DNS forwarding and root hints error.

1,160 · September 21, 2017

Hi All.

My data center provider had to physically move their infrastructure from their existing location to their new buildings. Extensive planning was done and I was involved and on paper, everything should have been fine. However, on first start up on the new location, sysprep ran on several of my servers including our DC's. We recovered from backups to the state just before the move but they were in USN rollback so I involved Microsoft and we were able to recover the domains and ensure replication was working.

I have since been tidying up DNS as we had a site that was unable to access outside sites and have managed to clear all the issues apart from this one from DCDiag /test:DNS

C:\Windows\system32>dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
   Trying to find home server...
   Home Server = ELROND
   * Identified AD Forest.
   Done gathering initial info.
Doing initial required tests
   Testing server: Tonbridge\ELROND
      Starting test: Connectivity
         ......................... ELROND passed test Connectivity
Doing primary tests
   Testing server: Tonbridge\ELROND
      Starting test: DNS
         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ELROND passed test DNS
   Running partition tests on : ForestDnsZones
   Running partition tests on : DomainDnsZones
   Running partition tests on : tonbridge
   Running partition tests on : Schema
   Running partition tests on : Configuration
   Running enterprise tests on : DOMAIN.local
      Starting test: DNS
         Test results for domain controllers:
            DC: ELROND.tonbridge.DOMAIN.local
            Domain: tonbridge.DOMAIN.local

               TEST: Forwarders/Root hints (Forw)
                  Error: All forwarders in the forwarder list are invalid.
                  Error: Both root hints and forwarders are not configured or
                  broken. Please make sure at least one of them works.
         Summary of test results for DNS servers used by the above domain
         controllers:

***SNIPPED AS ALL ROOT HINTS ARE SHOWING THE SAME ERROR, LAST 2 ARE FORWARDERS***

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 202.12.27.33
            DNS server: 4.2.2.1 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 4.2.2.1
            DNS server: 8.8.8.8 (<name unavailable>)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f
ailed on the DNS server 8.8.8.8
         Summary of DNS test results:
                                            Auth Basc Forw Del Dyn RReg Ext
            _________________________________________________________________
            Domain: tonbridge.DOMAIN.local
               ELROND                       PASS PASS FAIL PASS PASS PASS n/a
         ......................... DOMAIN.local failed test DNS

I am currently using public DNS for forwarders on this DNS server, this is temporary while we migrate to a new line over the next few weeks.

I have also tested removing the forwarders and running the tests again but I get the same results, strangely though from the server, browsing is now fine and would suggest forwarding is working? Under the forwarding tab, I have updated and can resolve all the servers so I now have the latest IP addresses and the forwarders also resolve and validate.

Although this appears to be working (I also have a clean DNS event log) I am concerned that further down the line I will have issues that could be resolved now.

1,160 · September 21, 2017

Results from ipconfig /all

Windows IP Configuration

Host Name . . . . . . . . . . . . : ELROND
Primary Dns Suffix . . . . . . . : tonbridge.DOMAIN.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tonbridge.DOMAIN.local
DOMAIN.local

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-0B-56-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.12.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.12.250
DNS Servers . . . . . . . . . . . : 192.168.12.1
192.168.250.5
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{54BEF98A-13EF-402F-8AD6-C895F4FAA6C4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

31,979 · September 21, 2017

what are the root hints..? They should be the default ones..

