Recommended Posts

Hi All.

 

My data center provider had to physically move their infrastructure from their existing location to their new buildings. Extensive planning was done and I was involved and on paper, everything should have been fine. However, on first start up on the new location, sysprep ran on several of my servers including our DC's. We recovered from backups to the state just before the move but they were in USN rollback so I involved Microsoft and we were able to recover the domains and ensure replication was working.

 

I have since been tidying up DNS as we had a site that was unable to access outside sites and have managed to clear all the issues apart from this one from DCDiag /test:DNS

 

C:\Windows\system32>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = ELROND
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Tonbridge\ELROND
      Starting test: Connectivity
         ......................... ELROND passed test Connectivity
Doing primary tests
   Testing server: Tonbridge\ELROND
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ELROND passed test DNS
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : tonbridge
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            DC: ELROND.tonbridge.DOMAIN.local
            Domain: tonbridge.DOMAIN.local

               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.
         Summary of test results for DNS servers used by the above domain
         controllers:

***SNIPPED AS ALL ROOT HINTS ARE SHOWING THE SAME ERROR, LAST 2 ARE FORWARDERS***

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 202.12.27.33
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 4.2.2.1
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 8.8.8.8
         Summary of DNS test results:
                                            Auth Basc Forw Del  Dyn  RReg Ext
            _________________________________________________________________
            Domain: tonbridge.DOMAIN.local
               ELROND                       PASS PASS FAIL PASS PASS PASS n/a
         ......................... DOMAIN.local failed test DNS

I am currently using public DNS for forwarders on this DNS server, this is temporary while we migrate to a new line over the next few weeks.

 

I have also tested removing the forwarders and running the tests again but I get the same results, strangely though from the server, browsing is now fine and would suggest forwarding is working? Under the forwarding tab, I have updated and can resolve all the servers so I now have the latest IP addresses and the forwarders also resolve and validate.

 

Although this appears to be working (I also have a clean DNS event log) I am concerned that further down the line I will have issues that could be resolved now.

Link to comment
https://www.neowin.net/forum/topic/1342954-dns-forwarding-and-root-hints-error/
Share on other sites

Results from ipconfig /all

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ELROND
   Primary Dns Suffix  . . . . . . . : tonbridge.DOMAIN.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : tonbridge.DOMAIN.local
                                       DOMAIN.local

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-0B-56-00
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.12.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.12.250
   DNS Servers . . . . . . . . . . . : 192.168.12.1
                                       192.168.250.5
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{54BEF98A-13EF-402F-8AD6-C895F4FAA6C4}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

what are the root hints..?  They should be the default ones..

 

Here are the root hint servers

http://www.internic.net/domain/named.root

 

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     August 29, 2017
;       related version of root zone:     2017082901
;
; FORMERLY NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:200::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA  2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA  2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA  2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA  2001:dc3::35
; End of file

All clear.

 

C:\Users\Administrator>ping a.root-servers.net

Pinging a.root-servers.net [198.41.0.4] with 32 bytes of data:
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57

Ping statistics for 198.41.0.4:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 2ms, Maximum = 6ms, Average = 4ms

what in your configuration is making DNS query this?

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f

 

 

It should not query domain.local externally....this is where your fail is.  I don't know your setup fully, so I can only assume that you don't have AD dns setup properly or you have other issues there.  External DNS will never resolve internal names.

 

 

you aren't going to find it in adsiedit or dns....at least what you are looking for.    your system is trying to find your local domain on a external dns...

 

entries are missing on your dns, dns not setup correctly, replication is not happening.  You have to look to see if your dns is replicating properly, eventviewer logs will help here.

I'm not seeing any replication issues, ran the following on all DC's and the results are all successful, all had the same results.

 

repadmin /showreps 
repadmin /replsum
Repadmin/kcc

 

Also ran dcdiag /v, no issues her that I can see - Apologies for the lenght).

 


Directory Server Diagnosis


Performing initial setup:

   Trying to find home server...

   * Verifying that the local machine ELROND, is a Directory Server. 
   Home Server = ELROND

   * Connecting to directory service on server ELROND.

