrated DNS zone.

-Netdiag report shows a failure for the DNS test when run from one of the
DCs...
DNS test . . . . . . . . . . . . . : Failed
[WARNING] Cannot find a primary authoritative DNS server for the
name
'dc1.domain.internal.co.xxxxxx.tx.us.'.
OTAVAIL ]
The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may not be
registered in DNS.
[FATAL] Could not open file C:\Windows\system32\config\netlogon.dns for
reading.
[FATAL] No DNS servers have the DNS records for this DC registered.

My concern with this is that a good bit of the info provided by google
points to single label DNS names, such as this:
http://support.microsoft.com/default...us;300684&FR=1. We are
local government, so we do have a legnthy FQDN, but if I need to resort to
something shorter such as mycounty.local I need to know ahead of time.
Another concern is that when I run netdiag from my vista laptop on the
domain, the dns test passes. There are also replication issues reported by
replmon.


-Next failure shown when run from 'dc1':
DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[ERROR_NO_BROWSER_SERVERS_FOUND]

Same failure shown when run from my laptop:

DC list test . . . . . . . . . . . : Failed
Failed to enumerate DCs by using the browser.
[ERROR_NOT_ENOUGH_SERVER_MEMORY]

Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using the
domain, so memory isn't an issue.




-On to dcdiag run from dc1:
Starting test: NetLogons
[dc1] User credentials does not have permission to perform this
operation.
The account used for this test must have network logon privileges
for this machine's domain.
......................... dc1 failed test NetLogons

I'm running as an Enterprise and Domain Admin.


-Next:
Starting test: Replications
[Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL) failed,
error 0x2105
"Replication access was denied."
......................... dc1 failed test Replications


-Next:
Starting test: Services
Could not open NTDS Service on dc1, error 0x5 "Access is denied."
......................... dc1 failed test Services
Again, run as Ent/Domain admin.


-DCDiag from my laptop:
Starting test: VerifyReferences
Some objects relating to the DC dc1 have problems:
[1] Problem: Missing Expected Value
Base Object: CN=dc1,OU=Domain
Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,D C=tx,DC=us
Base Object Description: "DC Account Object"
Value Object Attribute Name: frsComputerReferenceBL
Value Object Description: "SYSVOL FRS Member Object"
Recommended Action: See Knowledge Base Article: Q312862

I went straight to 2008 native mode, so it should be using DFS-R if I
understand it correctly....



I apologize for the verbosity, I just need to get this thing to a perfect
state before I attempt to go to production.

Meinolf Weber

Hello TalioGladius,

Please describe how you setup DNS and also post an unedited ipconfig /all
form both DC/DNS servers.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> I have a new 2008 domain as a pilot for the domain that I'll be
> building soon for production. Single forest, single domain. Two 2008
> DCs thus far, both running integrated DNS zone.
>
> -Netdiag report shows a failure for the DNS test when run from one of
> the
> DCs...
> DNS test . . . . . . . . . . . . . : Failed
> [WARNING] Cannot find a primary authoritative DNS server for
> the
> name
> 'dc1.domain.internal.co.xxxxxx.tx.us.'.
> OTAVAIL ]
> The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may
> not be
> registered in DNS.
> [FATAL] Could not open file
> C:\Windows\system32\config\netlogon.dns for
> reading.
> [FATAL] No DNS servers have the DNS records for this DC
> registered.
> My concern with this is that a good bit of the info provided by google
> points to single label DNS names, such as this:
> http://support.microsoft.com/default...us;300684&FR=1.
> We are local government, so we do have a legnthy FQDN, but if I need
> to resort to something shorter such as mycounty.local I need to know
> ahead of time. Another concern is that when I run netdiag from my
> vista laptop on the domain, the dns test passes. There are also
> replication issues reported by replmon.
>
> -Next failure shown when run from 'dc1':
> DC list test . . . . . . . . . . . : Failed
> Failed to enumerate DCs by using the browser.
> [ERROR_NO_BROWSER_SERVERS_FOUND]
> Same failure shown when run from my laptop:
>
> DC list test . . . . . . . . . . . : Failed
> Failed to enumerate DCs by using the browser.
> [ERROR_NOT_ENOUGH_SERVER_MEMORY]
> Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using
> the domain, so memory isn't an issue.
>
> -On to dcdiag run from dc1:
> Starting test: NetLogons
> [dc1] User credentials does not have permission to perform this
> operation.
> The account used for this test must have network logon privileges
> for this machine's domain.
> ......................... dc1 failed test NetLogons
> I'm running as an Enterprise and Domain Admin.
>
> -Next:
> Starting test: Replications
> [Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL)
> failed,
> error 0x2105
> "Replication access was denied."
> ......................... dc1 failed test Replications
> -Next:
> Starting test: Services
> Could not open NTDS Service on dc1, error 0x5 "Access is
> denied."
> ......................... dc1 failed test Services
> Again, run as Ent/Domain admin.
> -DCDiag from my laptop:
> Starting test: VerifyReferences
> Some objects relating to the DC dc1 have problems:
> [1] Problem: Missing Expected Value
> Base Object: CN=dc1,OU=Domain
> Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,D C=tx,DC=us
> Base Object Description: "DC Account Object"
> Value Object Attribute Name: frsComputerReferenceBL
> Value Object Description: "SYSVOL FRS Member Object"
> Recommended Action: See Knowledge Base Article: Q312862
> I went straight to 2008 native mode, so it should be using DFS-R if I
> understand it correctly....
>
> I apologize for the verbosity, I just need to get this thing to a
> perfect state before I attempt to go to production.
>