Here are the root hint servers

http://www.internic.net/domain/named.root

;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache . <file>"
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.cache
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:     August 29, 2017
;       related version of root zone:     2017082901
;
; FORMERLY NS.INTERNIC.NET
;
.                        3600000      NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
A.ROOT-SERVERS.NET.      3600000      AAAA 2001:503:ba3e::2:30
;
; FORMERLY NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
B.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:200::b
;
; FORMERLY C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
C.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:2::c
;
; FORMERLY TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     199.7.91.13
D.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:2d::d
;
; FORMERLY NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
E.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:a8::e
;
; FORMERLY NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
F.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:2f::f
;
; FORMERLY NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
G.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:12::d0d
;
; FORMERLY AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     198.97.190.53
H.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:1::53
;
; FORMERLY NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
I.ROOT-SERVERS.NET.      3600000      AAAA 2001:7fe::53
;
; OPERATED BY VERISIGN, INC.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
J.ROOT-SERVERS.NET.      3600000      AAAA 2001:503:c27::2:30
;
; OPERATED BY RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
K.ROOT-SERVERS.NET.      3600000      AAAA 2001:7fd::1
;
; OPERATED BY ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     199.7.83.42
L.ROOT-SERVERS.NET.      3600000      AAAA 2001:500:9f::42
;
; OPERATED BY WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
M.ROOT-SERVERS.NET.      3600000      AAAA 2001:dc3::35
; End of file

1,160 · September 21, 2017

Those are the ones I have, image shows most but the rest are the same as those in your post.

11,094 · September 21, 2017

See if you can ping or tracert to those dns servers.

1,160 · September 21, 2017

All clear.

C:\Users\Administrator>ping a.root-servers.net

Pinging a.root-servers.net [198.41.0.4] with 32 bytes of data:
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=6ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57
Reply from 198.41.0.4: bytes=32 time=2ms TTL=57

Ping statistics for 198.41.0.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 6ms, Average = 4ms

11,094 · September 21, 2017

what in your configuration is making DNS query this?

            DNS server: 202.12.27.33 (m.root-servers.net.)
               1 test failure on this DNS server
               Name resolution is not functional. _ldap._tcp.DOMAIN.local. f

It should not query domain.local externally....this is where your fail is. I don't know your setup fully, so I can only assume that you don't have AD dns setup properly or you have other issues there. External DNS will never resolve internal names.

1,160 · September 21, 2017

I did notice this and cant find any trace of this in DNS or ADSIEdit, can you point me in the right direction where it may be?

11,094 · September 21, 2017

you aren't going to find it in adsiedit or dns....at least what you are looking for. your system is trying to find your local domain on a external dns...

entries are missing on your dns, dns not setup correctly, replication is not happening. You have to look to see if your dns is replicating properly, eventviewer logs will help here.

1,160 · September 21, 2017

I'm not seeing any replication issues, ran the following on all DC's and the results are all successful, all had the same results.

repadmin /showreps
repadmin /replsum
Repadmin/kcc

Also ran dcdiag /v, no issues her that I can see - Apologies for the lenght).

Directory Server Diagnosis

Performing initial setup:

Trying to find home server...

* Verifying that the local machine ELROND, is a Directory Server.
Home Server = ELROND

* Connecting to directory service on server ELROND.

* Identified AD Forest.
Collecting AD specific global data
* Collecting site info.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectCategory=ntDSSiteSettings),.......
The previous call succeeded
Iterating through the sites
Looking at base site object: CN=NTDS Site Settings,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
Looking at base site object: CN=NTDS Site Settings,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Getting ISTG and options for the site
* Identifying all servers.

Calling ldap_search_init_page(hld,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local,LDAP_SCOPE_SUBTREE,(objectClass=ntDSDsa),.......
The previous call succeeded....
The previous call succeeded
Iterating through the list of servers
Getting information for the server CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=BOROMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=FARAMIR,CN=Servers,CN=Southampton1,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=LEGOLAS,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=GIMLI,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ARAGORN,CN=Servers,CN=Braintree,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=CRUSADER,CN=Servers,CN=Newhaven,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PHANTOM,CN=Servers,CN=Reading,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=HERA,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=ZEUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
Getting information for the server CN=NTDS Settings,CN=PROMETHIUS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
objectGuid obtained
InvocationID obtained
dnsHostname obtained
site info obtained
All the info for the server collected
* Identifying all NC cross-refs.

* Found 12 DC(s). Testing 1 of them.