   * Identified AD Forest. 
   Collecting AD specific global data 
   * Collecting site info.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
   The previous call succeeded 
   Iterating through the sites 
   Looking at base site object: CN=NTDS Site Settings,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   Looking at base site object: CN=NTDS Site Settings,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
   Getting ISTG and options for the site
   * Identifying all servers.

   Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
   The previous call succeeded....
   The previous call succeeded
   Iterating through the list of servers 
   Getting information for the server CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=BOROMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=FARAMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=LEGOLAS,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=GIMLI,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ARAGORN,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=CRUSADER,CN=Servers,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PHANTOM,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=HERA,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   Getting information for the server CN=NTDS Settings,CN=PROMETHIUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local 
   objectGuid obtained
   InvocationID obtained
   dnsHostname obtained
   site info obtained
   All the info for the server collected
   * Identifying all NC cross-refs.

   * Found 12 DC(s). Testing 1 of them.

   Done gathering initial info.


Doing initial required tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Connectivity

         * Active Directory LDAP Services Check
         Determining IP4 connectivity 
         * Active Directory RPC Services Check
         ......................... ELROND passed test Connectivity

Doing primary tests

   
   Testing server: Tonbridge\ELROND

      Starting test: Advertising

         The DC ELROND is advertising itself as a DC and having a DS.
         The DC ELROND is advertising as an LDAP server
         The DC ELROND is advertising as having a writeable directory
         The DC ELROND is advertising as a Key Distribution Center
         The DC ELROND is advertising as a time server
         The DS ELROND is advertising as a GC.
         ......................... ELROND passed test Advertising

      Test omitted by user request: CheckSecurityError

      Test omitted by user request: CutoffServers

      Starting test: FrsEvent

         * The File Replication Service Event log test 
         ......................... ELROND passed test FrsEvent

      Starting test: DFSREvent

         The DFS Replication Event Log. 
         Skip the test because the server is running FRS.

         ......................... ELROND passed test DFSREvent

      Starting test: SysVolCheck

         * The File Replication Service SYSVOL ready test 
         File Replication Service's SYSVOL is ready 
         ......................... ELROND passed test SysVolCheck

      Starting test: KccEvent

         * The KCC Event log test
         Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
         ......................... ELROND passed test KccEvent

      Starting test: KnowsOfRoleHolders

         Role Schema Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Domain Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role PDC Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Rid Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         Role Infrastructure Update Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
         ......................... ELROND passed test KnowsOfRoleHolders

      Starting test: MachineAccount

         Checking machine account for DC ELROND on DC ELROND.
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local
         * SPN found :LDAP/ELROND
         * SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :LDAP/d2a64bd3-876f-40b9-bc67-862d63d06e6e._msdcs.DOMAIN.local
         * SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d2a64bd3-876f-40b9-bc67-862d63d06e6e/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local
         * SPN found :HOST/ELROND
         * SPN found :HOST/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
         * SPN found :GC/ELROND.tonbridge.DOMAIN.local/DOMAIN.local
         ......................... ELROND passed test MachineAccount

      Starting test: NCSecDesc

         * Security Permissions check for all NC's on DC ELROND.
         The forest is not ready for RODC. Will skip checking ERODC ACEs.
         * Security Permissions Check for

           DC=ForestDnsZones,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
            (NDNC,Version 3)
         * Security Permissions Check for

           DC=tonbridge,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
            (Schema,Version 3)
         * Security Permissions Check for

           CN=Configuration,DC=DOMAIN,DC=local
            (Configuration,Version 3)
         * Security Permissions Check for

           DC=newhaven,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=TechGate,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=Southampton1,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=braintree,DC=DOMAIN,DC=local
            (Domain,Version 3)
         * Security Permissions Check for

           DC=DOMAIN,DC=local
            (Domain,Version 3)
         ......................... ELROND passed test NCSecDesc

      Starting test: NetLogons

         * Network Logons Privileges Check
         Verified share \\ELROND\netlogon
         Verified share \\ELROND\sysvol
         ......................... ELROND passed test NetLogons

      Starting test: ObjectsReplicated

         ELROND is in domain DC=tonbridge,DC=DOMAIN,DC=local
         Checking for CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local in domain DC=tonbridge,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         Checking for CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
            Object is up-to-date on all servers.
         ......................... ELROND passed test ObjectsReplicated