TalioGladius

FQDN edited for obvious reasons.


PS C:\Program Files\Support Tools> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dc1
Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
internal.co.xxxx.tx.us
co.xxxx.tx.us
xxxx.tx.us
tx.us

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
Physical Address. . . . . . . . . : 00-50-56-B0-49-09
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::e828:c7d3:d384:cd73%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.251.12.140(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.251.12.1
DNS Servers . . . . . . . . . . . : ::1
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{1A8B4A6F-AE51-4644-B6BE-FBEC4D08BCCC}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
PS C:\Program Files\Support Tools>




PS C:\> ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : dc2
Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
internal.co..tx.us
co.xxxx.tx.us
xxxx.tx.us
tx.us

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-50-56-B0-5D-AE
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . :
fe80::5ec:2a11:516e:519a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.251.12.139(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.251.12.1
DNS Servers . . . . . . . . . . . : ::1
10.251.12.140
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{853E9763-2566-454E-88BC-8D331FDB1892}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
PS C:\>





"Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
news:ff16fb6693e968ca5f29a358b468@msnews.microsoft .com...
> Hello TalioGladius,
>
> Please describe how you setup DNS and also post an unedited ipconfig /all
> form both DC/DNS servers.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> I have a new 2008 domain as a pilot for the domain that I'll be
>> building soon for production. Single forest, single domain. Two 2008
>> DCs thus far, both running integrated DNS zone.
>>
>> -Netdiag report shows a failure for the DNS test when run from one of
>> the
>> DCs...
>> DNS test . . . . . . . . . . . . . : Failed
>> [WARNING] Cannot find a primary authoritative DNS server for
>> the
>> name
>> 'dc1.domain.internal.co.xxxxxx.tx.us.'.
>> OTAVAIL ]
>> The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may
>> not be
>> registered in DNS.
>> [FATAL] Could not open file
>> C:\Windows\system32\config\netlogon.dns for
>> reading.
>> [FATAL] No DNS servers have the DNS records for this DC
>> registered.
>> My concern with this is that a good bit of the info provided by google
>> points to single label DNS names, such as this:
>> http://support.microsoft.com/default...us;300684&FR=1.
>> We are local government, so we do have a legnthy FQDN, but if I need
>> to resort to something shorter such as mycounty.local I need to know
>> ahead of time. Another concern is that when I run netdiag from my
>> vista laptop on the domain, the dns test passes. There are also
>> replication issues reported by replmon.
>>
>> -Next failure shown when run from 'dc1':
>> DC list test . . . . . . . . . . . : Failed
>> Failed to enumerate DCs by using the browser.
>> [ERROR_NO_BROWSER_SERVERS_FOUND]
>> Same failure shown when run from my laptop:
>>
>> DC list test . . . . . . . . . . . : Failed
>> Failed to enumerate DCs by using the browser.
>> [ERROR_NOT_ENOUGH_SERVER_MEMORY]
>> Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using
>> the domain, so memory isn't an issue.
>>
>> -On to dcdiag run from dc1:
>> Starting test: NetLogons
>> [dc1] User credentials does not have permission to perform this
>> operation.
>> The account used for this test must have network logon privileges
>> for this machine's domain.
>> ......................... dc1 failed test NetLogons
>> I'm running as an Enterprise and Domain Admin.
>>
>> -Next:
>> Starting test: Replications
>> [Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL)
>> failed,
>> error 0x2105
>> "Replication access was denied."
>> ......................... dc1 failed test Replications
>> -Next:
>> Starting test: Services
>> Could not open NTDS Service on dc1, error 0x5 "Access is
>> denied."
>> ......................... dc1 failed test Services
>> Again, run as Ent/Domain admin.
>> -DCDiag from my laptop:
>> Starting test: VerifyReferences
>> Some objects relating to the DC dc1 have problems:
>> [1] Problem: Missing Expected Value
>> Base Object: CN=dc1,OU=Domain
>> Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,D C=tx,DC=us
>> Base Object Description: "DC Account Object"
>> Value Object Attribute Name: frsComputerReferenceBL
>> Value Object Description: "SYSVOL FRS Member Object"
>> Recommended Action: See Knowledge Base Article: Q312862
>> I went straight to 2008 native mode, so it should be using DFS-R if I
>> understand it correctly....
>>
>> I apologize for the verbosity, I just need to get this thing to a
>> perfect state before I attempt to go to production.
>>
>
>

