Recommended Posts

Hi All.

 

My data center provider had to physically move their infrastructure from their existing location to their new buildings. Extensive planning was done and I was involved and on paper, everything should have been fine. However, on first start up on the new location, sysprep ran on several of my servers including our DC's. We recovered from backups to the state just before the move but they were in USN rollback so I involved Microsoft and we were able to recover the domains and ensure replication was working.

 

I have since been tidying up DNS as we had a site that was unable to access outside sites and have managed to clear all the issues apart from this one from DCDiag /test:DNS

 

C:\Windows\system32>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = ELROND
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Tonbridge\ELROND
      Starting test: Connectivity
         ......................... ELROND passed test Connectivity
Doing primary tests
   Testing server: Tonbridge\ELROND
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ELROND passed test DNS
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : tonbridge
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            DC: ELROND.tonbridge.DOMAIN.local
            Domain: tonbridge.DOMAIN.local

               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.
         Summary of test results for DNS servers used by the above domain
         controllers:

***SNIPPED AS ALL ROOT HINTS ARE SHOWING THE SAME ERROR, LAST 2 ARE FORWARDERS***

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 202.12.27.33
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 4.2.2.1
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 8.8.8.8
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: tonbridge.DOMAIN.local
               ELROND                       PASS PASS FAIL PASS PASS PASS n/a
         ......................... DOMAIN.local failed test DNS

I am currently using public DNS for forwarders on this DNS server, this is temporary while we migrate to a new line over the next few weeks.

 

I have also tested removing the forwarders and running the tests again but I get the same results, strangely though from the server, browsing is now fine and would suggest forwarding is working? Under the forwarding tab, I have updated and can resolve all the servers so I now have the latest IP addresses and the forwarders also resolve and validate.

 

Although this appears to be working (I also have a clean DNS event log) I am concerned that further down the line I will have issues that could be resolved now.

Link to comment
https://www.neowin.net/forum/topic/1342954-dns-forwarding-and-root-hints-error/
Share on other sites

Results from ipconfig /all

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ELROND
   Primary Dns Suffix  . . . . . . . : tonbridge.DOMAIN.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : tonbridge.DOMAIN.local
                                       DOMAIN.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-0B-56-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.12.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.12.250
   DNS Servers . . . . . . . . . . . : 192.168.12.1
                                       192.168.250.5
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{54BEF98A-13EF-402F-8AD6-C895F4FAA6C4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

what are the root hints..?  They should be the default ones..

 

Here are the root hint servers

http://www.internic.net/domain/named.root

 

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     August 29, 2017
;       related version of root zone:     2017082901
;
; FORMERLY NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

All clear.

 

C:\Users\Administrator>ping a.root-servers.net

Pinging a.root-servers.net [198.41.0.4] with 32 bytes of data:
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57

Ping statistics for 198.41.0.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 4ms

what in your configuration is making DNS query this?

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f

 

 

It should not query domain.local externally....this is where your fail is.  I don't know your setup fully, so I can only assume that you don't have AD dns setup properly or you have other issues there.  External DNS will never resolve internal names.

 

 

you aren't going to find it in adsiedit or dns....at least what you are looking for.    your system is trying to find your local domain on a external dns...

 

entries are missing on your dns, dns not setup correctly, replication is not happening.  You have to look to see if your dns is replicating properly, eventviewer logs will help here.

I'm not seeing any replication issues, ran the following on all DC's and the results are all successful, all had the same results.

 

repadmin /showreps 
repadmin /replsum
Repadmin/kcc

 

Also ran dcdiag /v, no issues her that I can see - Apologies for the lenght).

 


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine ELROND, is a Directory Server. 
   Home Server = ELROND

   * Connecting to directory service on server ELROND.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=BOROMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=FARAMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=LEGOLAS,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=GIMLI,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ARAGORN,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CRUSADER,CN=Servers,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PHANTOM,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=HERA,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PROMETHIUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 12 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... ELROND passed test Connectivity

Doing primary tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Advertising

         The DC ELROND is advertising itself as a DC and having a DS.
         The DC ELROND is advertising as an LDAP server
         The DC ELROND is advertising as having a writeable directory
         The DC ELROND is advertising as a Key Distribution Center
         The DC ELROND is advertising as a time server
         The DS ELROND is advertising as a GC.
         ......................... ELROND passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... ELROND passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         Skip the test because the server is running FRS.