      Test omitted by user request: OutboundSecureChannels

      Starting test: Replications

         * Replications Check
         * Replication Latency Check
            DC=ForestDnsZones,DC=DOMAIN,DC=local
               Latency information for 6 entries in the vector were ignored.
                  6 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            CN=Configuration,DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  15 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DOMAIN,DC=local
               Latency information for 15 entries in the vector were ignored.
                  6 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=Southampton1,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 1 entries in the vector were ignored.
                  1 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=tonbridge,DC=DOMAIN,DC=local
               Latency information for 3 entries in the vector were ignored.
                  3 were retired Invocations.  0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=braintree,DC=DOMAIN,DC=local
               Latency information for 16 entries in the vector were ignored.
                  7 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=newhaven,DC=DOMAIN,DC=local
               Latency information for 10 entries in the vector were ignored.
                  1 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
            DC=TechGate,DC=DOMAIN,DC=local
               Latency information for 14 entries in the vector were ignored.
                  5 were retired Invocations.  9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc.  0 had no latency information (Win2K DC).  
         ......................... ELROND passed test Replications

      Starting test: RidManager

         * Available RID Pool for the Domain is 4600 to 1073741823
         * ELROND.tonbridge.DOMAIN.local is the RID Master
         * DsBind with RID Master was successful
         * rIDAllocationPool is 2600 to 3099
         * rIDPreviousAllocationPool is 2600 to 3099
         * rIDNextRID: 2703
         ......................... ELROND passed test RidManager

      Starting test: Services

         * Checking Service: EventSystem
         * Checking Service: RpcSs
         * Checking Service: NTDS
         * Checking Service: DnsCache
         * Checking Service: NtFrs
         * Checking Service: IsmServ
         * Checking Service: kdc
         * Checking Service: SamSs
         * Checking Service: LanmanServer
         * Checking Service: LanmanWorkstation
         * Checking Service: w32time
         * Checking Service: NETLOGON
         ......................... ELROND passed test Services

      Starting test: SystemLog

         * The System Event log test
         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:32

            Event String:

            DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         An error event occurred.  EventID: 0x0000272C

            Time Generated: 09/21/2017   17:41:53

            Event String:

            DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID     12fc (C:\Windows\system32\dcdiag.exe).

         ......................... ELROND failed test SystemLog

      Test omitted by user request: Topology

      Test omitted by user request: VerifyEnterpriseReferences

      Starting test: VerifyReferences

         The system object reference (serverReference)

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (serverReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

         are correct. 
         The system object reference (frsComputerReferenceBL)

         CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

         and backlink on

         CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

         are correct. 
         ......................... ELROND passed test VerifyReferences

      Test omitted by user request: VerifyReplicas

   
      Test omitted by user request: DNS

      Test omitted by user request: DNS

   
   Running partition tests on : ForestDnsZones

      Starting test: CheckSDRefDom

         ......................... ForestDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... ForestDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : DomainDnsZones

      Starting test: CheckSDRefDom

         ......................... DomainDnsZones passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... DomainDnsZones passed test

         CrossRefValidation

   
   Running partition tests on : tonbridge

      Starting test: CheckSDRefDom

         ......................... tonbridge passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... tonbridge passed test CrossRefValidation

   
   Running partition tests on : Schema

      Starting test: CheckSDRefDom

         ......................... Schema passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Schema passed test CrossRefValidation

   
   Running partition tests on : Configuration

      Starting test: CheckSDRefDom

         ......................... Configuration passed test CheckSDRefDom

      Starting test: CrossRefValidation

         ......................... Configuration passed test CrossRefValidation

   
   Running enterprise tests on : DOMAIN.local

      Test omitted by user request: DNS

      Test omitted by user request: DNS

      Starting test: LocatorCheck

         GC Name: \\ELROND.tonbridge.DOMAIN.local

         Locator Flags: 0xe000f1fd
         PDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         Preferred Time Server Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         KDC Name: \\ELROND.tonbridge.DOMAIN.local
         Locator Flags: 0xe000f1fd
         ......................... DOMAIN.local passed test LocatorCheck

      Starting test: Intersite

         Skipping site Southampton1, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Tonbridge, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site TechGate, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Braintree, this site is outside the scope provided by

         the command line arguments provided. 
         Skipping site Newhaven, this site is outside the scope provided by the

         command line arguments provided. 
         Skipping site Reading, this site is outside the scope provided by the

         command line arguments provided. 
         ......................... DOMAIN.local passed test Intersite

it looks like things are passing....try the dns test again.