Meinolf Weber

Hello TalioGladius,

Remove the loopback address 127.0.0.1 and configure every machine with preferred
DNS itself and secondary the other, restart one server after the other and
run the test again. The loopback address you can use only if one DNS server
exists.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> FQDN edited for obvious reasons.
>
> PS C:\Program Files\Support Tools> ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dc1
> Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
> internal.co.xxxx.tx.us
> co.xxxx.tx.us
> xxxx.tx.us
> tx.us
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
> Adapter
> Physical Address. . . . . . . . . : 00-50-56-B0-49-09
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::e828:c7d3:d384:cd73%10(Preferred)
> IPv4 Address. . . . . . . . . . . : 10.251.12.140(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.251.12.1
> DNS Servers . . . . . . . . . . . : ::1
> 127.0.0.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{1A8B4A6F-AE51-4644-B6BE-FBEC4D08BCCC}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> PS C:\Program Files\Support Tools>
> PS C:\> ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dc2
> Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
> internal.co..tx.us
> co.xxxx.tx.us
> xxxx.tx.us
> tx.us
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-50-56-B0-5D-AE
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::5ec:2a11:516e:519a%10(Preferred)
> IPv4 Address. . . . . . . . . . . : 10.251.12.139(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.251.12.1
> DNS Servers . . . . . . . . . . . : ::1
> 10.251.12.140
> 127.0.0.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{853E9763-2566-454E-88BC-8D331FDB1892}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Tunnel adapter Local Area Connection* 9:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling
> Pseudo-Interface
> Physical Address. . . . . . . . . : 02-00-54-55-4E-01
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> PS C:\>
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6693e968ca5f29a358b468@msnews.microsoft .com...
>
>> Hello TalioGladius,
>>
>> Please describe how you setup DNS and also post an unedited ipconfig
>> /all form both DC/DNS servers.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have a new 2008 domain as a pilot for the domain that I'll be
>>> building soon for production. Single forest, single domain. Two
>>> 2008 DCs thus far, both running integrated DNS zone.
>>>
>>> -Netdiag report shows a failure for the DNS test when run from one
>>> of
>>> the
>>> DCs...
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'dc1.domain.internal.co.xxxxxx.tx.us.'.
>>> OTAVAIL ]
>>> The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may
>>> not be
>>> registered in DNS.
>>> [FATAL] Could not open file
>>> C:\Windows\system32\config\netlogon.dns for
>>> reading.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> My concern with this is that a good bit of the info provided by
>>> google
>>> points to single label DNS names, such as this:
>>> http://support.microsoft.com/default...us;300684&FR=1.
>>> We are local government, so we do have a legnthy FQDN, but if I need
>>> to resort to something shorter such as mycounty.local I need to know
>>> ahead of time. Another concern is that when I run netdiag from my
>>> vista laptop on the domain, the dns test passes. There are also
>>> replication issues reported by replmon.
>>> -Next failure shown when run from 'dc1':
>>> DC list test . . . . . . . . . . . : Failed
>>> Failed to enumerate DCs by using the browser.
>>> [ERROR_NO_BROWSER_SERVERS_FOUND]
>>> Same failure shown when run from my laptop:
>>> DC list test . . . . . . . . . . . : Failed
>>> Failed to enumerate DCs by using the browser.
>>> [ERROR_NOT_ENOUGH_SERVER_MEMORY]
>>> Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using
>>> the domain, so memory isn't an issue.
>>> -On to dcdiag run from dc1:
>>> Starting test: NetLogons
>>> [dc1] User credentials does not have permission to perform this
>>> operation.
>>> The account used for this test must have network logon privileges
>>> for this machine's domain.
>>> ......................... dc1 failed test NetLogons
>>> I'm running as an Enterprise and Domain Admin.
>>> -Next:
>>> Starting test: Replications
>>> [Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL)
>>> failed,
>>> error 0x2105
>>> "Replication access was denied."
>>> ......................... dc1 failed test Replications
>>> -Next:
>>> Starting test: Services
>>> Could not open NTDS Service on dc1, error 0x5 "Access is
>>> denied."
>>> ......................... dc1 failed test Services
>>> Again, run as Ent/Domain admin.
>>> -DCDiag from my laptop:
>>> Starting test: VerifyReferences
>>> Some objects relating to the DC dc1 have problems:
>>> [1] Problem: Missing Expected Value
>>> Base Object: CN=dc1,OU=Domain
>>> Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,D C=tx,DC=us
>>> Base Object Description: "DC Account Object"
>>> Value Object Attribute Name: frsComputerReferenceBL
>>> Value Object Description: "SYSVOL FRS Member Object"
>>> Recommended Action: See Knowledge Base Article: Q312862
>>> I went straight to 2008 native mode, so it should be using DFS-R if
>>> I
>>> understand it correctly....
>>> I apologize for the verbosity, I just need to get this thing to a
>>> perfect state before I attempt to go to production.
>>>