         ......................... ELROND passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... ELROND passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... ELROND passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... ELROND passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC ELROND on DC ELROND.
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :LDAP/d2a64bd3-876f-40b9-bc67-862d63d06e6e._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d2a64bd3-876f-40b9-bc67-862d63d06e6e/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :GC/ELROND.tonbridge.DOMAIN.local/DOMAIN.local
         ......................... ELROND passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC ELROND.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=tonbridge,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=newhaven,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=TechGate,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=Southampton1,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=braintree,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=DOMAIN,DC=local
            (Domain,Version 3)
         ......................... ELROND passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\ELROND\netlogon
         Verified share \\ELROND\sysvol
         ......................... ELROND passed test NetLogons

      Starting test: ObjectsReplicated

         ELROND is in domain DC=tonbridge,DC=DOMAIN,DC=local
         Checking for CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local in domain DC=tonbridge,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... ELROND passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  6 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=Southampton1,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=braintree,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=newhaven,DC=DOMAIN,DC=local
               Latency information for 10 entries in the vector were ignored.
                  1 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=TechGate,DC=DOMAIN,DC=local
               Latency information for 14 entries in the vector were ignored.
                  5 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... ELROND passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4600 to 1073741823
         * ELROND.tonbridge.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2600 to 3099
         * rIDPreviousAllocationPool is 2600 to 3099
         * rIDNextRID: 2703
         ......................... ELROND passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ELROND passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:32

            Event String:

            DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:53

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         ......................... ELROND failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (serverReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (frsComputerReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         are correct. 
         ......................... ELROND passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : tonbridge

      Starting test: CheckSDRefDom

         ......................... tonbridge passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... tonbridge passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running enterprise tests on : DOMAIN.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\ELROND.tonbridge.DOMAIN.local

         Locator Flags: 0xe000f1fd
         PDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Preferred Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         KDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         ......................... DOMAIN.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Southampton1, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Tonbridge, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site TechGate, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Braintree, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Newhaven, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Reading, this site is outside the scope provided by the

         command line arguments provided. 
         ......................... DOMAIN.local passed test Intersite

it looks like things are passing....try the dns test again.

 

if it fails again, something is wrong with your dns config...msdcs would be a place to look and make sure it is there on your local dns server.  If it isn't you are going to have to get it to replicate, do not manually put the entry in.

Interestingly on the parent domain DC, dcdiag /test:dns is clear, no issues at all.

 

On the 5 child domains, all have the same error as above but I did also notice this on one of them too;

 

               TEST: Records registration (RReg)
                  Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
                     Error:
                     Missing SRV record at DNS server 192.168.250.5:
                     _ldap._tcp.50547d4b-9b33-4422-9419-5e1f49075f4e.domains._ms
dcs.DOMAIN.local

               Warning: Record Registrations not found in some network adapters

 

I will have to look at this later, got parental duties now.

Edited by StrikedOut
  • 1 year later...
  On 21/09/2017 at 17:39, StrikedOut said:

Interestingly on the parent domain DC, dcdiag /test:dns is clear, no issues at all.

 

On the 5 child domains, all have the same error as above but I did also notice this on one of them too;

 

               TEST: Records registration (RReg)
                  Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
                     Error:
                     Missing SRV record at DNS server 192.168.250.5:
                     _ldap._tcp.50547d4b-9b33-4422-9419-5e1f49075f4e.domains._ms
dcs.DOMAIN.local

               Warning: Record Registrations not found in some network adapters

 

I will have to look at this later, got parental duties now.

Expand  

Sorry to resurrect this old post, but did you ever get this resolved? We're having the same issue and really struggling to fix.

Thanks.

  On 05/11/2018 at 13:22, Squuiid said:

Sorry to resurrect this old post, but did you ever get this resolved? We're having the same issue and really struggling to fix.

Thanks.

Expand  

I could take a look at if you would like, feel free to pm teamviewer info.

 

Otherwise create a new topic with what you have done and we can see if we can help here.