 

if it fails again, something is wrong with your dns config...msdcs would be a place to look and make sure it is there on your local dns server.  If it isn't you are going to have to get it to replicate, do not manually put the entry in.

Interestingly on the parent domain DC, dcdiag /test:dns is clear, no issues at all.

 

On the 5 child domains, all have the same error as above but I did also notice this on one of them too;

 

               TEST: Records registration (RReg)
                  Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
                     Error:
                     Missing SRV record at DNS server 192.168.250.5:
                     _ldap._tcp.50547d4b-9b33-4422-9419-5e1f49075f4e.domains._ms
dcs.DOMAIN.local

               Warning: Record Registrations not found in some network adapters

 

I will have to look at this later, got parental duties now.

Edited by StrikedOut
  • 1 year later...
  On 21/09/2017 at 17:39, StrikedOut said:

Interestingly on the parent domain DC, dcdiag /test:dns is clear, no issues at all.

 

On the 5 child domains, all have the same error as above but I did also notice this on one of them too;

 

               TEST: Records registration (RReg)
                  Network Adapter [00000010] Microsoft Hyper-V Network Adapter:
                     Error:
                     Missing SRV record at DNS server 192.168.250.5:
                     _ldap._tcp.50547d4b-9b33-4422-9419-5e1f49075f4e.domains._ms
dcs.DOMAIN.local

               Warning: Record Registrations not found in some network adapters

 

I will have to look at this later, got parental duties now.

Expand  

Sorry to resurrect this old post, but did you ever get this resolved? We're having the same issue and really struggling to fix.

Thanks.

  On 05/11/2018 at 13:22, Squuiid said:

Sorry to resurrect this old post, but did you ever get this resolved? We're having the same issue and really struggling to fix.

Thanks.

Expand  

I could take a look at if you would like, feel free to pm teamviewer info.

 

Otherwise create a new topic with what you have done and we can see if we can help here.