Meinolf Weber

Hello TalioGladius,

If not needed, i also would disable the IPv6 by unchecking it.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

> FQDN edited for obvious reasons.
>
> PS C:\Program Files\Support Tools> ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dc1
> Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
> internal.co.xxxx.tx.us
> co.xxxx.tx.us
> xxxx.tx.us
> tx.us
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : VMware Accelerated AMD PCNet
> Adapter
> Physical Address. . . . . . . . . : 00-50-56-B0-49-09
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::e828:c7d3:d384:cd73%10(Preferred)
> IPv4 Address. . . . . . . . . . . : 10.251.12.140(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.251.12.1
> DNS Servers . . . . . . . . . . . : ::1
> 127.0.0.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{1A8B4A6F-AE51-4644-B6BE-FBEC4D08BCCC}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> PS C:\Program Files\Support Tools>
> PS C:\> ipconfig /all
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : dc2
> Primary Dns Suffix . . . . . . . : mcse.internal.co.xxxx.tx.us
> Node Type . . . . . . . . . . . . : Hybrid
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : mcse.internal.co.xxxx.tx.us
> internal.co..tx.us
> co.xxxx.tx.us
> xxxx.tx.us
> tx.us
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
> Connection
> Physical Address. . . . . . . . . : 00-50-56-B0-5D-AE
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Link-local IPv6 Address . . . . . :
> fe80::5ec:2a11:516e:519a%10(Preferred)
> IPv4 Address. . . . . . . . . . . : 10.251.12.139(Preferred)
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 10.251.12.1
> DNS Servers . . . . . . . . . . . : ::1
> 10.251.12.140
> 127.0.0.1
> NetBIOS over Tcpip. . . . . . . . : Enabled
> Tunnel adapter Local Area Connection* 8:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . :
> isatap.{853E9763-2566-454E-88BC-8D331FDB1892}
> Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> Tunnel adapter Local Area Connection* 9:
>
> Media State . . . . . . . . . . . : Media disconnected
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Teredo Tunneling
> Pseudo-Interface
> Physical Address. . . . . . . . . : 02-00-54-55-4E-01
> DHCP Enabled. . . . . . . . . . . : No
> Autoconfiguration Enabled . . . . : Yes
> PS C:\>
> "Meinolf Weber" <meiweb(nospam)@gmx.de> wrote in message
> news:ff16fb6693e968ca5f29a358b468@msnews.microsoft .com...
>
>> Hello TalioGladius,
>>
>> Please describe how you setup DNS and also post an unedited ipconfig
>> /all form both DC/DNS servers.
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> I have a new 2008 domain as a pilot for the domain that I'll be
>>> building soon for production. Single forest, single domain. Two
>>> 2008 DCs thus far, both running integrated DNS zone.
>>>
>>> -Netdiag report shows a failure for the DNS test when run from one
>>> of
>>> the
>>> DCs...
>>> DNS test . . . . . . . . . . . . . : Failed
>>> [WARNING] Cannot find a primary authoritative DNS server for
>>> the
>>> name
>>> 'dc1.domain.internal.co.xxxxxx.tx.us.'.
>>> OTAVAIL ]
>>> The name 'FruitLoops.mcse.internal.co.travis.tx.us.' may
>>> not be
>>> registered in DNS.
>>> [FATAL] Could not open file
>>> C:\Windows\system32\config\netlogon.dns for
>>> reading.
>>> [FATAL] No DNS servers have the DNS records for this DC
>>> registered.
>>> My concern with this is that a good bit of the info provided by
>>> google
>>> points to single label DNS names, such as this:
>>> http://support.microsoft.com/default...us;300684&FR=1.