Done gathering initial info.

Doing initial required tests

Testing server: Tonbridge\ELROND

Starting test: Connectivity

* Active Directory LDAP Services Check
Determining IP4 connectivity
* Active Directory RPC Services Check
......................... ELROND passed test Connectivity

Doing primary tests

Testing server: Tonbridge\ELROND

Starting test: Advertising

The DC ELROND is advertising itself as a DC and having a DS.
The DC ELROND is advertising as an LDAP server
The DC ELROND is advertising as having a writeable directory
The DC ELROND is advertising as a Key Distribution Center
The DC ELROND is advertising as a time server
The DS ELROND is advertising as a GC.
......................... ELROND passed test Advertising

Test omitted by user request: CheckSecurityError

Test omitted by user request: CutoffServers

Starting test: FrsEvent

* The File Replication Service Event log test
......................... ELROND passed test FrsEvent

Starting test: DFSREvent

The DFS Replication Event Log.
Skip the test because the server is running FRS.

......................... ELROND passed test DFSREvent

Starting test: SysVolCheck

* The File Replication Service SYSVOL ready test
File Replication Service's SYSVOL is ready
......................... ELROND passed test SysVolCheck

Starting test: KccEvent

* The KCC Event log test
Found no KCC errors in "Directory Service" Event log in the last 15 minutes.
......................... ELROND passed test KccEvent

Starting test: KnowsOfRoleHolders

Role Schema Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Domain Owner = CN=NTDS Settings,CN=KRONOS,CN=Servers,CN=TechGate,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role PDC Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Rid Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
Role Infrastructure Update Owner = CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local
......................... ELROND passed test KnowsOfRoleHolders

Starting test: MachineAccount

Checking machine account for DC ELROND on DC ELROND.
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local
* SPN found :LDAP/ELROND
* SPN found :LDAP/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
* SPN found :LDAP/d2a64bd3-876f-40b9-bc67-862d63d06e6e._msdcs.DOMAIN.local
* SPN found :E3514235-4B06-11D1-AB04-00C04FC2DCD2/d2a64bd3-876f-40b9-bc67-862d63d06e6e/tonbridge.DOMAIN.local
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local/tonbridge.DOMAIN.local
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local
* SPN found :HOST/ELROND
* SPN found :HOST/ELROND.tonbridge.DOMAIN.local/TONBRIDGE
* SPN found :GC/ELROND.tonbridge.DOMAIN.local/DOMAIN.local
......................... ELROND passed test MachineAccount

Starting test: NCSecDesc

* Security Permissions check for all NC's on DC ELROND.
The forest is not ready for RODC. Will skip checking ERODC ACEs.
* Security Permissions Check for

DC=ForestDnsZones,DC=DOMAIN,DC=local
(NDNC,Version 3)
* Security Permissions Check for

DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
(NDNC,Version 3)
* Security Permissions Check for

DC=tonbridge,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for

CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
(Schema,Version 3)
* Security Permissions Check for

CN=Configuration,DC=DOMAIN,DC=local
(Configuration,Version 3)
* Security Permissions Check for

DC=newhaven,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for

DC=TechGate,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for

DC=Southampton1,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for

DC=braintree,DC=DOMAIN,DC=local
(Domain,Version 3)
* Security Permissions Check for

DC=DOMAIN,DC=local
(Domain,Version 3)
......................... ELROND passed test NCSecDesc

Starting test: NetLogons

* Network Logons Privileges Check
Verified share \\ELROND\netlogon
Verified share \\ELROND\sysvol
......................... ELROND passed test NetLogons

Starting test: ObjectsReplicated

ELROND is in domain DC=tonbridge,DC=DOMAIN,DC=local
Checking for CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local in domain DC=tonbridge,DC=DOMAIN,DC=local on 1 servers
Object is up-to-date on all servers.
Checking for CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local in domain CN=Configuration,DC=DOMAIN,DC=local on 1 servers
Object is up-to-date on all servers.
......................... ELROND passed test ObjectsReplicated