This topic is now closed to further replies.
  • Posts

    • Generally, Earth never initiated that animals lay straight
    • Several UI improvements masquerading as a major update. I'm truly hating this trend.
    • OpenAI to use Google Cloud despite rivalry, diversifying beyond Microsoft by Paul Hill To help it meet its massive computing demands for training and deploying AI models, OpenAI is looking into a surprising partnership with Google Cloud to use its services. It was widely seen that OpenAI was Google’s biggest threat, but this deal puts an end to the idea that the pair are purely competing. The two companies haven’t made any public announcement about the deal but a source speaking to Reuters claimed that talks had been ongoing for a few months before a deal was finalized in May. Notably, such a deal would see OpenAI expand its compute sources beyond Microsoft Azure. Microsoft had arrangements in place with OpenAI since 2019 that gave it the exclusive right to build new computing infrastructure for the startup. This limitation was loosened earlier this year with the announcement of Project Stargate. OpenAI is now allowed to look elsewhere for compute if Microsoft is unable to meet the demand. A win for Google Cloud, a challenge for Google's AI strategy The deal will see Google Cloud supply computing capacity for OpenAI’s AI model training and inference. This is a big win for Google’s Cloud unit because OpenAI is a massive name in AI and it lends credence to Google’s cloud offering. It also justifies Google Cloud’s expansion of its Tensor Processing Units (TPUs) for external use. On the back of the news, Alphabet’s stock price rose 2.1%, while Microsoft’s sank 0.6%, showing investors think it’s a good move for Google too. While many end users don’t interact with Google Cloud the same way they do with something like Android or Chrome, Cloud is actually a huge part of Google’s business. In 2024, it comprised $43 billion (12%) of Alphabet’s total revenue. With OpenAI as a customer, this figure could rise even more given the massive amounts of compute OpenAI needs. By leveraging Google’s services, it will also give OpenAI access to the search giant’s Tensor Processing Units (TPUs). Unlike GPUs, these chips are specifically designed to handle the kinds of calculations that are most common in AI and machine learning, leading to greater efficiency. Google’s expansion of these chips to external customers has already helped it attract business from Anthropic and Safe Superintelligence. While Google will happily take OpenAI’s money, it needs to tread carefully giving compute power to a rival, which will only make OpenAI more of a threat to Google’s search business. Specifically, it’ll need to manage how resources are allocated between Google’s own AI projects and its cloud customers. Another issue is that Google has been struggling to keep up with the overall demand for cloud computing, even with its own TPUs, according to its Chief Financial Officer in April. By giving access to OpenAI, it means even more pressure. Hopefully, this will be short lived as companies compete to build out capacity to attract customers. OpenAI's push for compute independence Back in 2019 when Microsoft became OpenAI’s exclusive cloud partner in exchange for $1 billion, the AI landscape was much different. End users wouldn’t have access to ChatGPT for another 3 years and the rate of development of new models was less ferocious than it is today. As OpenAI’s compute needs evolve, its relationship with Microsoft has had to evolve too, including this deal with Google and the Stargate infrastructure program. Reuters said that OpenAI’s annualized run rate (the amount they’ll earn in one year at its current pace) had surged to $10 billion, which highlights its explosive growth and need for more resources than Microsoft alone can offer. To make itself more independent, OpenAI has also signed deals worth billions of dollars with CoreWeave, another cloud compute provider, and it is nearing the finalization of the design of its first in-house chip, which could reduce its dependency on external hardware providers altogether. Source: Reuters
    • I don't think that means what you think it means
    • The Google Home app gets video forwarding support and many more features by Aman Kumar Along with releasing the Android 16 update for supported Pixel devices, Google has also showcased a number of features coming to its Home app. First up is PiP, also known as picture-in-picture mode, which will be available for Nest Cams on any Google TV device you own. It’ll be similar to YouTube’s PiP, with which you must be familiar with. A small window will appear in a corner of the TV screen, allowing you to view your Nest Cams without interrupting your viewing experience. The feature is currently in public preview, and you can enroll to try it out before its public release. Another YouTube feature that Google is adding to its Home app is the ability to jump 10 seconds forward or backward in recorded videos. This feature ensures that you don't have to go through the entire footage to locate the moment you’re looking for. Google mentioned in its blog post that it is adding more controls to the Google Home web app. Currently, the web app offers limited functionality, such as setting automations and viewing cameras, but soon you’ll be able to manage more things through it, such as adjusting lighting, controlling temperature, and locking or unlocking the door. Google’s AI model, Gemini, is also getting more controls in the Home app. You can use natural language in the Gemini app to search for specific footage in the camera history. Furthermore, the fallback assistant experience that broadcast commands use is also being updated. You’ll now be able to use your voice to broadcast messages through the connected speakers in your home. The Google blog post also mentions that you are no longer required to use the standalone Nest app to receive smoke and other critical alerts. You can now view the Nest Protect smoke and carbon monoxide (CO) status directly in the Home app. You’ll also be able to run safety checkups and hush alarms through the Home app. In addition to all these features, Google is also making the automation creation process much quicker, will allow you to add more tiles to the Home app Favorites section, and will let you create different Favorites for any other device you use, such as your smartwatch. The Home app will now also support third-party Matter locks. Similar to the Nest x Yale lock, you’ll be able to control various settings of these third-party locks, like managing household access, creating guest profiles, and more.
  • Recent Achievements

    • Week One Done
      Falisha Manpower earned a badge
      Week One Done
    • One Month Later
      elsa777 earned a badge
      One Month Later
    • Week One Done
      elsa777 earned a badge
      Week One Done
    • First Post
      K Dorman earned a badge
      First Post
    • Reacting Well
      rshit earned a badge
      Reacting Well
  • Popular Contributors

    1. 1
      +primortal
      544
    2. 2
      ATLien_0
      272
    3. 3
      +FloatingFatMan
      207
    4. 4
      +Edouard
      201
    5. 5
      snowy owl
      139
  • Tell a friend

    Love Neowin? Tell a friend!