>>> We are local government, so we do have a legnthy FQDN, but if I need
>>> to resort to something shorter such as mycounty.local I need to know
>>> ahead of time. Another concern is that when I run netdiag from my
>>> vista laptop on the domain, the dns test passes. There are also
>>> replication issues reported by replmon.
>>> -Next failure shown when run from 'dc1':
>>> DC list test . . . . . . . . . . . : Failed
>>> Failed to enumerate DCs by using the browser.
>>> [ERROR_NO_BROWSER_SERVERS_FOUND]
>>> Same failure shown when run from my laptop:
>>> DC list test . . . . . . . . . . . : Failed
>>> Failed to enumerate DCs by using the browser.
>>> [ERROR_NOT_ENOUGH_SERVER_MEMORY]
>>> Each DC is an ESX VM with 1.5 gb of ram, and I'm the only one using
>>> the domain, so memory isn't an issue.
>>> -On to dcdiag run from dc1:
>>> Starting test: NetLogons
>>> [dc1] User credentials does not have permission to perform this
>>> operation.
>>> The account used for this test must have network logon privileges
>>> for this machine's domain.
>>> ......................... dc1 failed test NetLogons
>>> I'm running as an Enterprise and Domain Admin.
>>> -Next:
>>> Starting test: Replications
>>> [Replications Check,dc1] DsReplicaGetInfo(PENDING_OPS, NULL)
>>> failed,
>>> error 0x2105
>>> "Replication access was denied."
>>> ......................... dc1 failed test Replications
>>> -Next:
>>> Starting test: Services
>>> Could not open NTDS Service on dc1, error 0x5 "Access is
>>> denied."
>>> ......................... dc1 failed test Services
>>> Again, run as Ent/Domain admin.
>>> -DCDiag from my laptop:
>>> Starting test: VerifyReferences
>>> Some objects relating to the DC dc1 have problems:
>>> [1] Problem: Missing Expected Value
>>> Base Object: CN=dc1,OU=Domain
>>> Controllers,DC=domain,DC=internal,DC=co,DC=xxxxx,D C=tx,DC=us
>>> Base Object Description: "DC Account Object"
>>> Value Object Attribute Name: frsComputerReferenceBL
>>> Value Object Description: "SYSVOL FRS Member Object"
>>> Recommended Action: See Knowledge Base Article: Q312862
>>> I went straight to 2008 native mode, so it should be using DFS-R if
>>> I
>>> understand it correctly....
>>> I apologize for the verbosity, I just need to get this thing to a
>>> perfect state before I attempt to go to production.
>>>

Mike0815

Hello,

I partially experienced problems with dcdiag on a 2008 as well.
My dcdiag fails on tests services and replications:

......................... XXX-DC-03 passed test ObjectsReplicated
Starting test: Replications
[Replications Check,XXX-DC-03] DsReplicaGetInfo(PENDING_OPS, NULL)
failed, error 0x2105 "Win32 Error 8453"
......................... XXX-DC-03 failed test Replications
Starting test: RidManager
......................... XXX-DC-03 passed test RidManager
Starting test: Services
Could not open NTDS Service on XXX-DC-03, error 0x5 "Win32 Error 5"
......................... XXX-DC-03 failed test Services
Starting test: SystemLog
An Warning Event occurred. EventID: 0x80060005
Time Generated: 04/01/2008 16:32:27

Reason: UAC.
I had do run the command shell with "Run as administrator" option. (or
disable UAC)
After that everything went fine for me.

Greetings,
Mike

mike0815

Another thing I found out:

It seems as if RPC Connections to remote sites are having problems
with firewalls. (similiar to that scenario after 2003 sp1).

2008 RPC Connections are dropped by firewalls. (2003 not)
(--> Firewall Log and dcdiag /e Connectivity tests)

Anybody found out some details on that?
(Cisco HFE / firewall settings etc.)

Thank you!
Mike