Test omitted by user request: OutboundSecureChannels

Starting test: Replications

* Replications Check
* Replication Latency Check
DC=ForestDnsZones,DC=DOMAIN,DC=local
Latency information for 6 entries in the vector were ignored.
6 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Schema,CN=Configuration,DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
15 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
CN=Configuration,DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
15 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DOMAIN,DC=local
Latency information for 15 entries in the vector were ignored.
6 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=Southampton1,DC=DOMAIN,DC=local
Latency information for 16 entries in the vector were ignored.
7 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=DomainDnsZones,DC=tonbridge,DC=DOMAIN,DC=local
Latency information for 1 entries in the vector were ignored.
1 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=tonbridge,DC=DOMAIN,DC=local
Latency information for 3 entries in the vector were ignored.
3 were retired Invocations. 0 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=braintree,DC=DOMAIN,DC=local
Latency information for 16 entries in the vector were ignored.
7 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=newhaven,DC=DOMAIN,DC=local
Latency information for 10 entries in the vector were ignored.
1 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
DC=TechGate,DC=DOMAIN,DC=local
Latency information for 14 entries in the vector were ignored.
5 were retired Invocations. 9 were either: read-only replicas and are not verifiably latent, or dc's no longer replicating this nc. 0 had no latency information (Win2K DC).
......................... ELROND passed test Replications

Starting test: RidManager

* Available RID Pool for the Domain is 4600 to 1073741823
* ELROND.tonbridge.DOMAIN.local is the RID Master
* DsBind with RID Master was successful
* rIDAllocationPool is 2600 to 3099
* rIDPreviousAllocationPool is 2600 to 3099
* rIDNextRID: 2703
......................... ELROND passed test RidManager

Starting test: Services

* Checking Service: EventSystem
* Checking Service: RpcSs
* Checking Service: NTDS
* Checking Service: DnsCache
* Checking Service: NtFrs
* Checking Service: IsmServ
* Checking Service: kdc
* Checking Service: SamSs
* Checking Service: LanmanServer
* Checking Service: LanmanWorkstation
* Checking Service: w32time
* Checking Service: NETLOGON
......................... ELROND passed test Services

Starting test: SystemLog

* The System Event log test
An error event occurred. EventID: 0x0000272C

Time Generated: 09/21/2017 17:41:32

Event String:

DCOM was unable to communicate with the computer 4.2.2.1 using any of the configured protocols; requested by PID 12fc (C:\Windows\system32\dcdiag.exe).

An error event occurred. EventID: 0x0000272C

Time Generated: 09/21/2017 17:41:53

Event String:

DCOM was unable to communicate with the computer 8.8.8.8 using any of the configured protocols; requested by PID 12fc (C:\Windows\system32\dcdiag.exe).

......................... ELROND failed test SystemLog

Test omitted by user request: Topology

Test omitted by user request: VerifyEnterpriseReferences

Starting test: VerifyReferences

The system object reference (serverReference)

CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

and backlink on

CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

are correct.
The system object reference (serverReferenceBL)

CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

and backlink on

CN=NTDS Settings,CN=ELROND,CN=Servers,CN=Tonbridge,CN=Sites,CN=Configuration,DC=DOMAIN,DC=local

are correct.
The system object reference (frsComputerReferenceBL)

CN=ELROND,CN=Domain System Volume (SYSVOL share),CN=File Replication Service,CN=System,DC=tonbridge,DC=DOMAIN,DC=local

and backlink on

CN=ELROND,OU=Domain Controllers,DC=tonbridge,DC=DOMAIN,DC=local

are correct.
......................... ELROND passed test VerifyReferences

Test omitted by user request: VerifyReplicas

Test omitted by user request: DNS

Running partition tests on : ForestDnsZones

Starting test: CheckSDRefDom

......................... ForestDnsZones passed test CheckSDRefDom