This topic is now closed to further replies.
  • Posts

    • yeah GSMA began working to enable end to end encryption between android and iphone last year and apparently a new standard was developed. apple has said that they would implement this in "future software updates" but i haven't heard anything since march, the time this was all reported on. shortly after, i read on forbes that the FBI suggests not sending texts between iphone and android because they're unencrypted. i use signal to chat with my wife but i'd rather just use messages tbh (she has an iphone), i'm not really a 3rd party guy haha
    • Well, I did not like the trailer for the project he went to work on also, but why do you think he should waste time with this… did you love the season 2? Maybe I am missing out after the crap I saw in first season ep1-3? I love the first last of us game… while not the BEST it was one of the games that I will remember for the EXPERIENCE it game me… last of us 2 was not on the same level at all and the show🤔 complete miss in my experience of the first few level
    • They're likely moving all resources to other things. Clearly Windows is not important to them.
    • Image Uploader 1.4.3 Build 5352 by Razvan Serea Image Uploader is a free and open-source program for Windows that that allows you to effortlessly upload images, screenshots, and various files to a wide array of hosting services. With its capability to capture selected screen areas, it promptly uploads content to image hosting services, while also offering the convenience of automatically copying the URL to your clipboard. Key Features of Image Uploader: Upload to Multiple Hosting Services Image Uploader supports uploading images and files to over 30 popular hosting services. Additionally, it can upload directly to your own FTP, SFTP, or WebDAV server. After upload, the tool automatically generates sharing codes in HTML, BBCode, and Markdown, with support for custom output templates tailored to your needs. Video Frame Grabbing and Screenshot Tools You can extract multiple frames from video files in a wide range of formats including AVI, MP4, MKV, WMV, and more. It supports both system-installed codecs and built-in ones. The extracted frames can be uploaded individually or compiled into a single mosaic image. It also includes screenshot capabilities for the full screen or selected regions, along with a simple image editor for annotations, highlights, and blurring. Advanced Integration and Usability Image Uploader supports drag-and-drop, clipboard monitoring, and can be accessed via Windows Explorer’s context menu. It also features URL shortening, multi-account support, reuploading, and the ability to upload images embedded in text while retaining formatting. The app is available in several languages, including English, Russian, Turkish, Korean, Arabic, and more. Image Uploader 1.4.3 Build 5352 changelog: New Features Screen Recording: Added two powerful capture methods: DirectX (Desktop Duplication API) FFmpeg-based recording Expanded Hosting Services: Added support for new file hosting platforms: TeleBox (linkbox.to) take-me-to.space ranoz.gg webshare.cz lobfile.com imgpx.com freeimghost.net radikal.cloud anonpic.org fotozavr.ru imgtr.ee thumbsnap.com 8upload.com filemail.com Others Video Uploads: Added Flickr.com support for video uploads Localization: New French translation added Context Menu: Added "File Information" option to video file context menus DPI Support: Improved support for: Screen DPI changes Mixed-DPI multi-monitor setups Improvements Disabled application window animations during screenshot/screen recording initiation Updated API and documentation Improved overall stability Bug Fixes Fixed network client error that could cause application crashes Resolved unauthorized startup registration issue Fixed upload functionality for pixeldrain.com Restored tray icon balloon notifications visibility Various minor bug fixes Download: Image Uploader 64-bit | Portable 64-bit | ~16.0 MB | (Open Source) Download: Image Uploader 32-bit | Portable 32-bit | ~15.0 MB Download: Image Uploader ARM64 | Portable ARM64 | ~11.0 MB Links: Image Uploader Home Page | Screenshot | GitHub Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • A new Forza was among the things specifically mentioned as 'next year' during the Showcase in June. That's more than likely Horizon 6. Turn 10 made Motorsport and is responsible for the engine behind Horizon and the Fable reboot (with adjustments for each, of course). I think they'll likely remain a support studio for Playground. Given the fact that Turn 10's staff has been halved, and how much of a fumble the launch of Motorsport was (which remember, they initially branded as a 'platform' rather than just a standalone thing), the transition to support studio wouldn't surprise me.
  • Recent Achievements

    • Reacting Well
      SteveJaye earned a badge
      Reacting Well
    • One Month Later
      MadMung0 earned a badge
      One Month Later
    • One Month Later
      Uranus_enjoyer earned a badge
      One Month Later
    • Week One Done
      Philsl earned a badge
      Week One Done
    • Week One Done
      Jaclidio hoy earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      431
    2. 2
      ATLien_0
      156
    3. 3
      +FloatingFatMan
      148
    4. 4
      Nick H.
      64
    5. 5
      +thexfile
      62
  • Tell a friend

    Love Neowin? Tell a friend!